I messed up permissions. Can I fix them?

NJMorf

Explorer
Joined
Aug 9, 2017
Messages
53
TLDR version: I messed up the permissions on my only volume. Is there any way to fix it without deleting and recreating the volume?

My system's running FreeNAS 11.2, having upgraded in-place from 11.1. A few days/weeks ago I was notified that there was an update to 11.2.U4: I left it for a few days, then installed it yesterday. Today I noticed that two of my plugins weren't working (Nextcloud and Resilio, both installed pre-11.2). Here's where I got stupid.

I frequently find that my Windows PCs are restricted to read-only access when I try to delete or rename files in my various datasets (media, backups, Windows file history, etc.). The solution has always been to recursively reset the permissions from the root of the dataset (I've never managed to work out the root cause, but this usually fixes things for a few weeks). For some reason, I thought my new problem was caused by something similar, so I tried doing the same thing with the jails for the plugins. This did nothing, so (here's the dumb part) I did the same thing at the volume level. This didn't help either, so I figured I'd just delete the jails and recreate them using the new FreeNAS interface. This failed, with an error message about the permissions (775 at this point) being too lax. I therefore tried to change the permissions for the jails to something more restrictive (I think I tried 755, 770 and maybe 750).

A little googling has revealed that I've almost certainly screwed everything up by forcing those permission changes. I therefore apologise to anyone reading this for wasting their time with my stupidity and ask humbly for advice on fixing it.

I immediately gave up on Nextcloud and Resilio, as my use of both of them is pretty simple and, once I'm able to get plugins running again, won't take long to set up again. Plex is more of a problem, but since I'd already followed some tips here and separated the Plex server data from the server installation (data's held in a separate dataset outside of the jails set), I figure I've got a reasonable chance of getting that running again without losing too much data. I assume that my media/backups/etc. datasets won't really care that much about file permissions (I should note that this is a home server, I'm the only user, and it's not accessible from outside of my home LAN) so hopefully I can just leave them in whatever state they're in now.

I deleted the existing Plex application jail and tried to reinstall it the way I'd installed it before, in a manual jail rather than as a plugin. I assumed that this would set permissions to whatever the default values are in a new jail, which would hopefully fix the problem. However, after creating the jail, I opened a shell in it and was presented with nothing: none of the usual messages, no prompt, no flashing cursor. I tried to install the plugin version instead and that failed, again saying permissions were too lax.

I then found this thread and tried the suggestion in the second post. This didn't seem to make a difference (and based on other threads, I suspect that any fix would probably have been temporary and error-prone anyway). I then tried the suggestion in the fourth post, which seemed better, in that the plugin actually installed, but now I can't get Plex to run.

I've never knowingly used iocage for anything, but I understand that it's what's used for plugins these days. Can I delete its dataset and get FreeNAS to recreate it? Will that fix the permissions for that new iocage/jails datasets/subdirectories?

Assuming that I can get Plex installed (either plugin or manual jail) and running, I'm hoping that I can reuse my existing plexdata dataset so that I don't lose my database and planned recordings. If I get Plex running as a new installation, then copy over the pertinent files from the old dataset, will they keep whatever (probably wrong) permissions they have, or inherit the permissions of the dataset/directory they're written to?

Worst case scenario: I assume I could just delete the volume and all of its contents and create them from scratch - am I right? I've got enough spare hard drives that I could start copying the data off of the volume, but it'd take a lot of drive swapping and time (there's about 4TB of data I'd need to rescue), so any solution that keeps my main datasets intact would be preferable.

Thanks in advance.
 

NJMorf

Explorer
Joined
Aug 9, 2017
Messages
53
Yes, but probably not in an ideal manner. I deleted and recreated the jails, which I assumed would set permissions up correctly again, and seems to have worked. I assumed that permissions were generally irrelevant on the main volumes, as long as the users and groups I'd set up were able to access them, so I set permissions and owners on each of them that seemed to make sense to me: they're all accessible again from the apps running in the jails.

I did have some problems getting Windows to correctly access the shares again, most notably the dataset I'd set up for Windows File History: even after Windows itself was able to access the Samba shares without problem, FileHistory was claiming that my credentials were not acceptable. I had to delete the credentials on each PC and then log back in again, and even after I had, FileHistory wasn't able to work with the existing backups. I ended up wiping them all and setting the the FileHistory jobs up again.
 

alexisr73

Explorer
Joined
Oct 21, 2019
Messages
51
Hi, I'm answering today because I did it too by mistake ...

Before upgrading to from 11.2 U8 to 11.3, I was making some clean on my dataset organization and permissions related to.

As I now create a new dataset tree, I was able to perform a massive reset of permission according to what I was suppose to authorize or not. But always looking for a better organization, I messed up rights by applying my wanted permissions not on the dataset as supposed but on the root pool ... I didn't make any configuration backup before.

Following this, my plex jail wasn't working at all. I tried to uninstall and reinstall it with GUI but I can't even install it anymore. My qbittorrent jails seems unaffected as it uses root by default to work.

Trying to recover the problem, I made a fresh install of freenas 11.3, thinking I'll make my configuration from the begining without mistake, but I was unable to import my pool (not even seeing it !)

So I've now restored a configuration backup took just before 11.3 upgrade. I recovered by pool, but still unable to install plex ...

I'm running out of idea how I can fix it.

Please suggest me, I really need help on this case.
 

Yorick

Wizard
Joined
Nov 4, 2018
Messages
1,912
You can delete the iocage dataset and have it recreated. Take a snapshot before you do, and copy out any data from the plugins you want to keep.

Then reinstall. Either as a plugin, or with a script as a general jail. Btw, hardware transcode in Plex works best as a jail. A plugin may remove the needed intel media package on plugin update.
 

alexisr73

Explorer
Joined
Oct 21, 2019
Messages
51
Thank's Ill do that. And have you any suggestion on how I could make a fresh install of 11.3 and import my existing pool as it is not seen neither by GUI nor by zpool utilities ? :(
 

Yorick

Wizard
Joined
Nov 4, 2018
Messages
1,912
Ah, not seeing your pool is a major issue. If you can’t see your pool, iocage is also not visible.
Reinstalling 11.3 isn’t difficult: Take config backup, reinstall 11.3, restore config backup. Quick and easy. If your pool was encrypted, that backup needs to contain the secret key.

As for troubleshooting a pool that won’t show up: Over to more experienced people.
 

alexisr73

Explorer
Joined
Oct 21, 2019
Messages
51
Thank's for suggestion.

I successfully backed up some data from Qbittorrent jail, umount storage locations on the main dataset, and then deleted the Qbittorrent jail. Then I deleted the entire iocage dataset and reinstall freenas 11.3.

I had the possibility to import the existing pool ! Very good news.

I hate myself configuring from the beginning the new installation.

One last problem, I can't list resources from plugins as shown below ... Any idea ?

1584796974353.png
 

alexisr73

Explorer
Joined
Oct 21, 2019
Messages
51
And I still have my customs user/group set on my root dataset ... I'm afraid it will bring lots of problems. I can't find any way to reset default permission following a new pool creation
 

alexisr73

Explorer
Joined
Oct 21, 2019
Messages
51
Never mind ! I followed a clue about browser cache that would be the root cause of this problem.

Opening with Google Chrome --> Worked
Clear browser cache and reopen with Opera GX --> Worked !

Don't know why, but I do care if anyone has an idea !

Thank you very much for your help Yorick. I still have some configuration problems but I think I can handle this by myself now.
 

azio

Dabbler
Joined
Nov 5, 2016
Messages
15
Yes. Also, if like me you accidentally chowned a new ZFS mount post migration and trashed your plugin jails in iocage; try;

chown -R root:wheel /mnt/yourpool/iocage
chown -R 972:wheel /mnt/yourpool/iocage/jails/plex/root/var/run/plex (or whatever may be your executable/plugin running in jail).

Where 972 is the uid of the container plugin (plex in my case).

If you also changed the chmod, properties I'm not sure, but this fixed my containers after having gained some experience with it.

A
 
Top