Monkey_Demon
Explorer
- Joined
- Nov 11, 2016
- Messages
- 85
I have several directories in a pool called Volume1, and I want to access 3 of them in a jail. In the FreeNAS shell they are:
A jail, rclone, has a directory at /mnt/Backup that belongs to root and has group wheel. Each of the three directories above is mounted as a mount point under Backup. E.g., the source at /mnt/Volume1/Documents is mounted at the destination /mnt/Volume1/iocage/jails/rclone/root/mnt/Backup/Documents.
Now here's where I get lost. If the rclone jail's root issues
Section 15.3.3 of The Fine Manual (11.3-RELEASE) discusses the workflow for using mount points in jails. Item 1 in the workflow description begins:
Now I suppose I could create a dummy user and group, "rclone," and add this user to the webdav, media, and users groups. And then have this rclone user run everything in the jail. (I'm not completely sure how. Put
Continuing with the manual's instructions, Item #4 says:
Let's deconstruct this a bit:
And exactly what is the "user and group account" to which this refers? Is it the nonexistant user and group account that rclone was assumed to create and join but did not? Is it one of the users or groups defined in the system's /etc/passwd and /etc/groups files?
Please help me make sense of this. Or at least tell me how to make this work as intended.
- /mnt/Volume1/Documents (webdav, webdav),
- /mnt/Volume1/Media (media, media),
- and /mnt/Volume1/Users (root, users).
A jail, rclone, has a directory at /mnt/Backup that belongs to root and has group wheel. Each of the three directories above is mounted as a mount point under Backup. E.g., the source at /mnt/Volume1/Documents is mounted at the destination /mnt/Volume1/iocage/jails/rclone/root/mnt/Backup/Documents.
Now here's where I get lost. If the rclone jail's root issues
ls -l -R /mnt/Backup
within the rclone jail, one gets a listing including all the directories in the directory tree but no files. However, if one does this from the system shell, using ls -l -R /mnt/Volume1
or, e.g., ls -l -R /mnt.Volume1/Documents
instead, one gets a much longer output showing files as well as directories. I believe the problem is related to permissions and to user and group memberships, but I don't know how to fix this.Section 15.3.3 of The Fine Manual (11.3-RELEASE) discusses the workflow for using mount points in jails. Item 1 in the workflow description begins:
- Determine the name of the user and group account used by the application. For example, the installation of the transmission application automatically creates a user account named transmission and a group account also named transmission. When in doubt, check the files /etc/passwd ....
Now I suppose I could create a dummy user and group, "rclone," and add this user to the webdav, media, and users groups. And then have this rclone user run everything in the jail. (I'm not completely sure how. Put
su rclone
in the .login file?) But is this really the best way?Continuing with the manual's instructions, Item #4 says:
If the jail accesses existing data, edit the permissions of the pool or dataset so the user and group accounts have the desired read and write access. If multiple applications or jails are to have access to the same data, create a new group and add each needed user account to that group.
Let's deconstruct this a bit:
- "Edit the permissions of the pool or dataset" -- since these exist outside the jail, I presume this means we're to do so from the FreeNAS GUI.
- But reading on, "so the user and group accounts have the desired read and write access." What accounts are these? And if they're the users and groups of the children of, say, the Documents dataset, these children already have the desired permissions based on existing usernames and groups.
- "If multiple applications or jails are to have access to the same data, create a new group and add each needed user account to that group." In this case, yes multiple applications or jails are to have access (e.g., both rclone and plex need to access the files under Media). Then "add each needed user account to that group." Huh? What are the needed user accounts? Plex and rclone? And what if one of these needs rw permission, while the other must be confined to only r permission? And what if different users of the FreeNAS system have access to one of these jails (e.g., all users on the system can access the plex jail.) Are they the "needed users" to whom TFM alludes?
And exactly what is the "user and group account" to which this refers? Is it the nonexistant user and group account that rclone was assumed to create and join but did not? Is it one of the users or groups defined in the system's /etc/passwd and /etc/groups files?
Please help me make sense of this. Or at least tell me how to make this work as intended.