SyncThing - Directory Access Denied

[Spencer Skinner]

did you change the user syncthing runs as, or add the syncthing user to the admin group like I proscribed earlier?

I hadnt done anything in that data i sent you, that was the error i was getting. ive done a fresh install of the plugin.

To confirm, can i just do this by adding the group rather than the specific user?

 

[Joshua Parker Ruehlig]

I hadnt done anything in that data i sent you, that was the error i was getting. ive done a fresh install of the plugin.

To confirm, can i just do this by adding the group rather than the specific user?

yes with 77X permissions you can do either. one is implementing Solution #2, the other Solution #3

 

[Spencer Skinner]

yes with 77X permissions you can do either. one is implementing Solution #2, the other Solution #3

Right because the easiest way for me to sync all this stuff is using a group permission with 'admin'. So do i need to use solution 2 at any point because thats specifically for users isnt it?

 

[Joshua Parker Ruehlig]

Right because the easiest way for me to sync all this stuff is using a group permission with 'admin'. So do i need to use solution 2 at any point because thats specifically for users isnt it?

you do not

 

[Spencer Skinner]

you do not

Right good that means i havent been getting that wrong so far

to confirm the syncthing users name is just syncthing
So this command is correct
pw groupmod admin -m syncthing

 

[Spencer Skinner]

To follow on here is what ive done immediatley after installing the plugin

Code:

[root@freenas ~]# jls                                                                                                               
   JID  IP Address      Hostname                      Path                                                                         
     1  -               plexmediaserver_1             /mnt/AlphaVolume/jails/plexmediaserver_1                                     
     2  -               syncthing_1                   /mnt/AlphaVolume/jails/syncthing_1                                           
[root@freenas ~]# jexec 2 tcsh                                                                                                     
root@syncthing_1:/ # mkdir /media/collegesync                                                                                       
root@syncthing_1:/ # chmod -R 770 /media/collegesync                                                                               
root@syncthing_1:/ # pw groupadd -n admin -g 1001                                                                                   
root@syncthing_1:/ # pw groupmod admin -m syncthing                                                                                 
root@syncthing_1:/ # ls -l /                                                                                                       
total 162                                                                                                                           
-rw-r--r--   2 root  wheel   966 Mar 25  2016 .cshrc                                                                               
drwxr-xr-x   2 root  wheel     4 Feb  3 21:50 .plugins                                                                             
-rw-r--r--   2 root  wheel   254 Mar 25  2016 .profile                                                                             
-r--r--r--   1 root  wheel  6197 Mar 25  2016 COPYRIGHT                                                                             
drwxr-xr-x   2 root  wheel    47 Mar 25  2016 bin                                                                                   
drwxr-xr-x   8 root  wheel    50 Mar 25  2016 boot                                                                                 
dr-xr-xr-x  11 root  wheel   512 Feb  3 21:49 dev                                                                                   
drwxr-xr-x  23 root  wheel   107 Feb  3 21:57 etc                                                                                   
drwxr-xr-x   3 root  wheel    52 Mar 25  2016 lib                                                                                   
drwxr-xr-x   3 root  wheel     5 Mar 31  2016 libexec                                                                               
drwxr-xr-x   3 root  wheel     3 Feb  3 21:53 media                                                                                 
drwxr-xr-x   2 root  wheel     2 Mar 25  2016 mnt                                                                                   
dr-xr-xr-x   1 root  wheel     0 Feb  3 21:57 proc                                                                                 
drwxr-xr-x   2 root  wheel   146 Mar 25  2016 rescue                                                                               
drwxr-xr-x   2 root  wheel     6 Mar 25  2016 root                                                                                 
drwxr-xr-x   2 root  wheel   132 Mar 25  2016 sbin                                                                                 
lrwxr-xr-x   1 root  wheel    11 Mar 25  2016 sys -> usr/src/sys                                                                   
drwxrwxrwt   6 root  wheel     6 Feb  3 21:50 tmp                                                                                   
drwxr-xr-x  15 root  wheel    15 Feb  3 21:50 usr                                                                                   
drwxr-xr-x  25 root  wheel    25 Feb  3 21:49 var                                                                                   
root@syncthing_1:/ # ls -l /media                                                                                                   
total 1                                                                                                                             
drwxrwx---  2 root  wheel  2 Feb  3 21:53 collegesync                                                                               
root@syncthing_1:/ # chown syncthing:admin /media/collegesync                                                                       
root@syncthing_1:/ # ls -l /media                                                                                                   
total 1                                                                                                                             
drwxrwx---  2 syncthing  admin  2 Feb  3 21:53 collegesync                                                                         
root@syncthing_1:/ #          

 

[Joshua Parker Ruehlig]

command looks good to me

 

[Spencer Skinner]

command looks good to me

Right ive just toyed about with it a bit more i think ive established that the issue is not down to the permissions within the jail etc. It is in fact to do with the permissions of the directory i am actually writing to. I get the feeling its due to some forced recursive permissions i set on the parent datatset when i first tried it.

Sorry for all of this, as you can tell im quite useless sometimes ahaha. But none the less i appreciate your help enormously

 

[Wisdom]

Right ive just toyed about with it a bit more i think ive established that the issue is not down to the permissions within the jail etc. It is in fact to do with the permissions of the directory i am actually writing to. I get the feeling its due to some forced recursive permissions i set on the parent datatset when i first tried it.

Sorry for all of this, as you can tell im quite useless sometimes ahaha. But none the less i appreciate your help enormously

I'm in pretty much exactly the same boat as you currently. I apologize for necro'ing this a little, but did you happen to come up with a solution? My permission problem is with writing to the target folders, even though my user has been added to the folder's owner group. Even trying to chmod/chown through the process just turns up Operation not permitted errors!

 

[Joshua Parker Ruehlig]

I'm in pretty much exactly the same boat as you currently. I apologize for necro'ing this a little, but did you happen to come up with a solution? My permission problem is with writing to the target folders, even though my user has been added to the folder's owner group. Even trying to chmod/chown through the process just turns up Operation not permitted errors!

Can you show the permissions with the following command in your jail...

Code:

ls -l /path/to/folder

You talk about adding a user to a group. Do notice the second point under FACTS here.
https://forums.freenas.org/index.ph...plugins-write-permissions-to-your-data.27273/
Group mapping in FreeNAS do not affect a process in the jails ability to write to folders, since FreeNAS and the jail have seperate user-group mappings.

 

[Wisdom]

Can you show the permissions with the following command in your jail...

Code:

ls -l /path/to/folder

Code:

root@syncthing_1:/ # ls -l /media/Wisdom/
total 134
drwxrwxr-x+  2 1001  Wisdom  3 Feb 28 12:58 .ssh
drwxrwxr-x+  3 1001  Wisdom  3 Jan  8 19:21 AppData Duplicate
drwxrwxr-x+ 10 1001  Wisdom  11 May 20 14:18 Documents
drwxrwxr-x+  9 1001  Wisdom  9 Jan  8 19:18 Downloads
drwxrwxr-x+ 14 1001  Wisdom  14 Jan  8 19:18 Game Saves
drwxrwxr-x+  3 1001  Wisdom  15 May 20 00:09 Installation Suite
drwxrwxr-x+ 14 1001  Wisdom  15 Apr 15 22:38 Pictures
drwxrwxr-x+  5 1001  Wisdom  6 May 20 01:43 Rainmeter
drwxrwxr-x+  2 1001  Wisdom  2 May 20 17:19 Test
drwxrwxr-x+  4 1001  Wisdom  6 Feb 14 00:40 Videos
drwxrwxr-x+  3 1001  Wisdom  11 Feb 27 15:00 WisdomSSH
root@syncthing_1:/ #

As you can see, I'm dealing with windows permissions on top of unix stuff right now, so that adds to the complication. I know you don't deal with that sort of stuff, but it bears mentioning.

You talk about adding a user to a group. Do notice the second point under FACTS here.
https://forums.freenas.org/index.ph...plugins-write-permissions-to-your-data.27273/
Group mapping in FreeNAS do not affect a process in the jails ability to write to folders, since FreeNAS and the jail have seperate user-group mappings.

I've combed through this thread and followed all the suggestions that have been made, including associating users and groups again within the jail, as per solution three of the thread you linked. 1001 is the GUI for Wisdom, the owner of the dataset. syncthing, the user (983) has been associated both on the jail and FreeNAS sides of things.

 

[Joshua Parker Ruehlig]

Code:

root@syncthing_1:/ # ls -l /media/Wisdom/
total 134
drwxrwxr-x+  2 1001  Wisdom  3 Feb 28 12:58 .ssh
drwxrwxr-x+  3 1001  Wisdom  3 Jan  8 19:21 AppData Duplicate
drwxrwxr-x+ 10 1001  Wisdom  11 May 20 14:18 Documents
drwxrwxr-x+  9 1001  Wisdom  9 Jan  8 19:18 Downloads
drwxrwxr-x+ 14 1001  Wisdom  14 Jan  8 19:18 Game Saves
drwxrwxr-x+  3 1001  Wisdom  15 May 20 00:09 Installation Suite
drwxrwxr-x+ 14 1001  Wisdom  15 Apr 15 22:38 Pictures
drwxrwxr-x+  5 1001  Wisdom  6 May 20 01:43 Rainmeter
drwxrwxr-x+  2 1001  Wisdom  2 May 20 17:19 Test
drwxrwxr-x+  4 1001  Wisdom  6 Feb 14 00:40 Videos
drwxrwxr-x+  3 1001  Wisdom  11 Feb 27 15:00 WisdomSSH
root@syncthing_1:/ #

As you can see, I'm dealing with windows permissions on top of unix stuff right now, so that adds to the complication. I know you don't deal with that sort of stuff, but it bears mentioning.



I've combed through this thread and followed all the suggestions that have been made, including associating users and groups again within the jail, as per solution three of the thread you linked. 1001 is the GUI for Wisdom, the owner of the dataset. syncthing, the user (983) has been associated both on the jail and FreeNAS sides of things.

If the syncthing user is in the Wisdom group then you have done solution #3 correctly and it is likely windows ACLs coming into play.

you could try writing as the syncthing user directly to verify with...
su -m syncthing -c 'touch /media/Wisdom/touch.test'

 

[Wisdom]

So, just running

Code:

su -m syncthing -c 'touch /media/Wisdom/touch.test'

just returns a new line.

However, trying to get more specific causes this:

Code:

root@syncthing_1:/ # su -m syncthing -c 'touch /media/Wisdom/Documents/Extraneous Documents'
touch: Documents: Permission denied
root@syncthing_1:/ #

Thoughts?

 

[Joshua Parker Ruehlig]

So, just running

Code:

su -m syncthing -c 'touch /media/Wisdom/touch.test'

just returns a new line.

However, trying to get more specific causes this:

Code:

root@syncthing_1:/ # su -m syncthing -c 'touch /media/Wisdom/Documents/Extraneous Documents'
touch: Documents: Permission denied
root@syncthing_1:/ #

Thoughts?

Was /media/Wisdom/touch.test actually created?

I have a feeling the command you wrote, because of the space is trying to write a file '/media/Wisdom/Documents/Extraneous' and a file '/Documents'

 

[Wisdom]

Was /media/Wisdom/touch.test actually created?

Oh snap, yes, it was. I didn't even think to test (clearly, you can tell I have a really deep understanding of writing unix based code...)

I have a feeling the command you wrote, because of the space is trying to write a file '/media/Wisdom/Documents/Extraneous' and a file '/Documents'

Interesting. I hadn't considered this, do you imagine there might be an issue in running syncthing, while trying to point to this folder?

Edit: actually, it did do something: there's a new file, Extraneous, in the Documents folder. So I guess it wasn't completely failing after all.

However, when I tried to drop a new file into the home folder (configured to be send only), and checked to see if it had made it into FreeNAS, all I've found is that it's copied a .tmp version of the same thing. The files still technically work, so long as I open them with the right application (text documents with Sublime, pdfs with Acrobat, etc), but I'm not sure if they'll actually persist on the server, being temp files, or how well I could recover from them, if something ends up happening to the originals.

Eventually, I'd like to use this to be able to create regular images of my C drive and back them up automatically, in case I bork something with my OS and need to roll everything back, but if the files aren't configured correctly because syncthing doesn't copy them right, then I'd be SOL.

 

[Joshua Parker Ruehlig]

so, files were successfully written by syncthing? which I assume means permissions are not an issue.

is synchting still complaining it can not write to that directory? And where was the .tmp file written? Can you show 'ls -l /path/to/directory'

 

[Wisdom]

I would use the term "successfully" lightly. Here's a more specific example:

My file tree that I'm trying to duplicate has been mirrored between my C drive and FreeNAS. So, if I head to

Code:

C:\Documents\Test\

and make something with content, like

Code:

test.txt

, then I can look in

Code:

/media/Wisdom/Documents/Test

. However, what I'll find is

Code:

.syncthing.test.txt.tmp

. I need to tell my computer what to use when I'm opening it, and I can't just set some kind of global standard - it does this will every kind of file type I try to copy, from mp3s to pdfs to pngs. The upside is that once I use the right program, then the original contents of test.txt have been transferred over, it just takes some extra work to get there.

Using this example, we're looking at this:

Code:

root@syncthing_1:/ # ls -l /media/Wisdom/Documents/Test
total 1
-rwxrwxr-x+ 1 syncthing  Wisdom  0 May 23 00:04 .stfolder
-rwxrwxr-x+ 1 syncthing  Wisdom  19 May 23 00:04 .syncthing.test.txt.tmp
root@syncthing_1:/ #

When I looked in syncthing, after pairing the two folders together, despite update the .tmp file, syncthing still thinks that it's out of date (and realistically, it is, since it's not a complete copy of the original). However, looking at the error syncthing is reporting, it says specifically

Code:

chmod /media/Wisdom/Documents/Test/.syncthing.test.txt.tmp: operation not permitted

If I manually try to chmod anything inside that folder, even after elevating (in particular, as you described earlier in this thread for the previous user), I get a whole pile of operation not permitted errors. To this end, I've tried toggling permit sudo permissions for different users and groups and it hasn't seen to make a difference, though I suspect that may be due to changing the permissions on the FreeNAS-facing side of the group interface, rather than actually changing how the group behaves within the jail.

 

[Joshua Parker Ruehlig]

syncthing has permissions to write to that folder since it can write those .tmp files. I believe is breaking when it tries to change file permissions and Windows ACLs are not allowing it to.

 

[Wisdom]

syncthing has permissions to write to that folder since it can write those .tmp files. I believe is breaking when it tries to change file permissions and Windows ACLs are not allowing it to.

Well, I know that isn't your area of expertise, but do you have any pointers for where I might go from here? Because I'm really not sure how to change things.

 

[Joshua Parker Ruehlig]

I have read people who have removed them before with some command. But that's as much as I know.