[How-To] Giving Plugins Write Permissions to Your Data

Status
Not open for further replies.

Cytomax

Explorer
Joined
Nov 29, 2015
Messages
67
Im running the latest version FreeNAS-9.10.1-U2 (f045a8b)

I completely deleted all my plugins and nuked my jails folder...

Restarted FreeNAS and reinstalled the latest version of emby

Im accessing emby from a Windows 7 Pro box

Long Story Short
emby does not have permission to add the metadata to the media folders UNLESS i add the Everyone Account and give full access read write access....

I tried solution 2 and it nuked emby where it wouldnt start...

I tried solution 3 but it doesnt seem to work

pw groupadd -n emby -g 983

pw groupmod emby -m emby

I added full permission to the share for emby it doesnt work...
for some reason my windows permissions dont "stick" ill add emby it adds the permission but then i go back and its missing...

Ive been at this a little too long and my brain is mush and all i know is nothing works apart from put EVERYONE with full access

This is not on a domain its a workgroup
 

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
Im running the latest version FreeNAS-9.10.1-U2 (f045a8b)

I completely deleted all my plugins and nuked my jails folder...

Restarted FreeNAS and reinstalled the latest version of emby

Im accessing emby from a Windows 7 Pro box

Long Story Short
emby does not have permission to add the metadata to the media folders UNLESS i add the Everyone Account and give full access read write access....

I tried solution 2 and it nuked emby where it wouldnt start...

I tried solution 3 but it doesnt seem to work

pw groupadd -n emby -g 983

pw groupmod emby -m emby

I added full permission to the share for emby it doesnt work...
for some reason my windows permissions dont "stick" ill add emby it adds the permission but then i go back and its missing...

Ive been at this a little too long and my brain is mush and all i know is nothing works apart from put EVERYONE with full access

This is not on a domain its a workgroup
My steps assume windows ACLs are not enabled. I don't know about them so these steps may not work if they are there.

Can you show the output of 'ls -l /path/to/media/folders' from the emby jail.
 

Cytomax

Explorer
Joined
Nov 29, 2015
Messages
67
Man thats a fast reply... i just nuked the emby jail again to start from scratch.... itll take around 20 min before i get you the output you are looking for
 

Cytomax

Explorer
Joined
Nov 29, 2015
Messages
67
well its getting extremely late and i wont be able to finish tonight but i think my big problem is the following.
the data set was created by USER eddie in GROUP freenas
i created an extra GROUP emby and USER emby
When adding permissions in windows
I can add USER eddie and GROUP freenas
I can add USER emby
but
i cant add GROUP emby for some reason....
i changed my samba to allow the latest version... and i am currently installing a Windows 10 in a VM to see if i can add GROUP emby maybe its a windows 7 thing
 

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
well its getting extremely late and i wont be able to finish tonight but i think my big problem is the following.
the data set was created by USER eddie in GROUP freenas
i created an extra GROUP emby and USER emby
When adding permissions in windows
I can add USER eddie and GROUP freenas
I can add USER emby
but
i cant add GROUP emby for some reason....
i changed my samba to allow the latest version... and i am currently installing a Windows 10 in a VM to see if i can add GROUP emby maybe its a windows 7 thing
Well when you want help answer the question I asked earlier.
 

Cytomax

Explorer
Joined
Nov 29, 2015
Messages
67
Logged in to the jail as the default

root@emby_1

ls -l /media/Movies

drwxrwxrwx+ 4 1001 1001 14 Nov 5 17:44 NAMEOFMOVIE

All the movies in the list show
Permissions drwxrwxrwx+
Links to file range from 1 - 4
Amount of files within directory range from 1 to 14

UID of 1001
GID of 1001


If i create a file through the jail
touch /media/Movies/example.txt

-rwxrwxrwx+ 1 root 1001 0 Nov 6 07:24 example.txt

everything is working perfect now but..... i have permissions set for everyone for full access

++++++++++++++++++++++++++++++++++++++++++

My dataset called windowsset is what my Movies share is under in Freenas
UID is eddie 1001
GID is freenas 1001

I was unsuccessful in adding GROUP emby (GID 983) to my share using Windows 10 VM

For some reason if i create any GROUP in Freenas i can add it the share but i cant add GROUP emby to the share and i have tried to delete and recreate the group but still no luck

I created another GROUP Billy GID 1002 and i was able to add it to the windows share no problem

I created another GROUP willy GID 984 and i was able to add it to the windows share no problem

Its wierd i cant add GROUP emby

thanks again for helping out
 

WIRLYWIRLY

Cadet
Joined
Mar 29, 2015
Messages
4
Hey, thanks for this guide. I'm just starting out on FreenNas and this helped me get Transmission working without leaving guest access open. I used solution 2.

However, I am trying to do the same thing for plexmediaserver, again using Solution #2, but when I go to put in...
Code:
chown -R Plex:Plex /var/db/plexdata


I get a response that the folder is not found. Same thing when I try plexmediaserver instead of plexdata. I used ls to check what folders where in the /var/db directory and neither of them exist. Any idea where I should set the target for? Like I said im new at this and don't want to mess anything up that I don't know much about. I'm using the latest version of FreeNas and I just installed the Plex plugin. Thanks in advance!
 

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
Hey, thanks for this guide. I'm just starting out on FreenNas and this helped me get Transmission working without leaving guest access open. I used solution 2.

However, I am trying to do the same thing for plexmediaserver, again using Solution #2, but when I go to put in...
Code:
chown -R Plex:Plex /var/db/plexdata


I get a response that the folder is not found. Same thing when I try plexmediaserver instead of plexdata. I used ls to check what folders where in the /var/db directory and neither of them exist. Any idea where I should set the target for? Like I said im new at this and don't want to mess anything up that I don't know much about. I'm using the latest version of FreeNas and I just installed the Plex plugin. Thanks in advance!
Did you already start plex?
 

JamesT42

Dabbler
Joined
Jan 11, 2017
Messages
13
Is it possible that something changed regarding the UID of the "media" user?
For example, in a recent sonarr installation:
Code:
root@sonarr_2:/ # id media
uid=8675309(media) gid=8675309(media) groups=8675309(media)

As you can see, the media user doesn't have UID 816 any more.
Any ideas why?
 

Cheejyg

Dabbler
Joined
Dec 11, 2016
Messages
31
Is it possible that something changed regarding the UID of the "media" user?
For example, in a recent sonarr installation:
Code:
root@sonarr_2:/ # id media
uid=8675309(media) gid=8675309(media) groups=8675309(media)

As you can see, the media user doesn't have UID 816 any more.
Any ideas why?
Could be a script in the sonarr installation that changes the UID of media, it's quite easy to change the user id
Code:
pw usermod media -u 8675309
 

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
Is it possible that something changed regarding the UID of the "media" user?
For example, in a recent sonarr installation:
Code:
root@sonarr_2:/ # id media
uid=8675309(media) gid=8675309(media) groups=8675309(media)

As you can see, the media user doesn't have UID 816 any more.
Any ideas why?
I'm not sure, I noticed my FreeNAS host had a built in media user added, which makes things confusing, but not sure how that ended up in your jail.
 

Cheejyg

Dabbler
Joined
Dec 11, 2016
Messages
31
Is it possible that something changed regarding the UID of the "media" user?
For example, in a recent sonarr installation:
Code:
root@sonarr_2:/ # id media
uid=8675309(media) gid=8675309(media) groups=8675309(media)

As you can see, the media user doesn't have UID 816 any more.
Any ideas why?
Did you install Plex Media Server?

...
Dec 21 06:06:25 FREENAS manage.py: [common.pipesubr:66] Popen()ing: /usr/sbin/chroot '/mnt/FREENAS_RAID/jails/plexmediaserver_1' /usr/sbin/pw groupadd 'media' -g '8675309'
Dec 21 06:06:25 FREENAS manage.py: [common.pipesubr:66] Popen()ing: /usr/sbin/chroot '/mnt/FREENAS_RAID/jails/plexmediaserver_1' /usr/sbin/pw useradd 'media' -u '8675309' -g 'media'
...


was found in my logs
 

Carbon658

Cadet
Joined
Jan 14, 2015
Messages
2
I am having the same issue and I think that somewhere in the updates to 9.10 (or on a fresh install) that the media user ID has changed to 8675309 from 816.

I'm trying to get Sabnzbd set up and it is hanging on changing the permissions to 777 on downloads that reside on a CIFS share. I followed instructions for step 3 and the file is downloaded as media:access. It doesn't seem to be causing an actual issue with moving the files around the way I have groups set. I suspect it has to do with the way that CIFS and NFSv4 deal with chmod. I'm a newbie to this but have spent hours combing forums for a reliable solution.
 

tomcat1

Cadet
Joined
Feb 1, 2017
Messages
4
Trying to sort out my own Transmission permission issues and i can't get any of OP's solutions to work. Solution 2 and 3 tell me my chosen id "has already been allocated". Getting extremely aggravated since i've now started over completely at least 30 times.
 

BBarker

Contributor
Joined
Aug 7, 2015
Messages
120
Trying to sort out my own Transmission permission issues and i can't get any of OP's solutions to work. Solution 2 and 3 tell me my chosen id "has already been allocated". Getting extremely aggravated since i've now started over completely at least 30 times.

It would be a good idea to post the specs of your Freenas hardware for starters.


Sent from my iPhone using Tapatalk Pro
 

ric

Contributor
Joined
Dec 22, 2013
Messages
180
In order for your plugin to be able to write to your data datasets/folders it must have..
  1. access to your data dataset/folders
  2. permissions to write to your data folders.

1) MAKING DATA ACCESSIBLE TO YOUR PLUGIN'S JAIL

  • It is preferred that your data reside on a dataset(s) outside of your jail that you regularly snapshot and backup.
  • FreeNAS plugins, by default, have no access to files residing outside of its jail.
2) PERMISSIONS
Choose one of the 4 solutions to give your plugin write permission to your data folders.

FACTS

  • Every folder/file has a UNIX permission level, UID ownership, and GID ownership, which determines which user/group members can read/write to that folder/file. Basic UNIX permissions are described in the opening part of Chapter 4, Part 4, of the FreeBSD handbook.
  • Jails and the FreeNAS host do not share user/group databases. They only associate UIDs/GIDs to users/groups if that mapping exists in it's particular user/group database.
  • Processes running inside a jail's userland (plugins) are permitted to read/write files/folders according to the jail's user/group database.
  • By default, most plugins run as a specific user, with a specific UID, and keep their configuration/databases/logs in what I will refer to as a data-directory.
    • SERVICE - USER (UID) - DATA-DIRECTORY
    • transmission - transmission (921) - /var/db/transmission
    • sabnzbd - media (816) - /var/db/sabnzbd
    • sickbeard - media (816) - /var/db/sickbeard
    • sickrage - media (816) - /var/db/sickrage
    • sonarr - media (816) - /var/db/sonarr
    • couchpotato - media (816) - /var/db/couchpotato
    • headphones - media (816) - /var/db/headphones
    • madsonic - subsonic (844) - /var/madsonic
    • mylar - media (816) - /var/db/mylar
    • xdm - media (816) - /var/db/xdm
    • maraschino - media (816) - /var/db/maraschino
    • htpc-manager - media (816) - /var/db/htpc-manager
    • plexmediaserver - plex (972) - /var/db/plexdata
    • emby-server - emby (983) - /var/db/emby-server
    • subsonic - media (816) - /var/db/subsonic
    • btsync - btsync (817) - /var/db/btsync
    • syncthing - syncthing (983) - /var/db/syncthing
NOTE
  • Never change the ownership or permission levels of Jail datasets. These contain operating system and application files that will not work properly if changed. Only ever change ownership or permission levels of datasets that contain only your data and that are mounted into your Jail(s).
SOLUTION 1 - USER WRITEABLE
  • Add a user in the FreeNAS WebUI with a matching UID as the plugin's default user.
  • Change ownership of the data dataset/folders to the newly added user.
SOLUTION 2 - USER WRITEABLE
  • In the jail, add a user with a matching UID as the owner of the data dataset/folders.
    • Code:
      pw useradd -n USER -u UID -d /nonexistent -s /usr/sbin/nologin
  • In the jail, change the user the plugin runs as, and change ownership of the data-directory.
    • Code:
      service PLUGIN onestop
      chown -R USER:GROUP /var/db/PLUGIN
      sysrc 'PLUGIN_user=USER'
      service PLUGIN start
SOLUTION 3 - GROUP WRITEABLE
  • Change permission of the data dataset/folders to allow group writing.
  • In the jail, add a group with a matching GID as the group owner of the data dataset/folders.
    • Code:
      pw groupadd -n GROUP -g GID
  • In the jail, add the user the plugin runs as to the newly added group.
    • Code:
      pw groupmod GROUP -m USER
SOLUTION 4 - OTHER WRITEABLE
  • Change permission of the data dataset/folder to allow other writing.
I am trying to follow solution #3 and was able to do "pw groupadd -n GROUP -g GID" with no problem, however with "pw groupmod GROUP -m USER", I am getting an error saying " 'user' does not exist ", there's already an user created under Users on Freenas GUI which I don't understand.
 
Status
Not open for further replies.
Top