[How-To] Giving Plugins Write Permissions to Your Data

Status
Not open for further replies.

LIGISTX

Guru
Joined
Apr 12, 2015
Messages
525
Did you add the 983 UID to the same group as your samba owner in FreeNAS. Also probably will need to add a group inside of the plugin jail that corresponds with the GID and add the syncthing user to it in the jail as well.

My guess is you let FreeNAS just create a new group for syncthing user you created. Also will need to make the folder group writeable so that syncthing can write to it so I think the folder should be 77X (the X being what the world can do, so 0 if nothing 4 if read only 6 if read and write and 7 if anything and everything.)

I didn't allow it to create a group on user creation, I added it to my SMB (Samba, same thing yea?) group. So it at the group level should have the correct permissions for the dataset directory, except for the GID part within the jail itself. How do I go about adding that?

I assume I have to jexec into the jail, but what do I do after that?

Like this: ?

Code:
pw groupadd -n GROUP -g GID

pw groupmod GROUP -m USER
 
Joined
Apr 9, 2015
Messages
1,258
Yeah something like that. I found that the jail balks at doing things unless it has the same group and permission in the jail as the FreeNAS and vise versa.
 

BBarker

Contributor
Joined
Aug 7, 2015
Messages
120
Can’t you just add the user to the group in the web GUI?


Sent from my iPhone using Tapatalk Pro
 
Joined
Apr 9, 2015
Messages
1,258
That doesn't tell the app in the jail it is a member of the group. Have to remember that the jail acts and thinks as if it is running in it's own bare metal environment in a way. I have found that making sure to create a group in the jail with the same GID as the one that owns the data (NFS, Samba, etc.) and then adding the user into that group along with creating the user and adding it to the group in the GUI is the best way to make it all work correctly.
 

LIGISTX

Guru
Joined
Apr 12, 2015
Messages
525
Well, I think I got the user and group stuff set up correctly because syncthing is scanning. But, its not really finding anything, sorta.

So far it has done this, I know it takes a while, but I am not sure how it has 32,000 directories, with only 3.91 MB's and 0 files. I mounted a directory from my dataset to my jail at /mnt/Data/Photos/Lightroom Sync, and the Lightroom Sync folder is upwards of 180 GB.

Folder ID xxx
Folder Path /mnt/Data/Photos/Lightroom Sync
Global State 0  32000  ~3.91 MiB
Local State 0  32000  ~3.91 MiB

What exactly would this mean?


Well, I got into the jail and ls -la is showing some of them are still owned by root / wheel, and some are syncthing / my SMB share group

Really not sure what went wrong here. But I think I am going to just uninstal the jail, start from scratch, set up the group, then see what happens.
 
Last edited:
Joined
Apr 9, 2015
Messages
1,258
Probably need to chown -R the folder with syncthing as the user and whatever group it is in for FreeNAS.
 

LIGISTX

Guru
Joined
Apr 12, 2015
Messages
525
Probably need to chown -R the folder with syncthing as the user and whatever group it is in for FreeNAS.
Not sure I would want to do that. The user I still want to be accessible to my SMB accounts. But I have to think setting up the users correctly will work...
 

LIGISTX

Guru
Joined
Apr 12, 2015
Messages
525
Seems to be working. Its going slow, but it does seem to be working. All directories are created, but doesn't look like actual files have been synced. But, hey, you can't create a folder if you don't have proper access, so I have to assume its working!
 

LIGISTX

Guru
Joined
Apr 12, 2015
Messages
525
I guess its not working. I am off for a week and a half and decided to lug my server to my parents house to get the transfer finished since I wasn't sure what was up. I manually moved all the data to the freenas dataset, unpaused syncthing, it and successfully scanned all the data and is saying it is synced.

Problem is, I can't seem to write files to the freenas dataset. If I create a new file on the PC the files are syncing to, the freenas syncthing instance will see it, but it will not actually sync the data. It goes in the "failed to sync" line item category. If I create a file in the freenas dataset, it will successfully sync over to the windows machine tho.

The reason this confuses the hell out of me, while it was going over the internet before it was creating folders without issue in the freenas dataset. It just didn't seem to create the files within said folders. Clearly some permissions are not right. Just not sure what exactly is wrong.

Any help would be greatly appreciated!

More detail, I have created within freenas, a user named syncthing, and assigned it UID 983, and made its primary group my SMB_Share group, as well as its Auxiliary group ( I am thinking it did that on its own, but im not sure, I don't think having it in primary and aux is an issue since my SMB User is set up that way and works), I also added Wheel to its Aux group. I have also created the user and group in syncthinks jail, and as far as I know I did that correctly. I used this from the original instructions; I am trying to follow "solution 3".

    • pw groupadd -n GROUP -g GID
    • pw groupmod GROUP -m USER
I am not sure if this is important, but the folder is set to windows permission type, changing it to unix doesn't seem to have an effect.

For good measure, I even tried setting the dataset owner to syncthing, doesn't seem to help. Would I have to restart the jail each time I try things such as thing? I have done all the ownership changes to the dataset with the jail running.
 
Last edited:

LIGISTX

Guru
Joined
Apr 12, 2015
Messages
525
At this point I have tried damn near everything. There is clearly something fundamental I am missing.

I deleted the old jail and started from scratch once again.

I changed the user of syncthing to match the freenas user that owns the directory, although I did run into one issue.

Code:
service PLUGIN onestop
chown -R USER:GROUP /var/db/PLUGIN
sysrc 'PLUGIN_user=USER'
service PLUGIN start


This all worked, but the service wouldn't start again:

Code:
daemon: pidfile ``/var/run/syncthing.pid'': Permission denied
/usr/local/etc/rc.d/syncthing: WARNING: failed to start syncthing


So, right or wrong, I
Code:
chown -R USER:GROUP /var/run
which allowed it to start. I have the user and the groups matched from the jail to freenas itself, and this is what syncthing is giving me as an error on the files that it has found to be out of sync: "dir chmod: chmod DIRECTORY operation not permitted". I can't get this to work to save my life.

I also did
Code:
 chown -R USER:GROUP /mnt 
in order to make sure the user I created has write in the jails mnt directory. I am clearly pretty new to all of this, but I think what I am doing *should* be working...
 
Last edited:

Pilbromatic

Dabbler
Joined
Feb 23, 2018
Messages
11
Never change the ownership or permission levels of Jail datasets. These contain operating system and application files that will not work properly if changed. Only ever change ownership or permission levels of datasets that contain only your data and that are mounted into your Jail(s).

So I did exactly this. Entirely accidentally too. My FreeNAS has been running perfectly for approx 9 months, and with a couple of clicks of the mouse without thinking I've now broken my jails (again - I already learnt not to do this the hard way)!

I run Plex, Transmission, and Couch Potato. I've managed to get Transmission running again (perhaps by fluke; however it can't write to the /media dataset but I can fix that later), but both Plex and CP won't start. I've read through this entire thread and don't really have the confidence to try things without being certain as I don't want to make things even worse!

I'm a little vague on whether or not I need to recreate the jail, or if I can just edit permissions back to how they should be? Ideally I don't want to lose plugin settings either; eg Plex contains info of what has been watched already etc.
Code:
root@plexmediaserver_1:/ # ls -l /media										
total 178																	  
drwxrwxr-x   56 root  wheel   80 Feb 22 18:34 downloads
drwxrwxr-x  123 plex  wheel  123 May  5  2017 episodes
drwxrwxr-x  353 plex  wheel  354 Feb 22 18:27 movies
drwxrwxr-x  164 plex  wheel  164 May 12  2017 music

FreeNAS-9.10.2-U3 (e1497f269)
Intel(R) Xeon(R) CPU L5520 @ 2.27GHz
32729MB ECC

I've found in this thread some info on pages 2, 13 and 17 to be on track but I'm just hesitant as I don't really understand all of the commands correctly. Is someone able to point me in the right direction of where to from here? Thanks! :)
 

Drew Heath

Explorer
Joined
Mar 7, 2016
Messages
80
How are you running these? Plugins? Jails? Are you running all of your applications under the Plex user, or are all of your application users part of the wheel group? What I see is that the Plex user has read write of episodes, movies and music, as does the wheel group. Only root/wheel has access to downloads though. I would first start by checking the applications users by running top in each jail, then looking for the application and what user is running it. From there, check the users groups using id (EG id plex).

I just re-read the opening of your post, and realize what happened. You'll need to identify what permissions should be at each level of your data. If the app's are not starting, then I would guess you also changed permissions on the jails dataset, can you confirm?
 
Last edited:

Pilbromatic

Dabbler
Joined
Feb 23, 2018
Messages
11
Hi Drew, thanks for your reply.

Yeah, they're plugins each with their own jail, if that's what you're asking? As far as I know, I initially had all of my plugins running under the root user and/or wheel group; I'm not entirely sure as I set it up some time ago. I'll see if I can find out what they are currently set to per jail.

And yes unfortunately I changed the permissions on the jails datasets (without thinking). I went to the /media folder where all of the jails are located and set permissions on that recursively. I did it in a bit of a rush trying to get write access to work on one of the folders then immediately realised my mistake.

I'll have a bit of a play and see if I can find out how to view the permissions per dataset. While I set this up some time ago, I simply followed instructions and haven't quite worked out the ins and outs yet! Cheers.
 

Pilbromatic

Dabbler
Joined
Feb 23, 2018
Messages
11
Had a bit of time this afternoon to look into this (work has been hectic!). So I've got Couch Potato working, but still trying to sort out Plex. I'm making progress and think I've fixed the issues above by deleting and re-adding the plugins/jails. For other people, the steps I took are below (this same theory should work for all plugins, however from my experience Plex is picky):

Create backup location:
Code:
mkdir /root/backups
(probably not the best location but it'll do).

Backup CP:
Code:
cp -iprv /mnt/media/couchpotato_1/var/db/couchpotato /root/backups
(we actually only need settings.conf, however I decided to backup the whole folder just for good measure).

Then remove CP with the GUI and ensure that the relevant jail has been removed (the locations should still be listed under Jails -> Storage).

Start the CP plugin to create relevant directories etc.
Check it's working then stop it.

Restore CP:
Code:
cp -iprv /root/backups/couchpotato/settings.conf /mnt/media/couchpotato_1/var/db/couchpotato/

All settings should be restored. So far I've noticed that CP isn't showing all my movies I had queued for download; however this might be related to access permissions to my downloads folder.

For other plugins, this is handy: https://imgur.com/7czyUFl
7czyUFl
7czyUFl
 
Last edited:

rubenm

Dabbler
Joined
Oct 5, 2013
Messages
28
Hi All
I have a situation since the bigining that i never find a solution.
My plex works, but i f i want to delete something, i have to go with the CIFS file and delete plex as no permission.

How can i correct that, without it stop working?
 

Attachments

  • plex_perm1.JPG
    plex_perm1.JPG
    70 KB · Views: 773

Drew Heath

Explorer
Joined
Mar 7, 2016
Messages
80
Do you recall if you used the group or user method to access the files? As there are a ton of ways it could be setup, lets decide on a method that you want to use and move from there.

As an example, if you wanted to use the group method, you could create a group called media, and add the plex user to the media group.

Step 1, create the media group: pw groupadd media
Step 2, add the plex user to the media group: pw groupmod media -m plex
Step 3, verifiy plex is a member of media: id plex
Step 4, set the media group to the media files: chown -R :media "path to media files"
Step 5, set access rights for owner and group: chmod -R 770 "path to files"
(note, this assumes no guest access)
Step 6, verify access changes: ls -l "path to media files"
(you should see -rxwrxw--- Files if correct drxwrxw--- for directories)

Plex should now be able to access the files.
 

Drew Heath

Explorer
Joined
Mar 7, 2016
Messages
80
Hi All
I have a situation since the bigining that i never find a solution.
My plex works, but i f i want to delete something, i have to go with the CIFS file and delete plex as no permission.

How can i correct that, without it stop working?
We need to know more. Your screenshot doesn't show us where your data is or what its permissions are. Basically, the account that is running Plex, must have write access to your media files for Plex to be able to delete files. Check the account running plex by issuing the top command. It will show you applications running, and what account is running them (ctrl + c to exit top). With the account knowledge, check the accounts permissions using id. (EG if the account is plex, run id plex.) From there, navigate to your media files and check permissions similar to your screenshot using ls -l. ls shows the owner and the group as well as the permissions for owner, group and everyone else. The account running plex must have RW rights in one of those categories. Refer to the original post on how to set those.
 

Drew Heath

Explorer
Joined
Mar 7, 2016
Messages
80
Had a bit of time this afternoon to look into this (work has been hectic!). So I've got Couch Potato working, but still trying to sort out Plex. I'm making progress and think I've fixed the issues above by deleting and re-adding the plugins/jails. For other people, the steps I took are below (this same theory should work for all plugins, however from my experience Plex is picky):

Create backup location:
Code:
mkdir /root/backups
(probably not the best location but it'll do).

Backup CP:
Code:
cp -iprv /mnt/media/couchpotato_1/var/db/couchpotato /root/backups
(we actually only need settings.conf, however I decided to backup the whole folder just for good measure).

Then remove CP with the GUI and ensure that the relevant jail has been removed (the locations should still be listed under Jails -> Storage).

Start the CP plugin to create relevant directories etc.
Check it's working then stop it.

Restore CP:
Code:
cp -iprv /root/backups/couchpotato/settings.conf /mnt/media/couchpotato_1/var/db/couchpotato/

All settings should be restored. So far I've noticed that CP isn't showing all my movies I had queued for download; however this might be related to access permissions to my downloads folder.

For other plugins, this is handy: https://imgur.com/7czyUFl
7czyUFl
7czyUFl
I believe CP download data would have been setup in its database. If you restored that file and don't see info, can you add a movie and have it save? It has been quite awhile since I have used CP.
 

rubenm

Dabbler
Joined
Oct 5, 2013
Messages
28
Do you recall if you used the group or user method to access the files? As there are a ton of ways it could be setup, lets decide on a method that you want to use and move from there.

As an example, if you wanted to use the group method, you could create a group called media, and add the plex user to the media group.

Step 1, create the media group: pw groupadd media
Step 2, add the plex user to the media group: pw groupmod media -m plex
Step 3, verifiy plex is a member of media: id plex
Step 4, set the media group to the media files: chown -R :media "path to media files"
Step 5, set access rights for owner and group: chmod -R 770 "path to files"
(note, this assumes no guest access)
Step 6, verify access changes: ls -l "path to media files"
(you should see -rxwrxw--- Files if correct drxwrxw--- for directories)

Plex should now be able to access the files.


on step 4 i get "Operation not permitted"
 

Drew Heath

Explorer
Joined
Mar 7, 2016
Messages
80
on step 4 i get "Operation not permitted"
How are permissions set on the dataset that is presented to the jail? It must have at least as much permission are you are trying to give. If you only gave read at the dataset, you wouldn't be able to grant write in the jail.
 
Status
Not open for further replies.
Top