SOLVED Backing on a FreeNAS using backintime

[André Fettouhi]

I recently build a FreeNAS server (9.10-U4) and I want to use it as backup place for my Arch Linux machine using backintime via ssh. My problem is that I am having issues with permissions on the freenas when connecting to my freenas server through backintime.

I haveon my linux box created a ssh key with

ssh-keygen -t rsa

and then copied to my Freenas server with

ssh-copy-id -i ~/.ssh/id_rsa.pub freenasuser@freenas

SSH is set up on my FreeNAS server. But like I wrote before I get this error when trying to connect

Code:

Remote host freenas doesn't support 'chmod u+rw FILE':
chmod: /mnt/freenaspool/Media/tmp_QJNMZD/a: Operation not permitted

I tried to get help from the backintime developers but they ran out of ideas. Here is my original post on their github page.

https://github.com/bit-team/backintime/issues/664

Any ideas on what could be the issues with permissions? I can ssh into my FreeNAS server fine from a terminal.

 

[André Fettouhi]

Is there a guide on how to set up password less ssh login on FreeNAS? I keep getting errors about permission denied when I try to connect via backintime. I have for my freenas user created a home directory where now the public key is copied to. But still it doesn't work? Is my freenas install borked?

 

[Glorious1]

Is there a guide on how to set up password less ssh login on FreeNAS? I keep getting errors about permission denied when I try to connect via backintime. I have for my FreeNAS user created a home directory where now the public key is copied to. But still it doesn't work? Is my FreeNAS install borked?

It's really hard to know what might be wrong without a lot of excruciating detail. Here is a guide that includes the detailed information on setting up key authentication on FreeNAS.
https://forums.freenas.org/index.ph...r-freenas-server-remotely-and-securely.27376/

 

[André Fettouhi]

I am aware of that. All the details of what I have done are in this thread here though

https://github.com/bit-team/backintime/issues/664

 

[André Fettouhi]

I am still trying to get password less login to work with FreeNAS and I keep hitting a wall. I looked at the above link

https://forums.freenas.org/index.ph...r-FreeNAS-server-remotely-and-securely.27376/

and tried to do as described there. I even looked in the troubleshooting section and tried to set the permissions as suggested but I keep getting a

operation not permitted when trying to do chmod of the ssh library and authorized_keys file. I simply cannot figure out why this doesn't work. Could it be because that the home directory I have created for my freenasuser is in a smb share? I put the home directory for the freenasuser under /mnt/freenaspool/Media/home/freenasuser.

 

[Glorious1]

Could it be because that the home directory I have created for my freenasuser is in a smb share?

Yes. I understand SMB prevents you from changing permissions directly, or something to that effect. I don't use SMB. I would try changing the permissions to unix or mac, at least temporarily, to make the change, or try to change the permissions of those folders and files using the SMB client.

 

[André Fettouhi]

SMB client? How do I change the permissions to unix or mac?

 

[anodos]

SSH is set up on my FreeNAS server. But like I wrote before I get this error when trying to connect

Code:

Remote host FreeNAS doesn't support 'chmod u+rw FILE':
chmod: /mnt/freenaspool/Media/tmp_QJNMZD/a: Operation not permitted

I tried to get help from the backintime developers but they ran out of ideas. Here is my original post on their github page.

https://github.com/bit-team/backintime/issues/664

Any ideas on what could be the issues with permissions? I can ssh into my FreeNAS server fine from a terminal.

When you set a dataset to have "windows permissions type" in FreeNAS, the zfs "aclmode" property gets set to "restricted". This effectively prevents chmod from working in the dataset. It is a way of protecting ACLs on a samba share from getting mucked up by programs that don't understand ACLs (this has been a serious problem in the past). The easiest workaround is to create a dataset outside of your samba shares and select "unix" permissions type during the dataset creation process.

 

[Glorious1]

By SMB client, I mean the computer that you use to access the server over SMB.

Dataset and share permissions:
http://doc.FreeNAS.org/9.10/storage.html#change-permissions
http://doc.FreeNAS.org/9.10/sharing.html#sharing

If you change the permissions type for the dataset to unix (and check the recursive box so it applies to subfolders), you should be able to adjust the permissions on the command line. I don't know what will happen if you then switch it back to Windows/SMB though.

I guess I would first try doing it within SMB from your client, changing permissions on the necessary files and folders.

EDIT: Or what @anodos just said, by which I think he means set up your user home folder as a separate dataset with unix permissions.

 

[anodos]

EDIT: Or what @anodos just said, by which I think he means set up your user home folder as a separate dataset with unix permissions.

Precisely. I probably worded that a bit clumsily.

Overall, it's a good idea not to put your Unix home directory inside a samba share unless you have a specific need to do so. This is because there are certain UI features in FreeNAS that will rewrite permissions on a samba share (specifically "apply default permissions"), which will break SSH access for your users.

 

[Glorious1]

Overall, it's a good idea not to put your Unix home directory inside a samba share unless you have a specific need to do so. This is because there are certain UI features in FreeNAS that will rewrite permissions on a samba share, which will break SSH access for your users.

OK, that being the case, please disregard my suggestions André, and follow anodos advice. Unless you don't really need SMB in the original dataset and want to leave it as unix or mac.

 

[André Fettouhi]

I am confused on what to do here? I need the smb share because in order to listen to my music on the server it needs to be mounted via smb. That is a limitation of Clementine the music player I use. So should I home the directory of my freenas user to somewhere outside the mounted smb share? Like /home/freenasuser instead of /mnt/freenaspool/Media/home/frenasuser/?

 

[anodos]

I am confused on what to do here? I need the smb share because in order to listen to my music on the server it needs to be mounted via smb. That is a limitation of Clementine the music player I use. So should I home the directory of my FreeNAS user to somewhere outside the mounted smb share? Like /home/freenasuser instead of /mnt/freenaspool/Media/home/frenasuser/?

Right. Assuming that you don't need to access the "home" directory of your freenas user via samba.

For instance, if you have created a samba share at /mnt/freenaspool/media, create a new "unix" dataset under /mnt/freenaspool/. For instance, "/mnt/freenaspool/home" and put the home directory of your freenas users there and set permissions appropriately (SSH doesn't like it if your permissions are too lax). This will allow unix processes to do the sorts of things that they expect to be able to do inside your home directory.

 

[André Fettouhi]

OK, so I only need to create a new dataset then and point it to /mnt/freenaspool/ and set the permissions to "unix". Have I got this right?

 

[anodos]

OK, so I only need to create a new dataset then and point it to /mnt/freenaspool/ and set the permissions to "unix". Have I got this right?

• In the FreeNAS webui, click on "Storage" -> "Volumes" -> "View Volumes"
• Select "freenaspool"
• Click on the "Create Dataset" button
• Share type should be set to "Unix"

Once it's created, you can create your home directories inside it and then click on "Account" -> "Users" -> <username> and in the "Home Directory" field browse to your new home directory.

 

[André Fettouhi]

OK, I think I almost got this working now. I have created the new dataset and I have moved my freenasuser's home directory into that dataset. I then set up the ssh key and copied it over to my freenas. Finally I checked the permissions were correct as suggested here

https://forums.FreeNAS.org/index.ph...r-FreeNAS-server-remotely-and-securely.27376/

under Troubleshooting. Now I try to connect via backintime to my freenas in order to backup my data from my Arch Linux box. I want to save my backup to the smb share (/mnt/freenaspool/Media/) I have created but now I get this error

Remote host FreeNAS doesn't support 'chmod u+rw FILE':
chmod: /mnt/freenaspool/Media/tmp_QJNMZD/a: Operation not permitted

so this then as I understand from the post by @anodos an aclmode issue. How to get around this? Should I instead create a new dataset set it to "unix" and put the backup there? I did try to save backup to the dataset I created for the home directory but here I get a write permission denied. So how to proceed here?

 

[Glorious1]

So how to proceed here?

It looks like backintime is trying to use unix commands to edit permissions, but it is a SMB dataset. As anodos said, SMB doesn't let you change permissions that way.

I guess I was confused about what the problem was. You were asking earlier about how to log in via SSH without a password. I assume you can do that now, but apparently that isn't the actual problem.

Is backintime supposed to be able to back up to a SMB share? It doesn't seem like it.
Can you set permissions for Media via the FreeNAS GUI to match what backintime is trying to set?
Can you back up to a unix dataset instead?

 

[André Fettouhi]

It looks like backintime is trying to use unix commands to edit permissions, but it is a SMB dataset. As anodos said, SMB doesn't let you change permissions that way.

I guess I was confused about what the problem was. You were asking earlier about how to log in via SSH without a password. I assume you can do that now, but apparently that isn't the actual problem.

Is backintime supposed to be able to back up to a SMB share? It doesn't seem like it.
Can you set permissions for Media via the FreeNAS GUI to match what backintime is trying to set?
Can you back up to a unix dataset instead?

It seems like I can change the permissions for my smb share to Unix. Right now it is set to Windows. There is also an option to set permissions recursively.

EDIT: I just tried to change permissions unix and set them recursively and I still get the error

Remote host freenas doesn't support 'chmod u+rw FILE':

chmod: /mnt/freenaspool/Media/tmp_G4XBUE/a: Operation not permitted

 

[Glorious1]

EDIT: I just tried to change permissions unix and set them recursively and I still get the error

If you ssh into the dataset, can you manually change the permissions the way backintime is trying to?
Do the credentials backintime is using to get into the dataset belong to the owner of the dataset?
Is the file in question owned by that user?

 

[André Fettouhi]

I tried to do this

Code:

[af@andre ~]$ ssh freenasuser@freenas
Enter passphrase for key '/home/af/.ssh/id_rsa':
Last login: Tue Dec 13 20:33:29 2016 from 192.168.0.10
FreeBSD 10.3-STABLE (FreeNAS.amd64) #0 r295946+07c41cd(9.10-STABLE): Wed Nov  9 00:19:25 UTC 2016

		FreeNAS (c) 2009-2016, The FreeNAS Development Team
		All rights reserved.
		FreeNAS is released under the modified BSD license.

		For more information, documentation, help or support, go here:
		http://freenas.org
Welcome to FreeNAS
[freenasuser@freenas ~]$ mkdir /mnt/freenaspool/Media/test
[freenasuser@freenas ~]$ echo "foo" > /mnt/freenaspool/Media/test/a
[freenasuser@freenas ~]$ chmod u+rw /mnt/freenaspool/Media/test/a
chmod: /mnt/freenaspool/Media/test/a: Operation not permitted

and then check with this

Code:

[freenasuser@freenas ~]$ getfacl /mnt/freenaspool/Media/test/a
# file: /mnt/freenaspool/Media/test/a
# owner: freenasuser
# group: freenasgroup
			owner@:rwxpDdaARWcCos:------I:allow
			group@:rwxpDdaARWcCos:------I:allow
		 everyone@:r-x---a-R-c---:------I:allow

and I did this after I changed the permissions of Media from type Windows to Unix.