Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

How to give Deluge jail permission to write mounted dataset

shiphtfour

Member
Joined
Jan 21, 2013
Messages
25
I apologize for creating a new thread when I am sure this question has been answered before already. However, despite my efforts to find the solution, I still can't seem to resolve my issue.

I installed Deluge in an iocage jail using this guide https://www.ixsystems.com/community/threads/install-deluge-in-a-jail.28778/post-324869. It works properly and I can connect to the daemon using the Windows gtk client. However, when I try adding a torrent, it fails to transfer any data and sits idle at 0%. I am certain this is because there is a permission issue with the mounted dataset that the torrent is trying to download to. The primary user in the jail per the installation instructions is "deluge" with a UID of 1001. The installation guide instructs assigning the user to the group "media", which I have done, making sure the GIDs match. Do the permissions of the pool that contains the mount points need to also be user: deluge and group: media? Any help would be greatly appreciated.
 
Joined
Sep 13, 2014
Messages
141
That guide is really rather old... what version of FreeNAS are you running and are you install Deluge in a Warden or iocage jail?

EDIT: If I understand your last sentence correctly (as the terminology isn't quite correct) then yes, the Dataset you wish Deluge to be able to write to has to either be owned by the deluge user on your FreeNAS system, the deluge group or a group that the deluge user is a member of... such as the media group as the guide instructs.
 
Last edited:

shiphtfour

Member
Joined
Jan 21, 2013
Messages
25
I am running FreeNAS-11.2-U4.1. I realize the guide is rather old, but it was the most comprehensive one I could find and figured it was still applicable to iocage jails (I installed Deluge in an iocage jail, not Warden).

In an attempt to make things as simple as possible, I now have a user "deluge" with the group "deluge" in the jail. Both the UID and GID are 1001 and match the same UID and GID outside of the jail. I set permissions for the /media folder where the mount points are, and ls -l /media returns
Code:
drwxrwxr-x+ 1242 deluge  deluge  1244 Jun 21 11:46 Movies
drwxrwxr-x+  158 deluge  deluge   160 Jun 19 14:33 TV Shows

I'm assuming that the following portion of the guide should have setup "deluge" as the primary user, but perhaps this is where my issue is?
Code:
echo 'deluged_user="deluge"' >> /etc/rc.conf
mkdir -p /home/deluge/.config/deluge
chown -R deluge:deluge /home/deluge/


My original question was asking if the pool outside the jail, that the mount points are pointing to, also has to have the same permissions (user "deluge" and group "deluge")?
 

garm

Neophyte Sage
Joined
Aug 19, 2017
Messages
1,465
Yes, both sides of the nullfs pipe needs to have the same permissions set. What permissions you set on the mount point in the jail is not carried over to FreeNAS, but most match what is originally set in FreeNAS.
 

shiphtfour

Member
Joined
Jan 21, 2013
Messages
25
Thank you for clarifying. In order to get the permissions in the jail to work, do both the username and group have to match the mounted dataset permissions, or will it work if just the group matches?
 

garm

Neophyte Sage
Joined
Aug 19, 2017
Messages
1,465
Users are for running things like services and shells, groups are for giving access to stuff.

You could set owner to “nobody” on all your datasets as long as you assign appropriate groups and make users members of them.
 

shiphtfour

Member
Joined
Jan 21, 2013
Messages
25
I can't for the life of me seem to get it to work, even after trying to install using the same username and group as the permissions for my dataset being mounted. I found this post with more up-to-date installation instructions, but I am stuck at the first steps because I don't have a separate dataset for the portsnap or app configuration like he is mounting and am not sure how to set that up...
 

Martin Bauer

Member
Joined
Nov 13, 2013
Messages
26
I am having the exact same problem - same system set up for the most part -
When initializing the torrent the specs look good but quickly fall off to an eta of infinity -

watching -
 

ere109

Member
Joined
Aug 22, 2017
Messages
157
You're not alone. I'm having a very similar issue, and it almost seems to auto-create. I've found an occasional work-around by opening all permissions recursively in my shared torrents folder (either edit permissions in Pools GUI, or chmod 777), but it keeps breaking. I'll go in, open all permissions, then a few days later (I'm sure I've done something different), downloads stop and I can no longer write.
Note, the default user for the Deluge plugin is "nobody" and I'm considering creating a dedicated user, as linked in this thread - similar problem.

I have created a deluge group and given it the same GID in FN and in deluge. When I run "ls -l" I get a return that looks like this:
Code:
----rwx---+  1 1000  deluge

And that's a file that the deluge plugin created inside its own shared space. So the user --- ?doesn't exist? The group should have complete read, write, execute, but doesn't...
I'm right there with you.
 

ere109

Member
Joined
Aug 22, 2017
Messages
157
Update, here are the steps that have worked for me, as I just got write access back:
Create a deluge group in FreeNAS - note the GID.
Create a deluge group in deluge jail - use the same GID.
Add jail user "nobody" to the deluge group.
Open FN GUI, go to: Storage > Pool > [dataset shared with deluge].
Change the group owner of that dataset to deluge. Make sure the user and group have RWX permission.
Click "set recursively" to write the change all the way down.
Confirm.
Save.
 

ere109

Member
Joined
Aug 22, 2017
Messages
157
Never mind. My downloads started, then immediately stopped. I can open full permissions for "Other" and that will help.
 
Joined
Sep 13, 2014
Messages
141
Create a deluge group in FreeNAS - note the GID.
Create a deluge group in deluge jail - use the same GID.
Is that a typo or did you actually create the Deluge group in the FreeNAS userland first and then create a duplicate group in the Deluge Jail's userland?
 

ere109

Member
Joined
Aug 22, 2017
Messages
157
I did create groups in both. From my reading, a jail can only communicate out if the user or group in the corresponding dataset is the same. In other words, by creating a deluge group in both the Freenas GUI and the jail, then giving permission to the deluge group, the jail can touch data outside itself.

P.S. I just checked the realized that FreeNAS comes with a nobody user - same UID. So I gave the FN user access to the deluge group. Still a lot of run-around. The command
Code:
ls -l
has been so helpful in diagnosing this permission issue.
 

nojohnny101

Neophyte Sage
Joined
Dec 3, 2015
Messages
1,467
I have a deluge jail (iocage) running just fine with a mount point pointing to a dataset outside of the jail. I set it up a while a ago with what mostly have been said here. specifically I:

- installed and setup the jail
- noted the GID of the group that owns the dataset outside of the jail
- created a group with the same GID inside the jail and add the deluge user to it
- created my mount point

But it seems all of the above that is working for me has not being working for others. I'm just not sure why.
 
Joined
Sep 13, 2014
Messages
141
I did create groups in both. From my reading, a jail can only communicate out if the user or group in the corresponding dataset is the same. In other words, by creating a deluge group in both the Freenas GUI and the jail, then giving permission to the deluge group, the jail can touch data outside itself.
What I was asking was did you create the groups in that specific order? The question is academic at this point though as it was asked based upon an incorrect assumption on my part.

I think by far the most common misunderstanding when it comes to permissions on FreeNAS is that (as you quite rightly point out) in order for a user within a Jail user to access data on the FreeNAS system, there has to be a duplicate user in the FreeNAS userland (that's a simplification but that's basically the gist). A lot of new users don't seam to know this and it results in all manner of hair pulling.

Where my confusion came in is that, from what I've seen, the most common cause of permissions confusion is Plex, which has a pre-existing Plex user within the Jail, with a UID and GID 972 (if memory serves). Therefore, you only need to create a user and group in the FreeNAS userland... thus my (mistaken) question of what order you created users in.

How are your permissions set now?... I know it's tempting to just leave it alone if it's working but leaving stuff 777 when you don't need to is not a good idea.
 

garm

Neophyte Sage
Joined
Aug 19, 2017
Messages
1,465
there has to be a duplicate user in the FreeNAS userland
Actually, no. Users run things such as shells, plex, or what have you. Groups gives access, so for a jail user (say plex) to have access to content in a dataset outside the jail, the user plex has to have jail group membership of the dataset owning group in FreeNAS (same name and gid).
 

ere109

Member
Joined
Aug 22, 2017
Messages
157
How are your permissions set now?... I know it's tempting to just leave it alone if it's working but leaving stuff 777 when you don't need to is not a good idea.
I may still be 777. I've got two dozen active torrents, and don't want to run the risk of losing access... I'll check...
Yep, will attempt to fix that after I move data out.
 
Top