[How-To] Giving Plugins Write Permissions to Your Data

[CraftyClown]

I've found the correct link on their site

http://pkg.freebsd.org/freebsd:9:x86:64/latest/All/git-2.3.0.txz

Can I manually install that from the jail

 

[Joshua Parker Ruehlig]

I've found the correct link on their site

http://pkg.freebsd.org/freebsd:9:x86:64/latest/All/git-2.3.0.txz

Can I manually install that from the jail

you could, though you may need to resolve dependencies on your own

 

[CraftyClown]

ha ha, I think you know me well enough now Josh, to realise that's probably a whole other can of worms I'll be opening!!

Is this just a case of their info not being updated? I suppose I could wait it out, although it seems to be a couple of versions behind. Is this kind of thing normal?

 

[CraftyClown]

Crap! I've just realised this line:

1. rm -r /usr/pbi/mylar-amd64/share/mylar/mylar

was removing the old install, yes?

So if I can't install the development build right now, I'll have to install from scratch again?

 

[Joshua Parker Ruehlig]

ha ha, I think you know me well enough now Josh, to realise that's probably a whole other can of worms I'll be opening!!

Is this just a case of their info not being updated? I suppose I could wait it out, although it seems to be a couple of versions behind. Is this kind of thing normal?

after reading your pkg issue more carefully I realize it's just an issue with git. not sure what's going on with the repo, it's indexing a file that doesn't exist. maybe try 'pkg upgrade' and 'pkg update' first?

 

[Joshua Parker Ruehlig]

Crap! I've just realised this line:

1. rm -r /usr/pbi/mylar-amd64/share/mylar/mylar

was removing the old install, yes?

So if I can't install the development build right now, I'll have to install from scratch again?

you could also just download a tarball of the source files from github.

 

[CraftyClown]

I've already uninstalled and I'm adding it back now.

I tried pkg update, but it said it was up to date. I'll try upgrade next time.

 

[CraftyClown]

So I got it installed again and moved over to the development branch, but would you believe it... It's still having permissions issues!

It's set up as media:media and the UID of my user Richard is 816, so I can't think what else I can do


This is from the Mylar Jail, looking at the comic folder 'Alex + Ada'

root@mylar_1:/ # ls -l "media/Comics/Alex + Ada (2013)"
total 281608
-rwxrwxr-x+ 1 media wheel 28783042 Jan 10 21:34 Alex + Ada 1 (2013).cbr
-rwxrwxr-x+ 1 media wheel 25094592 Jan 10 21:34 Alex + Ada 10 (2014).cbr
-rwxrwxr-x+ 1 media wheel 22155232 Jan 10 21:32 Alex + Ada 11 (2014).cbr
-rwxrwxr-x+ 1 media wheel 20556485 Jan 28 15:22 Alex + Ada 12 (2015).cbr
-rwxrwxr-x+ 1 media wheel 20213142 Jan 10 21:34 Alex + Ada 2 (2013).cbr
-rwxrwxr-x+ 1 media wheel 21516077 Jan 10 21:34 Alex + Ada 3 (2014).cbr
-rwxrwxr-x+ 1 media wheel 24369275 Jan 10 21:34 Alex + Ada 4 (2014).cbr
-rwxrwxr-x+ 1 media wheel 21278060 Jan 10 21:34 Alex + Ada 5 (2014).cbr
-rwxrwxr-x+ 1 media wheel 24166214 Jan 10 21:34 Alex + Ada 6 (2014).cbr
-rwxrwxr-x+ 1 media wheel 29045638 Jan 10 21:34 Alex + Ada 7 (2014).cbr
-rwxrwxr-x+ 1 media wheel 25274975 Jan 10 21:34 Alex + Ada 8 (2014).cbr
-rwxrwxr-x+ 1 media wheel 25246739 Jan 10 21:34 Alex + Ada 9 (2014).cbr
-rwxrwxr-x+ 1 media wheel 15360 Mar 5 23:06 Thumbs.db
-rwxrwxr-x+ 1 media wheel 184588 Mar 5 23:05 cover.jpg
-rwxrwxr-x+ 1 media wheel 45 Mar 3 10:24 cvinfo


But this is a permissions error coming from Mylar, when it scans the same folder

2015-03-05 23:22:56ERRORUncaught exception: Traceback (most recent call last):
File "/usr/pbi/mylar-amd64/share/mylar/mylar/mylar/logger.py", line 159, in new_run
old_run(*args, **kwargs)
File "/usr/pbi/mylar-amd64/lib/python2.7/threading.py", line 763, in run
self.__target(*self.__args, **self.__kwargs)
File "/usr/pbi/mylar-amd64/share/mylar/mylar/mylar/updater.py", line 198, in dbUpdate
mylar.importer.addComictoDB(ComicID,mismatch,annload=annload)
File "/usr/pbi/mylar-amd64/share/mylar/mylar/mylar/importer.py", line 450, in addComictoDB
shutil.copy(coverfile,comiclocal)
File "/usr/pbi/mylar-amd64/lib/python2.7/shutil.py", line 120, in copy
copymode(src, dst)
File "/usr/pbi/mylar-amd64/lib/python2.7/shutil.py", line 91, in copymode
os.chmod(dst, mode)
OSError: [Errno 1] Operation not permitted: 'media/Comics/Alex + Ada (2013)/cover.jpg'
2015-03-05 23:22:56INFOSuccessfully retrieved cover for Alex + Ada
2015-03-05 23:22:56INFOImage header check: jpeg
2015-03-05 23:22:56INFODirectory (media/Comics/Alex + Ada (2013)) already exists! Continuing...
2015-03-05 23:22:54INFOSucessfully retrieved details for Alex + Ada
2015-03-05 23:22:54INFONow adding/updating: Alex + Ada
2015-03-05 23:22:53INFO[ComicVine API] Comicvine API count now at : 0 / 400 in 6.83 minutes.
2015-03-05 23:22:53INFO[DIRECTORY-CHECK] Found comic directory: media/Comics/Alex + Ada (2013)
2015-03-05 23:22:53INFOStarting update for 1 active comics

 

[Joshua Parker Ruehlig]

So I got it installed again and moved over to the development branch, but would you believe it... It's still having permissions issues!

It's set up as media:media and the UID of my user Richard is 816, so I can't think what else I can do

can you try telling Mylar to use a different dataset that you don't make all windows friendly and see if that has issues

 

[CraftyClown]

can you try telling Mylar to use a different dataset that you don't make all windows friendly and see if that has issues

I gave it a go. Switched the data set back to UNIX, tried refreshing Mylar again, but no change :(

 

[Joshua Parker Ruehlig]

I gave it a go. Switched the data set back to UNIX, tried refreshing Mylar again, but no change :(

I asked about a new dataset you never applied windows permissions on.

from reading your error + directory listing above there is no Unix permission issues. so I'm stumped, you might want to show that error to the Mylar dev because I don't see anything wrong here!

 

[CraftyClown]

I asked about a new dataset you never applied windows permissions on.

from reading your error + directory listing above there is no Unix permission issues. so I'm stumped, you might want to show that error to the Mylar dev because I don't see anything wrong here!

Ok thanks Josh

I tried adding a fresh dataset with only UNIX permissions, but still no joy

I'll see what the Mylar dev suggests

 

[Bobbyg387]

Hi Joshua,

I have been struggling with this again.

I am trying to give SABnzbd access to my storage to save downloads so Plex can access them.. I have created a dataset outside of my jail as advised. It is mounted as /mnt/V1/media

The owner of that dataset is user is Rob (1003) and group is Rob (1003) All Read, Write and Execute boxes checked. Unix Permission type.

I have added the group Rob (1003) to the jail per option 3. I then added media (user Sab runs as) to the group Rob in the jail.

When I try to update the home default folder in Sab, it won't save to my media folder, it just reverts back to /var/db/sabnzbd

What can I do to fix this?

Also- here is the output of ls-l /media from my jail:

 

[Scharbag]

In order for your plugin to be able to write to your data datasets/folders it must have..

1. access to your data dataset/folders
2. permissions to write to your data folders.

1) MAKING DATA ACCESSIBLE TO YOUR PLUGIN'S JAIL

• It is preferred that your data reside on a dataset(s) outside of your jail that you regularly snapshot and backup.

• FreeNAS plugins, by default, have no access to files residing outside of its jail.

• Data datasets/folders should be mounted into the plugin's jail as described in the FreeNAS User Guide.
  • http://doc.freenas.org/9.3/freenas_jails.html?highlight=storage#add-storage

2) PERMISSIONS
Choose one of the 4 solutions to give your plugin write permission to your data folders.

FACTS

• Every folder/file has a UNIX permission level, UID ownership, and GID ownership, which determines which user/group members can read/write to that folder/file. Basic UNIX permissions are described in the opening part of Chapter 4, Part 4, of the FreeBSD handbook.
  • https://www.freebsd.org/doc/handbook/permissions.html

• Jails and the FreeNAS host do not share user/group databases. They only associate UIDs/GIDs to users/groups if that mapping exists in it's particular user/group database.

• Processes running inside a jail's userland (plugins) are permitted to read/write files/folders according to the jail's user/group database.

• By default, most plugins run as a specific user, with a specific UID, and keep their configuration/databases/logs in what I will refer to as a data-directory.
  Show : Relevant Information for Most Plugins I Support

  • transmission - transmission (921) - /usr/pbi/transmission-amd64/etc/transmission/home
  • sabnzbd - media (816) - /var/db/sabnzbd
  • sickbeard - media (816) - /var/db/sickbeard
  • sickrage - media (816) - /var/db/sickrage
  • sonarr - media (816) - /var/db/sonarr
  • couchpotato - media (816) - /var/db/couchpotato
  • headphones - media (816) - /var/db/headphones
  • mylar - media (816) - /var/db/mylar
  • xdm - media (816) - /var/db/xdm
  • maraschino - media (816) - /var/db/maraschino
  • htpc-manager - media (816) - /var/db/htpc-manager
  • plexmediaserver - plex (972) - /var/db/plexdata
  • mediabrowser - mediabrowser (983) - /var/db/mediabrowser
  • subsonic - media (816) - /var/db/subsonic
  • btsync - btsync (817) - /var/db/btsync
  • syncthing - syncthing (983) - /var/db/syncthing

SOLUTION 1 - USER WRITEABLE

Show

• Add a user in the FreeNAS WebUI with a matching UID as the plugin's default user.
• Change ownership of the data dataset/folders to the newly added user.

SOLUTION 2 - USER WRITEABLE

Show

• In the jail, add a user with a matching UID as the owner of the data dataset/folders.
  • Code:

    pw useradd -n USER -u UID -d /nonexistent -s /usr/sbin/nologin

• In the jail, change the user the plugin runs as, and change ownership of the data-directory.
  • Code:

    service PLUGIN onestop
    chown -R USER:GROUP /var/db/PLUGIN
    sysrc 'PLUGIN_user=USER'
    service PLUGIN start

SOLUTION 3 - GROUP WRITEABLE

Show

• Change permission of the data dataset/folders to allow group writing.
• In the jail, add a group with a matching GID as the group owner of the data dataset/folders.
  • Code:

    pw groupadd -n GROUP -g GID

• In the jail, add the user the plugin runs as to the newly added group.
  • Code:

    pw groupmod GROUP -m USER

SOLUTION 4 - OTHER WRITEABLE

Show

• Change permission of the data dataset/folder to allow other writing.

I tried option #2 for Mediabrowser but then the plugin would not start. That one causes me issues with permissions so I run it in a windows VM. If anyone has that going in FreeNAS with full read write access to the data shares (using a different UID), please let me know how you did it.

Cheers,

 

[Joshua Parker Ruehlig]

Hi Joshua,

I have been struggling with this again.

I am trying to give SABnzbd access to my storage to save downloads so Plex can access them.. I have created a dataset outside of my jail as advised. It is mounted as /mnt/V1/media

The owner of that dataset is user is Rob (1003) and group is Rob (1003) All Read, Write and Execute boxes checked. Unix Permission type.

I have added the group Rob (1003) to the jail per option 3. I then added media (user Sab runs as) to the group Rob in the jail.

When I try to update the home default folder in Sab, it won't save to my media folder, it just reverts back to /var/db/sabnzbd

What can I do to fix this?

Also- here is the output of ls-l /media from my jail:

I'm confused by what you mean by "home default folder". do you mean completed download folder?

 

[Bobbyg387]

I'm confused by what you mean by "home default folder". do you mean completed download folder?

I seem to have gotten it figured out for now, but yeah, I meant the download folder. The issue was when I tried to update that to /media, it didn't save. I'm assuming I was having permission issues, but I just added
'media' UID 816 in the FreeNAS GUI and made that the owner of the dataset and that seems to have done the trick.

I'm seeing a lot of people on here having trouble with permissions and CIFS shares. There's a lot going on when you try to install SAB, CP, SR and Plex, giving each proper permissions and then setting up a CIFS share.

Maybe I'm confused (most likely), but you have to add the user that each plugin runs as in the GUI now right? I changed my permission settings in my windows, giving everyone full access. Not ideal, but I don't understand permissions enough to allow users media and plex to access the folder and also have my CIFS share setup properly.

 

[Joshua Parker Ruehlig]

I seem to have gotten it figured out for now, but yeah, I meant the download folder. The issue was when I tried to update that to /media, it didn't save. I'm assuming I was having permission issues, but I just added
'media' UID 816 in the FreeNAS GUI and made that the owner of the dataset and that seems to have done the trick.

I'm seeing a lot of people on here having trouble with permissions and CIFS shares. There's a lot going on when you try to install SAB, CP, SR and Plex, giving each proper permissions and then setting up a CIFS share.

Maybe I'm confused (most likely), but you have to add the user that each plugin runs as in the GUI now right? I changed my permission settings in my windows, giving everyone full access. Not ideal, but I don't understand permissions enough to allow users media and plex to access the folder and also have my CIFS share setup properly.

glad you got it working. yeah it gets pretty complicated once you start mixing multiple plugins+CIFS.

 

[Joshua Parker Ruehlig]

I tried option #2 for Mediabrowser but then the plugin would not start. That one causes me issues with permissions so I run it in a windows VM. If anyone has that going in FreeNAS with full read write access to the data shares (using a different UID), please let me know how you did it.

Cheers,

did you try 'service mediabrowser onestart' and see the error. it might have been the pidfile folder wasn't writable. deleting it should fix this 'rm /var/run/mediabrowser.pid'

 

[chris pucknell]

I think i'm having troube with my couchpotato.pid...

the folder /var/run/couchpotato is empty

on the plugins installed screen on the GUI couchpotato shows as offline and refuses to start.

but it appears to be running! I can access the couchpotato html api, and it is definitely adding downloads to transmission.

I get no error when typing 'service couchpotato start' or 'service couchpotato onestart' inside the jail (incidentally what is the difference?)

So... I guess theres no problem? I'm confused, and not sure if couchpotato is able to rename folders yet, it's still scanning the drive. have tried starting/stopping the jail and the plugin through the command line, have tried a full reboot of the system, still the same.

 

[Joshua Parker Ruehlig]

I think i'm having troube with my couchpotato.pid...

the folder /var/run/couchpotato is empty

on the plugins installed screen on the GUI couchpotato shows as offline and refuses to start.

but it appears to be running! I can access the couchpotato html api, and it is definitely adding downloads to transmission.

I get no error when typing 'service couchpotato start' or 'service couchpotato onestart' inside the jail (incidentally what is the difference?)

So... I guess theres no problem? I'm confused, and not sure if couchpotato is able to rename folders yet, it's still scanning the drive. have tried starting/stopping the jail and the plugin through the command line, have tried a full reboot of the system, still the same.

strange, did you change the user CP runs as? maybe the folder isn't writable by the new user.

here's what I'd do.
rm -r /var/run/couchpotato
then restart the CP jail

####

onestart doesn't check if a service is enabled in rc.conf