Jail permissions not working....need help!

Status
Not open for further replies.

pintu1228

Explorer
Joined
Mar 16, 2015
Messages
61
Hi,

I have been trying to figure out how to have multiple plugins run inside 1 jail. I have created a standard jail template and used 'pkg' to install several plugins (radarr, sonarr, nzbget, transmission, and plex-pass) but run into an issue when I try to add a movie or TV show, it says 'admin user cannot write to folder'.

Following the guide here (https://forums.freenas.org/index.ph...plugins-write-permissions-to-your-data.27273/), I have created a user/group called admin with ID 1001. I followed solution #3 but doesn't seem to work. I then tried to implement solution #2 by creating an user/group with UID to match the plugins (816) but that doesn't seem to work either.

Side note, I did try solution #4 which does work but this also opens plex users to be able to delete files which I don't want anyone using my plex server to be able to do. Also I am unable to create a 'media' user to match the plugins user since there is already one present which I never created (see picture)

I have attached several pictures for my storage as well permissions for each of the datasets to give you an idea of what they are. Currently they show 'root' as user and 'wheel' as group but I have changed them to admin/admin but nothing seems to work. I haven't changed my permissions to jails, just to throw it out there.


Any help to fix these permissions issue would be greatly appreciated. I have deleted and reinstalled all plugins like 20 times just to get the permissions for all plugins to work together.


Thanks
 

Attachments

  • admin group 1001.JPG
    admin group 1001.JPG
    14.2 KB · Views: 445
  • media user-group.JPG
    media user-group.JPG
    15.6 KB · Views: 449
  • tank permissions.JPG
    tank permissions.JPG
    42.4 KB · Views: 443
  • downloads dataset permissions.JPG
    downloads dataset permissions.JPG
    42.2 KB · Views: 459
  • jails dataset permissions.JPG
    jails dataset permissions.JPG
    44.6 KB · Views: 518
  • movies dataset permissions.JPG
    movies dataset permissions.JPG
    44.3 KB · Views: 479
  • torrents dataset permissions.JPG
    torrents dataset permissions.JPG
    44.7 KB · Views: 465
  • TV dataset permissions.JPG
    TV dataset permissions.JPG
    46.2 KB · Views: 451
  • jail storage paths.JPG
    jail storage paths.JPG
    86.9 KB · Views: 449
  • storage.JPG
    storage.JPG
    90 KB · Views: 433

Allan Wilmath

Explorer
Joined
Nov 26, 2015
Messages
99
Ideally you assign users to groups, groups to resources.

So that works here by making a single group and adding each user name for each process to that group. You can then assign permissions to the dataset that allow all members a group readwrite, and execute.

This may be easier if you create a data set just for use with all of these programs and then you can set the permsisions for the whole data set. Don't over look setting the 'permissions mask' in each user process in FreeNAS. This is likely your problem actually. Each user has a permission mask, a set of default permission applied to a file they create.

If all of the processes are part of the same group, then you just need to assign a permissions mask in each user panel where the group missions are read/write.

The lazy noob way is to simply make the permissions mask 777 so there are no limits. In a home environment it is really not a big deal to do this.

Good luck.
 

pintu1228

Explorer
Joined
Mar 16, 2015
Messages
61
Thanks but I'm confused on exactly what steps need to be done to fix the issue. Can you perhaps tell me exactly what I have to do, sorry total noob.
 

Allan Wilmath

Explorer
Joined
Nov 26, 2015
Messages
99
The first step is to make a data set for the storage of the files you are going to be using between all of these programs. skip if already exist

Make a common group for these programs to share, skip if it already exists.

Add each user account to the above group using the 'auxiliary groups' at the bottom of the user settings panel. skip if they are already sharing a group.

Once that is done, or if it already exists, you can then edit the permissions mask for the dataset to 770, all of the check boxes checked under owner and group, under other are unchecked. Be sure to set the group ownership to the group you are using for these programs. Then you can apply those settings recursively by checking the box for that. You will need to add other users to that group for them to access the files, if for instance you wanted to access them from your own user account or share them on the network using SMB.

Alternatively, if you already have a dataset, just chaining the permission mask to 777, or all checkboxes checked will solve your problem, but be less secure.

The idea is that all members of a group have read and write access, and to make all of the programs members of that group.

It is a really good idea to use a data set for each type of data or share because you can avoid inheritance issues when you are just using folders on the main dataset. This is where inherited permsiosns interfere with what you think should happen.

You could add the read permission to 'other' in the data set permissions mask to allow sharing the dataset on your network while not having to add people to the group or having them erasing files.

Remapping the config and data folders of all the programs to a common data set outside of the jails is not a bad idea so that reinstalling or rebuilding the jails can be faster and easier.
 

pintu1228

Explorer
Joined
Mar 16, 2015
Messages
61
OK quick question,

I have admin user, and created Automation group like you said above.

For each dataset I have (Movies, TV) do I need to change the user to 'admin' or keep 'root' along with changing the user to Automation.

Also do I have to also put the same user/group (admin/Automation) in the downloads and torrents datasets which are used by sonarr, radarr, and transmission?


Thanks
 

pintu1228

Explorer
Joined
Mar 16, 2015
Messages
61
Ok I have done as you suggested but when I try to add tv series to sonarr it say:

Folder is not writable by user sonarr


Any suggestions???
 
Status
Not open for further replies.
Top