Odd permission issue between dataset / iocage jail external mount

[DigitalADHD]

Good morning,
I have an odd situation, and need some help.

I have the following iocage jails, jackett, plex, radarr, sonarr, tautulli, and transmission.

My Jails are configured to run from /mnt/tank0/iocage/

Mostly all these jails have the following external storage mounted in the fstab

/mnt/tank1/iocage/radarr/config /mnt/tank0/iocage/jails/radarr/root/config nullfs rw 0 0 # Added by iocage on 2018-12-29 01:11:15
/mnt/tank1/downloads /mnt/tank0/iocage/jails/radarr/root/mnt/downloads nullfs rw 0 0 # Added by iocage on 2018-12-29 01:11:19
/mnt/tank1/media /mnt/tank0/iocage/jails/radarr/root/mnt/media nullfs rw 0 0 # Added by iocage on 2018-12-29 14:57:51

The dataset /mnt/tank1/downloads has the following permissions and sub-datasets

root@cpfreenas1:/ # ls -la /mnt/tank1/downloads/
total 85
drwxrwxrwx+ 7 media media 7 Feb 7 08:30 .
drwxrwxr-x 8 root wheel 8 Feb 7 06:37 ..
drwxrwxrwx+ 2 media media 2 Jan 1 10:31 complete
drwxrwxrwx+ 2 media media 2 Dec 27 21:52 incomplete
drwxrwxrwx+ 2 media media 2 Feb 6 19:18 radarr
drwxrwxrwx+ 2 media media 2 Dec 27 21:43 recycle_bin
drwxrwxrwx+ 2 media media 3 Feb 7 08:21 sonarr

So here is the odd part.

I cannot see data in "root@cpfreenas1:/mnt/tank1/downloads/complete"

root@cpfreenas1:/mnt/tank1/downloads/complete # ls -la
total 36
drwxrwxrwx+ 2 media media 2 Jan 1 10:31 .
drwxrwxrwx+ 9 media media 10 Jan 22 19:58 ..

however when i run `iocage console radarr` I can see the following

root@radarr:/mnt/downloads/complete # ls -la
total 72
drwxrwxr-x+ 2 media media 3 Feb 7 07:49 .
drwxrwxrwx+ 9 media media 10 Jan 22 19:58 ..
-rwxrwxr-x+ 1 root media 0 Feb 7 07:49 test.txt

If i cd to the external mount in the jail i can see the data from freenas.

root@cpfreenas1:/mnt/tank0/iocage/jails/radarr/root/mnt/downloads/complete # ls -la
total 72
drwxrwxr-x+ 2 media media 3 Feb 7 07:49 .
drwxrwxrwx+ 9 media media 10 Jan 22 19:58 ..
-rwxrwxr-x+ 1 root media 0 Feb 7 07:49 test.txt

lastly a different sub dataset does not have this issue but the permissions at /mnt/tank1/downloads are recursive.

root@cpfreenas1:/mnt/tank1/downloads/sonarr # ls -la
total 72
drwxrwxrwx+ 2 media media 3 Feb 7 08:21 .
drwxrwxrwx+ 9 media media 10 Jan 22 19:58 ..
-rwxrwxr-x+ 1 root media 0 Feb 7 08:21 sonar_dir.txt


root@radarr:/mnt/downloads/sonarr # ls -la
total 72
drwxrwxrwx+ 2 media media 3 Feb 7 08:21 .
drwxrwxrwx+ 9 media media 10 Jan 22 19:58 ..
-rwxrwxr-x+ 1 root media 0 Feb 7 08:21 sonar_dir.txt

my jails seem to be working correctly...? Mostly, but i cannot access them through freenas directly or cifs share.

I don't what is up, need help. Please let me know if this is in the wrong area.
Thanks!

 

[Nvious1]

I don't know if it will solve your problem but what I did was this which is a little different. All my jailed apps like sonarr and radarr are running as their own user id. I create the user ids on the freenas side to match the UIDs inside the jail and additionally I added each account to a secondary group call Family.

Inside each jail I create the same Family group with the gid, and added each service account to it. On the dataset site, my permission ownership is my direct user and the FAMILY group. So now I rely on the umask to be set properly when the services write files so that I can use our shared common group to see and manage files and directories from the CIFS share.

So here is the odd part.

I cannot see data in "root@cpfreenas1:/mnt/tank1/downloads/complete"

root@cpfreenas1:/mnt/tank1/downloads/complete # ls -la
total 36
drwxrwxrwx+ 2 media media 2 Jan 1 10:31 .
drwxrwxrwx+ 9 media media 10 Jan 22 19:58 ..

however when i run `iocage console radarr` I can see the following

root@radarr:/mnt/downloads/complete # ls -la
total 72
drwxrwxr-x+ 2 media media 3 Feb 7 07:49 .
drwxrwxrwx+ 9 media media 10 Jan 22 19:58 ..
-rwxrwxr-x+ 1 root media 0 Feb 7 07:49 test.txt

If i cd to the external mount in the jail i can see the data from freenas.

root@cpfreenas1:/mnt/tank0/iocage/jails/radarr/root/mnt/downloads/complete # ls -la
total 72
drwxrwxr-x+ 2 media media 3 Feb 7 07:49 .
drwxrwxrwx+ 9 media media 10 Jan 22 19:58 ..
-rwxrwxr-x+ 1 root media 0 Feb 7 07:49 test.txt

I do find it interesting that freenas root level can't see the data from the dataset. I would almost wonder if the mount is working correctly and instead its just storing the data inside the jail dataset, which is why you can see it from inside the jail and the direct path inside the jails dataset.

So it was a long post and not sure if I missed if you share what permissions you have on your dataset (the one your mounting) and on the CIFS share. You might just need to add your account you mapping to the CIFS share as a secondary member of the media group and it will get you working.

 

[DigitalADHD]

I've read about the different ways of granting permissions to the UIDs and GIDs, and like i said it seems like everything is mostly working. I just created an 8675309:8675309 in each jail and run the app as such, mostly carry over from warden jails.

The data sets are set to media:media 0777.

It is crazy that root can't see the data where it is mounted, but i think you are right, as for all jails but sonarr, there is more data in the /mnt/tank0/iocage/jails than /mnt/tank1/downloads.

Sonarr shows the correct data in the correct path, and /mnt/media/Movies is fine.

I think the mounts are failing me, I think I'll create a new mount point to a different director and check it.
Thank you for looking, I do know that was long, but i wanted to give as much information as possible.
Thanks!

 

[DigitalADHD]

I wanted to bump this to see if anyone else maybe had a thought on why this may be happening. Thanks!

 

[DigitalADHD]

Interestingly enough, I still have this issue, Any thoughts would be helpful. Thank you!! Running TrueNAS now.

NAME=FreeBSD VERSION=12.2-RELEASE-p6 VERSION_ID=12.2 ID=freebsd ANSI_COLOR="0;31" PRETTY_NAME="FreeBSD 12.2-RELEASE-p6" CPE_NAME=cpe:/o:freebsd:freebsd:12.2 HOME_URL=https://FreeBSD.org/ BUG_REPORT_URL=https://bugs.FreeBSD.org/


root@cpfreenas1:/ # iocage get -p sonarr
tank0

root@cpfreenas1:/ # cat /mnt/tank0/iocage/jails/sonarr/fstab
/mnt/tank0/downloads /mnt/tank0/iocage/jails/sonarr/root/mnt/downloads nullfs rw 0 0
/mnt/tank0/media /mnt/tank0/iocage/jails/sonarr/root/mnt/media nullfs rw 0 0

root@cpfreenas1:/ # iocage exec sonarr ls -la /mnt/downloads/recycle_bin
total 50
drwxrwxrwx 4 media media 4 May 17 11:12 .
drwxrwxrwx+ 7 media media 7 May 17 08:37 ..
drwxrwx--- 2 media media 2 May 17 11:12 Evangelion 3.0+1.0 Thrice Upon a Time (2021)
drwxr-xr-x 3 media media 3 May 17 06:09 Kaguya-sama- Love is War

root@cpfreenas1:/ # ls -la /mnt/tank0/downloads/recycle_bin
total 25
drwxrwxrwx+ 2 media media 2 Feb 24 2020 .
drwxrwxrwx+ 7 media media 7 May 17 08:37 ..