Permission issue

[Jerren]

So as the title says, i'm aware that's the problem. I don't know how to fix it and that's why i'm here.

So i have a folder that i can't remove and in it i have some files (They don't matter anymore) some i can see, some i can't see. Now since those files didn't matter anymore i figured i would just leave the folder be but now i made a new folder and when i placed a file in it, i also couldn't see it.

As for what i've tried so far, i tried changing permissions through storage - poolname - edit permissions. I tried changing permissions through the windows 10 ui since i acces these folders through a network share. None of that worked.

Now in another thread i found something posted by joeschmuck that helped me verify that the file is in fact in that folder. Just so those reading will know i did the following steps to verify it.
1) Open an SSH window.
2) cd /mnt/Panzer/Media/4K
3) ls -all -R > /tmp/fileslist.txt
4) I looked and checked
5) vi /tmp/fileslist.txt

Code:

-rwxrwx---+ 1 Transmission Transmission 59803654330 May 19 02:43 movie.mkv

Why it claims to belong to the plugin Transmission i have no idea, i copied it from a folder where Transmission DOES have permission but once copied to another folder with different permissions should the file not take on the permission of that other folder?

So that's my problem, to those with more experience this might seem simple but at the moment i don't have a clue how to solve this.

 

[Jerren]

So far i've tried these things. Reapply permissions, reapply the share and when that didn't work i remembered lawrence systems made a vid about this stuff once so figured i would go check that out.

At one point in this video (I linked it from the moment it shows a folder dissapearing for one user) he shows how permissions can stop one from seeing folders in a windows 10 share. I tried to replicate that but only the other way around so that the user i use to login to the share has full control. Yet no succes in making that file in the folder visible. I redid it just to make sure i didn't slip up, i tagged the box that says apply this to all underlying objects.

Unfortunately i seem to have messed something up for other folders aswell because i moved a movie in my general movie folder and instead of it being there, now it was gone from the download folder but also not visible in the movie folder. Letting transmission check the local data confirmed that the file was no longer in the download folder and i could see it got added to the movie folder because emby my media plugin suddenly showed a new movie that was added.

If anyone has any advice i would really appreciate it.

PS: Something i did must have worked because just for the sake of trying something i moved a text file in that 4K folder and it showed just like it should.

So i guess now i would just like to know how to avoid this in the future and also how will i be able to see those files again?

 

[Jerren]

Another update, after stripping ACL's from my storage pools it all seemed to work as before ( still haven't figured out how to reveal those hidden files or delete that one empty folder that isn't accessed by anything) but today when i try to move a file into the folder. Keep in mind this is before i tried to do anything in the ACL's again since i figured it was working so don't touch it for a bit. So when i moved a file into the folder, boop gone file. Or well hidden file again. So something changed overnight.

Something i also noticed is that when it changes it wants to move the file from one spot to another while when ACL's are setup like i did them, they are copied. When it's moving files, they become hidden. When i copy a file, it stays visible.

On the one hand i'm happy it's not because of what i did but on the other hand i'm kind of worried it changes "something" without my say so.

 

[Jerren]

So i found in the guide a list that explains permissions ( more precisely what those letters mean). I'll copy what the getfacl shows below so you can see and correct me if i'm wrong.

Code:

root@Brisingr[~]# getfacl /mnt/Panzer/Media/4K
# file: /mnt/Panzer/Media/4K
# owner: jerren
# group: Shares
            owner@:rwxpDdaARWcCos:fd----I:allow
            group@:rwxpDdaARWcCos:fd----I:allow
         user:emby:rwxpDdaARWcCos:fd----I:allow
user:transmission:rwxpDdaARWcCos:fd----I:allow
         everyone@:--------------:fd----I:allow

So if i'm understanding correctly the folder inherits it's permissions from the main dataset (Media) and i should have full control with the user jerren AKA being able to see every file and delete a file or folder if i choose too. I'm not gonna lie this is a little maddening because everything seems to say i set it up right yet i'm unable to do these things. So far i've checked the "share acl", "filesystem acl", "windows security tab". Another thing
I also tried removing user credentials on the windows side and removing the permanent connections to see if that helped but sadly no dice.

 

[anodos]

Can you show ACLs for:
/mnt/Panzer
/mnt/Panzer/Media

What user are you connecting as? You can view this via smbstatus on the CLI.

 

[Jerren]

OMG!! So i just got to see files again. I read in the patch notes there was a fix for pasword stuff ( can't remember the exact wording in this moment) so i figured let's do a hail mary here. I stripped all the ACL's again (filesystem & share ACL) I stopped all jails and disabled autoboot on them. I applied pending updates after making backups of configs and all that stuff. First thing i did on reboot was apply the same filesystem ACL, followed by the share ACL and i can see the files!! My test folder which claimed to have 0gb and 0 files now has my 3files and 14gb in it, not only that but i can also delete that test folder now.

Booted up my Emby jails, no problem. However when starting up transmission and setting it's mountpoint as outlined i get the same behaviour again. I set up a download in the tranmission gui, moved a textfile ( moved because that's the standard behaviour when not holding down a button to make it copy) to a test folder and no textfile to be seen. When i try to copy a testfile to the test folder i see the test file. When i move a file from any other location to the test folder it shows up as intended. So it's pretty clear my problem lies with the transmission plugin at this point and how it handles it's permissions. I found a vid that gives an option and another truenas page that gives options however it's late now and i think i'll look into those more tomorrow.

 

[anodos]

OMG!! So i just got to see files again. I read in the patch notes there was a fix for pasword stuff ( can't remember the exact wording in this moment) so i figured let's do a hail mary here. I stripped all the ACL's again (filesystem & share ACL) I stopped all jails and disabled autoboot on them. I applied pending updates after making backups of configs and all that stuff. First thing i did on reboot was apply the same filesystem ACL, followed by the share ACL and i can see the files!! My test folder which claimed to have 0gb and 0 files now has my 3files and 14gb in it, not only that but i can also delete that test folder now.

Booted up my Emby jails, no problem. However when starting up transmission and setting it's mountpoint as outlined i get the same behaviour again. I set up a download in the tranmission gui, moved a textfile ( moved because that's the standard behaviour when not holding down a button to make it copy) to a test folder and no textfile to be seen. When i try to copy a testfile to the test folder i see the test file. When i move a file from any other location to the test folder it shows up as intended. So it's pretty clear my problem lies with the transmission plugin at this point and how it handles it's permissions. I found a vid that gives an option and another truenas page that gives options however it's late now and i think i'll look into those more tomorrow.

Assuming that an application is changing permissions behind your back, and that you are normally getting access as a member of the group "Shares", you can set an explicit/named (non-"group@") ACL entry for the group "Shares" granting them FULL_CONTROL (or MODIFY) with flags INHERIT. This grants access in a way that applications wanting to do their own permissions can't touch.

 

[Jerren]

So i checked things this morning and i can no longer remove the test folder i made because the one txt file that's in there that i can't see, the other test files i used got deleted when trying to delete the test folder. Even when stripping the filesystem and share ACL's and reapplying them i can't delete that folder nor see the file in them. All jails were down when trying this and no network share windows were open on any machines, the only difference in trying to fix things compared to last night was doing those updates and rebooting.

Sorry for not responding to your question anymore last night @anodos but it was 4 am so i needed my sleep. I connect as the user "jerren" it's the only user i made in the group "Shares" which i also made.

The ACL i set for the filesystem that let me see everything was setting the user "jerren" and the group "Shares" as owner of "/mnt/Panzer/Media", both owner and group have full control set in the ACL. Then i add an ACL item for Emby with full control so it can acces the folders it needs. I added an ACL for Transmission last time also with full control to "/mnt/Panzer/Media" even though it only needs acces to "/mnt/Panzer/Media/Downloads" but i thought maybe if it has acces to all the folders in Media it won't give a problem anymore, everything seemed fine.

But once i set the mount point for the Transmission plugin it sets owner of "/mnt/Panzer/Media/Downloads" to Transmission, altering the owner "jerren" i set up in the first place. I thought i could fix this by when setting up the mount point and when i get to permissions to add "jerren" as an ACL item and give it full controll. This sadly gave the same results as i started out with namely not seeing files or folders when they get moved from "/mnt/Panzer/Media/Downloads" to any other folder i make in "/mnt/Panzer/Media".

Since english isn't my first language i'm not sure if i understand correctly but when you say "you can set an explicit/named (non-"group@") ACL entry for the group "Shares" ". Do you mean that i could/should add the user transmission or its UID 921 to the "Shares" group?

 

[Jerren]

So i'm reading what the guy in the video does (thank god he has it written up below) and it seems that whatever file the Transmission plugin creates is instantly owned by the user with the uid 921 (tranmission). This is for some reason the intended usage and all files even when moved will still be owned by that user.

I didn't have this problem of files being invisible in the past ( although going through my folders it was definately more then i thought). But since i'm still a novice at all this stuff, could someone more experienced look at the description below his video and tell me if that can work? Or if i try it and it doesn't work that i can atleast revert what has been done.

Thank you

 

[Jerren]

Just to make it easier for anyone looking at this topic, i posted the commands that are in that vid in the code box below. Since i haven't used those commands yet it would be nice to know if they are A) a possible solution and B) if i can fix what they do since i don't fully understand them at this moment.

Each time i watch the vid i feel like i understand more but i don't want to keep watching it at this point in time.

Code:

#
# FOR THE FREENAS USER/GROUP WHO WILL BE USING SMB
# TO R/W FILES IN THE TRANSMISSION JAIL...
#
# first we wanna take note of:
#  - the uid #   (e.g. 1005)
#  - the gid #   (e.g. 1002)
# ...because we'll reset the transmission user and group to them
#

id smb_user

#uid=1005(smb_user) gid=1002(test) groups=1002(test)


#
# then enter a console shell into the transmission jail/plugin
# (using the webgui shell; or SSH into your server)
#

iocage console transmission


#
# then we wanna change both user and group
# ownership for files with the old UID & GID:
#  - e.g. set files with uid 921 to uid YOUR_UID instead
#  - e.g. set files with gid 921 to gid YOUR_GID instead
#
 
find / -uid 921 -exec chown YOUR_UID {} \;
find / -gid 921 -exec chown :YOUR_GID {} \;


#
# and finally change the transmission uid and gid for the
# transmission user and group:
#  - e.g. change 'transmission' group'd gid to YOUR_GID
#  - e.g. change 'transmission' user's uid to YOUR_UID, and
#         set its primary group association to the new
#         YOUR_GID gid
#
# *you WILL need to restart the transmission jail/plugin*
#

pw group mod transmission -g YOUR_GID
pw user mod transmission -u YOUR_UID -g YOUR_GID


#
# now... let's create an SMB share directly to the home directory
# of the 'transmission' user inside the 'transmission' jail.
#
# this pair of commands give us:
#  - the jail's base directory, and
#  - the transmission directory relative to the jail 
#

zfs list -o mountpoint|grep transmission/root; iocage exec transmission "echo ~transmission"

#/mnt/YOUR_POOL/iocage/jails/transmission/root
#/usr/local/etc/transmission/home


#
# combine those to get the full path to which you'll
# point a new SMB share which you can then
# access with your normal uid
# (as opposed to creating a dedicated new user in your filesystem)
#

 

[Jerren]

Ok i finally got around to trying the commands i posted earlier. I now have a share from the transmission homefolder which is fine, i can acces the download folder inside it. I can copy something from it to another folder but also move it and it stays visible and my share user still has ownership so that all works as it should.

I still have one problem now and that's the one i had earlier where i have a test folder wich looks empty when i go to that folder in windows yet i can't delete it. So i stripped all the ACL's, rebooted the machine and applied my user jerren & the emby user to my storage. I can still acces the download folder of transmission and copy or move files as intended but my test folder still has a file in it that i can't remove.

So i did what i did earlier.
Opened an SSH window,
cd /mnt/Panzer/Media/test
ls -all -R > /tmp/fileslist.txt
I looked and checked

Code:

total 18
drwxrwx---+  2 jerren        Shares         3 Jun  2 02:34 .
drwxrwxr-x+ 23 jerren        Shares        32 Jun  2 02:21 ..
-rwxrwx---+  1 transmission  Transmission  30 May 24 03:46 RARBG.txt

If i'm reading this correctly then it didn't strip the acl setting of the files in the test folder because there is still a transmission user applied. Nor did it overwrite them when i reapplied them upon reboot because then the user and group would be the same as the lines above it. The only difference i can think of when this worked previously was because i applied an update to the system while rebooting but i kind of doubt that to be the only solution.

 

[anodos]

ls -l doesn't show enough information to give an educated guess about what happened. getfacl gives ACL info, but if you've already stripped ACLs then that won't help. Stripping ACLs is a rather extreme action and should not be done during normal troubleshooting.

 

[anodos]

ls -l is wrong command to see permissions. Use getfacl.

 

[Jerren]

Here you go

Code:

root@Brisingr[~]# getfacl /mnt/Panzer/Media/test
# file: /mnt/Panzer/Media/test
# owner: jerren
# group: Shares
            owner@:rwxpDdaARWcCo-:------I:allow
            owner@:rwxpDdaARWcCo-:fdi---I:allow
            group@:rwxpDdaARWcCo-:------I:allow
            group@:rwxpDdaARWcCo-:fdi---I:allow
         user:emby:rwxpDdaARWcCo-:fd----I:allow
         everyone@:--------------:fd-----:allow

 

[Jerren]

Was that not the right info @anodos ?

 

[Jerren]

Little bump since it's been awhile and i haven't found a fix yet