Permissions for User and Group

fahadshery

Contributor
Joined
Sep 29, 2017
Messages
179
Hi,

I have a dataset with user and group both to be media. (The built in user and the group already available in FreeNas 11.2 stable).
I installed transmission and setup the permissions by running these commands in the jail shell:


pw useradd -n media -u 8675309 -d /nonexistent -s /usr/sbin/nologin

pw groupadd -n media -g 8675309

pw groupmod media -m transmission

chown -R media:media /media

sysrc 'PLUGIN_user=media'

So Now whenever transmission downloads a file. I can see the user and group being media and media respectively.
The permissions on the downloaded file look like this:
drwxrwxrwx+ 2 media media

I have another user which I made a member of the media group but I still can't rename the files or delete them.
What am I missing?

thanks in advance
 

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
You are using acl's so those mode bits you are looking at are not accurate. You need to fix the permissions using your smb share in windows
 

fahadshery

Contributor
Joined
Sep 29, 2017
Messages
179
I am a complete n00b. Could you please translate that in plain english :p
 

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
I don't use acl's because it causes problems with jails usually. You can try removing them. Just do a search for remove smb acl's. You will need to run a setfacl command and zfs set aclmode=passthrough. I think
 

fahadshery

Contributor
Joined
Sep 29, 2017
Messages
179
All I want is that the transmission download files as user = media and group = media. Then I have a user who is a member of media to be able to modify/delete/update these files. What will be the logical flow of steps/commands to achieve this?
 

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
All I want is that the transmission download files as user = media and group = media. Then I have a user who is a member of media to be able to modify/delete/update these files. What will be the logical flow of steps/commands to achieve this?
What to the output of zfs get aclmode ? Which dataset are you mounting in your jail? What is the output of 'id transmission' and 'id media' inside the jail?
 

fahadshery

Contributor
Joined
Sep 29, 2017
Messages
179
I am mounting /mnt/raid2TB/Media dataset. This dataset has folders such as Movies, TV Shows, Transmission etc.
Here is the output of
Code:
zfs get aclmode
:
raid2TB/Media aclmode passthrough local

What is the output of 'id transmission' and 'id media' inside the jail

uid=921(transmission) gid=921(transmission) groups=921(transmission),8675309(media)
 

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
All I want is that the transmission download files as user = media and group = media. Then I have a user who is a member of media to be able to modify/delete/update these files. What will be the logical flow of steps/commands to achieve this?
In your rc.conf you can set transmission_groups=media to make transmission run with the group you need.
 

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
How did you set things like enabled, download director? It's the same file where you confused those things. Some people use sysrc to do the same thing.
 

fahadshery

Contributor
Joined
Sep 29, 2017
Messages
179
Here is the output of one of the rc.conf file:

Code:
root@freenas:~ # cat /mnt/SSD/iocage/jails/transmission/root/usr/local/etc/rc.d/transmission
#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: transmission
# REQUIRE: DAEMON
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable this service:
#
# transmission_enable:         Set to NO by default. Set it to YES to enable it.
# transmission_watch_dir:    Directory for torrent files to download
#                 automatically. Off by default unless you add
#                 a path.
# transmission_conf_dir:     Directory where transmission configuration
#                 data is stored.
#                 Default: /usr/local/etc/transmission/home
# transmission_download_dir: Directory to store downloaded data.
#                 Default: /usr/local/etc/transmission/home/Downloads
# transmission_user:         The user account transmission daemon runs as what
#                 you want it to be. It uses 'transmission' user by
#                 default.
# transmission_web_home:     Use alternative directory for the web interface
#                 files, such as javascript, html and graphics.
# transmission_chown:         By default, transmission checks and fixes the
#                 permissions for its home directory.  If this
#                 causes problems, set this variable to no.
#

. /etc/rc.subr

name=transmission
rcvar=transmission_enable

load_rc_config $name

: ${transmission_enable:=NO}
: ${transmission_conf_dir=/usr/local/etc/transmission/home}
: ${transmission_download_dir=/usr/local/etc/transmission/home/Downloads}
: ${transmission_user:=transmission}
transmission_group=${transmission_group:-$transmission_user}
: ${transmission_chown:=yes}

command=/usr/local/bin/transmission-daemon
pidfile=/var/run/transmission/daemon.pid
extra_commands=reload
start_precmd=transmission_prestart
transmission_flags=" \

    ${transmission_watch_dir:+-c ${transmission_watch_dir}} \
    ${transmission_conf_dir:+-g ${transmission_conf_dir}} \
    ${transmission_download_dir:+-w ${transmission_download_dir}} \
    ${pidfile:+-x $pidfile} \
    ${transmission_flags}"

transmission_prestart()
{

    install -d -o $transmission_user ${pidfile%/*}
    if checkyesno transmission_chown; then
        mkdir -p $transmission_conf_dir $transmission_download_dir
        chown $transmission_user:$transmission_group $transmission_download_dir
        chown -R $transmission_user:$transmission_group $transmission_conf_dir
        chgrp $transmission_group $transmission_conf_dir
        chmod 750 $transmission_conf_dir
    fi

    if [ -n "$transmission_web_home" ]; then
        TRANSMISSION_WEB_HOME=$transmission_web_home
        export TRANSMISSION_WEB_HOME
    fi
}

# Unfortunately there was a typo in a previous version, which may have
# left some people with /var/run/transmission/damon.pid .  Deal with
# this for a few months at least, until everyone will have restarted
# transmission

if [ ! -f $pidfile -a -f /var/run/transmission/damon.pid ]; then
    pidfile=/var/run/transmission/damon.pid

fi

run_rc_command $1


Last time when I was adding user was going into the jail shell and adding these commands:

Code:

pw useradd -n media -u 8675309 -d /nonexistent -s /usr/sbin/nologin
pw groupadd -n media -g 8675309
pw groupmod media -m PLUGIN
chown -R media:media /media
sysrc 'transmission_user=media'
 

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
I have forgotten the problem. If transmission processes is running as 'media' then the files get written to disk as media in the jail. Then on your freenas box they will also show up as the UID. If that UID in the jail for media matches the UID of media on the freenas box then anyone named media will have access to the files. Please list out some of the files transmission has downloaded in the jail and also from freenas.
 

fahadshery

Contributor
Joined
Sep 29, 2017
Messages
179
@SweetAndLow Here is one example of transmission downloading a file today
Code:
drwxrwxr-x+  2 media  media     6 Feb  3 08:26 The_Example_File.pdf

However, a user that is part of media group can't delete it saying don't have enough permissions
 

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
Dude I don't know, you keep providing information that contradicts itself. You only give me one line output and will not share enough details about your setup. That file has ACL's configured and is probably part of a windows share. Jails will not work correctly with a windows share. You are on your own to fix this until you actually start providing more information.
 

fahadshery

Contributor
Joined
Sep 29, 2017
Messages
179
@SweetAndLow Sorry if I wasn't clearer enough. I have a dataset called Media where the owner and the group is media. I have a user which is also part of the group media. Here is how the permissions for the Media dataset look like:
Screenshot 2019-02-05 at 13.21.47.png


Now I have an SMB share who looks like this:
Screenshot 2019-02-05 at 13.24.21.png


When I click ok and browse to this location via Finder in the Mac and login as the user, I can delete remove and move files with no problems.
But when Transmission downloads new files just like the one I mentioned above, I can't delete/rename those new files using the same user. Here is the mount point for the transmission:
Screenshot 2019-02-05 at 13.27.46.png


I have already listed the commands up what I executed in the jail. All I want is that these files should only be accessable by the media group. I am not sure what other options I need to enable this.
 
Top