Permissions hell

[Octopuss]

I deleted my previous thread because it wasn't relevant anymore and would only confuse things futher.

I have /mnt/pool1/media dataset.
There is a NFS share created for that.
Permissions of the dataset:

I have Ubuntu server machine connecting to that share that runs qbittorrent-nox (it has its own user of the same name).
The share is mounted as /mnt/NASmedia.
User on the machine is octopuss, with the same id as on the NAS. I also created group media with the same id as on the NAS. Furthermore, I added group media for both octopuss and qbittorrent-nox users.

I can't write to certain folders from the Ubuntu machine, which is even more puzzling than if I couldn't write anywhere, because the permissions should be the same.
Anyway, this is how the permissions look on one file I have the most problems with:

This makes no sense to me, especially why the group id is completely different. I went to the permissions on the NAS side and repeatedly forced user and group recursively so all files are the same. The real id of media group is 8675309, so why it shows like this on the Ubuntu machine is beyond what I can understand.
Not sure why owner is nobody.

Looking at the access part of the screen I can see that I would probably fix everything by checking write on the "other" line, but I feel like that's not a proper solution. There is a problem somewhere I want to identify.

Does anyone have any idea?

 

[Octopuss]

I have now logged directly into the NAS's shell and checked permissions of the same folder, and WTF?

Why are there no permissions?

edit: I cleared some/all of the access checkboxes, saved it and they are back. What is this? Am I missing anything?
edit2: I seem to be able to clear all but whichever one on the owner line (that makes sense?), but there are still no changes to the permissions of the file in question.

 

[Octopuss]

Well, I managed to solve the permissions side of things with this monologue, but it's still WTF.
I have no idea whether I ran into a bug in 12-U1 or not, but it seems like the access checkboxes weren't being applied at all. I had to uncheck everything I could first, recursively apply and save, and then check them back and recursively save. Unchecking them all at once didn't do anything and they kept being checked. What the heck...

Unfortunately, the problem still persists:
- Interestingly, even though the problematic file now has all the permissions, the torrent client still says access denied.
- The group id is still wrong.

I call voodoo on this.

 

[sretalla]

qbittorrent-nox (it has its own user of the same name

What is the user ID of that user (the name is sort-of irrelevant/cosmetic)?

 

[Octopuss]

112
It's an automatically created username for the qbittorrent software (-nox is command line only Linux variant).

edit: the user's group of the same name has id 117, but that's irrelevant I think.

 

[KrisBee]

Are you sharing via NFSv3 or NFSv4? Was the "pool1/media" dataset created as share type generic? The "media" group on the mount in Ubuntu shows only it's numeric ID in dir/file listings when a matching group does no exist in Ubuntu. Using the in-built "media" group in FreeNAS is actually a poor choice as it's a special in-built system group.

 

[Octopuss]

I don't know about the version. How can I tell?
Yes, I selected generic.
I definitely did create a media group in Ubuntu, same id as on the NAS. Shall I create a completely different group?
I have just downloaded a torrent and while it shows the bogus group id on the Ubuntu side, it shows as media on the NAS.

Does the group matter though? The only member is octopuss, and I don't see it having any special properties.

 

[KrisBee]

How can you tell? NFS service page and/or list the NFS exports using "cat /etc/exports" in the NAS shell. Also you can inspect the mounts made on your Ubuntu server which will show if your mountingt the NFS share as version 3 or 4. To check what you created in Ubuntu, use "getent group media" at the Ubuntu CLI.

Should you use a different group? Personally, I would create something else that's meaningful with a matching GID on both the NAS and Ubuntu for your use. Does it matter? That depends on which users and/or programs need to access the data. List them out and check what uid/gid combos are being used in order to provide the right access to your data. Don't forget about the concept of primary and secondary group membership when considering granting access based on group membership.

I did say in reply to one of your previous post you might have found sticking to SMB shares easier to work with as FreeNAS/TrueNAS has a flexible ACL editor. Look at this example of granting PLEX access to data by simply adding a user ID to an ACL via the editor that's was on the ixsystem's blog some time ago: https://www.ixsystems.com/blog/plex-permissions/