Permissions issues, ongoing.

[diskdiddler]

I have finally had time to work on moving to my new server (2 months after building it!)

These are the permissions, for the only mount point for my sabnzbd jail.
https://i.imgur.com/qSN5fmM.jpg

As far as I can tell, that's super super insecure.
Regardless, sabnzbd can't download due to an inability to write files to my download directory.

I'm also having issues with qbittorrent.
Any idea what I need to do?

 

[diskdiddler]

So I've re-applied the permissions to the /mnt/SSD/download dataset and ticked recursive.
This hasn't fixed anything.
"ERROR Cannot change permissions of /media/incomplete "

It's very standard permissions stuff, obviously.
I'm just not good at it.
Why would a folder with fully open permissions still be unable to be written to?

Do I make changes in my jail or my FreeNAS filesystem?

 

[diskdiddler]

Also posting here.

https://forums.freenas.org/index.php?posts/506222/

Anyone?

 

[diskdiddler]

I am now reaching begging stage.

I will experiment more, remotely from work today, but considering the exact changes I made, finally fixed qBittorrent. I feel like I'm doing the right thing, hence the confusion.

 

[NASbox]

I'm no expert, but when I looked at Jails the material I've seen showed wide open permissions like you have shown above. I hope somebody chimes in and tells me that I'm wrong, but I think that an environment is 100% jailed, or if you want to access a dataset it has to be 100% open. Maybe someone who knows the system well can confirm if my understanding is correct.

 

[diskdiddler]

That's the thing though, the dataset I'm talking to has "media" group (FreeNAS) with full access.
So I made a new media group in my jail (deleted the old media group) with the same UID thing as the main FreeNAS media group.

I then added practically ever account I could think of, in the jail, to the media group.
This 'trick' worked fine for qBittorrent.

 

[siconic]

So, my suggestion is to verify 2 things, since I had a similar issue after my upgrade:

1. in the Iocage Jail command line, go to your mounted directory, and verify that it is actually mounted. Somehow, mine was not. I ended up deleting the mnt point from the gui, re-added it and then rebooted. This solved my first problem.

2. Once it was mounted, I did still have some permission issues. Somehow it had changed to a Windows ACL instead of a Linux ACL. I changed this back to Linux, and rebooted my jail, then I ran ls -al, and noticed that the permissions were not correct. I then CHOWN them and then CHMOD them, and all is well.

So for me it was a 2 part issue, but it was also with SabNZBD, so not sure if its something with that, or just dumb luck.

As a side note, make sure the Iocage mnt does not have any typos:

Code:

iocage fstab -l <jailname>

 

[SweetAndLow]

What's the output of zfs get aclmode? You probably have shared the dateset with smb which causes it to be in restricted mode and it needs to be in passthrough mode for jails to work.

 

[diskdiddler]

What's the output of zfs get aclmode? You probably have shared the dateset with smb which causes it to be in restricted mode and it needs to be in passthrough mode for jails to work.

Code:

SSD/iocage/jails/sabnzbd2                                                 aclmode   passthrough  inherited from SSD/iocage/jails
SSD/iocage/jails/sabnzbd2@auto-20190118.0000-7d                           aclmode   -            -
SSD/iocage/jails/sabnzbd2@auto-20190119.0000-7d                           aclmode   -            -
SSD/iocage/jails/sabnzbd2@auto-20190120.0000-7d                           aclmode   -            -
SSD/iocage/jails/sabnzbd2@auto-20190121.0000-7d                           aclmode   -            -
SSD/iocage/jails/sabnzbd2@auto-20190122.0000-7d                           aclmode   -            -
SSD/iocage/jails/sabnzbd2@auto-20190123.0000-7d                           aclmode   -            -
SSD/iocage/jails/sabnzbd2@auto-20190124.0000-7d                           aclmode   -            -
SSD/iocage/jails/sabnzbd2/root                                            aclmode   passthrough  inherited from SSD/iocage/jails
SSD/iocage/jails/sabnzbd2/root@auto-20190118.0000-7d                      aclmode   -            -
SSD/iocage/jails/sabnzbd2/root@auto-20190119.0000-7d                      aclmode   -            -
SSD/iocage/jails/sabnzbd2/root@auto-20190120.0000-7d                      aclmode   -            -
SSD/iocage/jails/sabnzbd2/root@auto-20190121.0000-7d                      aclmode   -            -
SSD/iocage/jails/sabnzbd2/root@auto-20190122.0000-7d                      aclmode   -            -
SSD/iocage/jails/sabnzbd2/root@auto-20190123.0000-7d                      aclmode   -            -
SSD/iocage/jails/sabnzbd2/root@auto-20190124.0000-7d                      aclmode   -            -

Here's the results from a jail which is behaving.

Code:

SSD/iocage/jails/qbit                                                     aclmode   passthrough  inherited from SSD/iocage/jails
SSD/iocage/jails/qbit@auto-20190118.0000-7d                               aclmode   -            -
SSD/iocage/jails/qbit@auto-20190119.0000-7d                               aclmode   -            -
SSD/iocage/jails/qbit@auto-20190120.0000-7d                               aclmode   -            -
SSD/iocage/jails/qbit@auto-20190121.0000-7d                               aclmode   -            -
SSD/iocage/jails/qbit@auto-20190122.0000-7d                               aclmode   -            -
SSD/iocage/jails/qbit@auto-20190123.0000-7d                               aclmode   -            -
SSD/iocage/jails/qbit@auto-20190124.0000-7d                               aclmode   -            -
SSD/iocage/jails/qbit/root                                                aclmode   passthrough  inherited from SSD/iocage/jails
SSD/iocage/jails/qbit/root@auto-20190118.0000-7d                          aclmode   -            -
SSD/iocage/jails/qbit/root@auto-20190119.0000-7d                          aclmode   -            -
SSD/iocage/jails/qbit/root@auto-20190120.0000-7d                          aclmode   -            -
SSD/iocage/jails/qbit/root@auto-20190121.0000-7d                          aclmode   -            -
SSD/iocage/jails/qbit/root@auto-20190122.0000-7d                          aclmode   -            -
SSD/iocage/jails/qbit/root@auto-20190123.0000-7d                          aclmode   -            -
SSD/iocage/jails/qbit/root@auto-20190124.0000-7d                          aclmode   -            -

 

[diskdiddler]

So, my suggestion is to verify 2 things, since I had a similar issue after my upgrade:

1. in the Iocage Jail command line, go to your mounted directory, and verify that it is actually mounted. Somehow, mine was not. I ended up deleting the mnt point from the gui, re-added it and then rebooted. This solved my first problem.

2. Once it was mounted, I did still have some permission issues. Somehow it had changed to a Windows ACL instead of a Linux ACL. I changed this back to Linux, and rebooted my jail, then I ran ls -al, and noticed that the permissions were not correct. I then CHOWN them and then CHMOD them, and all is well.

So for me it was a 2 part issue, but it was also with SabNZBD, so not sure if its something with that, or just dumb luck.

As a side note, make sure the Iocage mnt does not have any typos:

Code:

iocage fstab -l <jailname>

I just tried this to confirm - but I can console, into the jail and then I can actually see the contents - so it is mapped correctly :(

 

[diskdiddler]

What's the output of zfs get aclmode? You probably have shared the dateset with smb which causes it to be in restricted mode and it needs to be in passthrough mode for jails to work.

What I can tell you, which.... to me isn't stupid but perhaps it is??

Several of my packages use that as an 'incomplete' temporary folder, not just one.
So qbittorrent might make

"Linux ISO 5.0 Alpha" folder, with multiple .qb! files inside there

SabNZB might make
"FreeBSD 12 Installer" folder with several incomplete packages to 'join together' as part of it collecting news.


/mnt/SSD/download/incomplete/Linux ISO 5.0 Alpha/
/mnt/SSD/download/incomplete/FreeBSD 12 Installer/
Therefore, /incomplete/ is being touched by 2 different jails, plus I have the ability to browse it over SMB, yes.

Does this make sense?

NOTE: I did shut down my qbit jail, restart sab, thinking this might diagnose if this is the cause of it - this didn't change anything.