SOLVED Storage accross Freenas and Jail (Permission question but please take a quick look)

Status
Not open for further replies.
alexhore

alexhore

Explorer
Joined
Sep 24, 2014
Messages
52
I know the admins and experienced users don't like permission questions we are simply expected to learn for ourselves but I have read the section in the Freenas 9.3 guide regarding storage and as far as I can tell set it up in a way that should work.

So I wanted to setup Transmission and a few other Plugins to use the same storage but without leaving the folders open to all.

I can read and write to the folders using Freenas user Alex who is also part of the group I created called System but the transmission user I setup using the same username and group name and even the ID number 921 from the jail seems unable to despite having System as an Aux group.

I'm 4 hours, 3 installs and 5+ removal and re-installs of transmission and storage closer to finding someone I can pay for an answer, please consider removing this thorn from my left cheek.


Transmission error:
1cb51d.png



Storage I'm trying to share:
2e6874.png


Transmission user:


308cc6.png



Groups:
4.png



Shared folder permissions:
500223.png


I made an assumption that this step in the guide (shown below) means create this additional group in Freenas not in the jail/jails perhaps this is the reason?

If the jail should access existing data, edit the permissions of the volume or dataset so that the user and group account has the desired read and write access. If multiple applications or jails are to have access to the same data, you will need to create a separate group and add each needed user account to that group.
 
Last edited:
ian351c

ian351c

Patron
Joined
Oct 20, 2011
Messages
219
Looks like you're on the right track, just not all they way there maybe... I would check two things: the same users and groups (with the same UIDs/GIDs) should exist for "transmission" and "System" in your jail (they are not created automatically when you create a jail). Also, check permissions on the parent folders (/mnt, /mnt/NAS, and /mnt/NAS/Share) to make sure you can traverse those as the user that needs access (i.e. "transmission"). In this case "su -m transmission" is your friend.
 
Joshua Parker Ruehlig

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
the transmission process runs in a jail. that's where it governs what user can write to what file. the jails user database knows nothing about whatever users/groups you create on the host system.

users/groups on the host system pretty much just help with shares (NFS/cifs) which run on the host system.
 
alexhore

alexhore

Explorer
Joined
Sep 24, 2014
Messages
52
ian351c said:
Looks like you're on the right track, just not all they way there maybe... I would check two things: the same users and groups (with the same UIDs/GIDs) should exist for "transmission" and "System" in your jail (they are not created automatically when you create a jail). Also, check permissions on the parent folders (/mnt, /mnt/NAS, and /mnt/NAS/Share) to make sure you can traverse those as the user that needs access (i.e. "transmission"). In this case "su -m transmission" is your friend.
Click to expand...

Well you put me on the right track with this I have got it working. After your comments I re checked google and found better results https://forums.freenas.org/index.php?threads/share-dataset-between-two-jails.16591/ This affirmed what you were suggesting and in summary I ended up creating a group in the transmission jail:

Code:
root@transmission_1:/ # pw groupadd System –g 1002
root@transmission_1:/ # pw usermod transmission –G System

root@transmission_1:/ # id transmission
uid=921(transmission) gid=921(transmission) groups=921(transmission),1002(System)


Thank you !


Joshua Parker Ruehlig said:
the transmission process runs in a jail. that's where it governs what user can write to what file. the jails user database knows nothing about whatever users/groups you create on the host system.

users/groups on the host system pretty much just help with shares (NFS/cifs) which run on the host system.
Click to expand...

Now Joshua's comment has confused me, are you suggesting I didn't even need to create the same group in Freenas (host system) just the use same group in all Jails? I'm stumped by this...
 
Joshua Parker Ruehlig

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
sorry for the confusion!

but I stand by my statement. creating groups on the host will not help processes in the jail have access to files. but it would help in cases where you are using those group for cifs/NFS, because those processes run on the host
 
alexhore

alexhore

Explorer
Joined
Sep 24, 2014
Messages
52
Mind is in overdrive.
The folder in the jail has no permissions if the permission on the host do not influence it but perhaps when I used the add storage option it copied the permissions over from the host and so there was no requirement to set them in the jail?
 
Joshua Parker Ruehlig

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
alexhore said:
Mind is in overdrive.
The folder in the jail has no permissions if the permission on the host do not influence it but perhaps when I used the add storage option it copied the permissions over from the host and so there was no requirement to set them in the jail?
Click to expand...
sorry, im confused...
I think permissions are sometimes inherited, but I don't know your setup.

really not sure what you're asking, if you still have a problem, or if your just trying to understand how it all works, lol.
 
alexhore

alexhore

Explorer
Joined
Sep 24, 2014
Messages
52
Joshua Parker Ruehlig said:
sorry, im confused...
I think permissions are sometimes inherited, but I don't know your setup.

really not sure what you're asking, if you still have a problem, or if your just trying to understand how it all works, lol.
Click to expand...

Just trying to understand, I think in this case because I created a group on the host called System and assigned the folders on the host to this group all before before using the add storage option the permissions must have been copied over since within he jail I have created a group in the called System same ID as on the host and changed the transmission user to be part of this group and it works without changing who owns the folder in he jail.

Anyway it's working!!!!!!
 
Joshua Parker Ruehlig

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
sounds plausible to me. glad you got it working!
 
ian351c

ian351c

Patron
Joined
Oct 20, 2011
Messages
219
I'll contradict Joshua a little bit... While technically Joshua is correct (the best kind of correct! :smile: that it's not necessary to create the same groups on the FreeNAS server as you have in your jails, it does make things a lot easier to keep organized. I have 5 jails running and I've created the users/groups on FreeNAS that I am using in the jails just to make keeping track of who has access to what easier. For example, I created a group for access to my media folders and it exists (with the same GID) on my Plex jail, my transmission jail and on FreeNAS. This also helps prevent giving unintended access. Overlapping UIDs and GIDs can lead to some very unintended access situations.
 
Status
Not open for further replies.

Similar threads

W
  • Locked
Jail Storage Permissions Difficulties
Replies
18
Views
4K
WhirlwindMonk
W
A
FreeNAS-11.2-U7 step by step Plex, Transmission, Radarr & Sonarr jail permission problem
Replies
0
Views
5K
acchome
A
G
  • Locked
FreeNAS 9.2.1.5 - BTsync / CIFS / ZFS ACL and Permission issues
Replies
2
Views
2K
cyberjock
C
fahadshery
Permissions for User and Group
Replies
16
Views
8K
fahadshery
fahadshery
T
  • Locked
Probably a permission problem
Replies
1
Views
1K
tophee
T
Top