iarp Posted December 8, 2012 Share Posted December 8, 2012 When I was first introduced to unRaid, I was told i should go for the latest 5.0 version, which at the time was i think, beta 14. I've since upgraded to the latest and the issue still persists. Ever since installing the system, I've been in a constant battle with permissions. This is the problem. If user iarp creates a file or folder and then user john tries to access said folder, they are denied access. They are denied access because whatever application that writes the files to disk, is writing the files with the incorrect user/group combination required by unraids permissions system. Basically, the user/group required is nobody/users, but if iarp creates a folder the permission iarp/users is given and everyone else is denied access, and similarly if john creates the item it's john/users. What i'm surprised about is the lack of this issue bothering others, it's so bad that i now have a cronjob that runs every 15 minutes on two of my hottest shares, and i have nightly jobs that run on the entire array fixing permissions. That or most people running 5.0 are all running under a single username. I know my co-worker runs 5.0-b14 and he's in the same boat. If sabnzbd grabs something, before he can watch it he has to fix it's permissions. Now, for safety's sake I've been asked to create a duplicate machine that mirrors the main. I'm thinking of installing 4.7 since nobody seems to complain about permission issues there, the idea would be i get the second machine up on 4.7 rsync the data from the current machine and then reinstall the 5.0 machine as 4.7 and then do my usual rsync business as backup. Could someone with 4.7 please try something to make 100% sure this issue isn't there too. Connect to your server as one user, create a folder and a file of any type, then disconnect and reconnect as another user and let me know if you get permission denied. I do not imagine transferring 9TB's of data, only to find the same issue persists, would be fun. I've tried getting unraid to work in vmware (currently waiting on sas card and mobo to build secondary machine), but have had no luck. Link to comment
Helmonder Posted December 8, 2012 Share Posted December 8, 2012 What you are describing should not happen and DOES not happen... At least not with me and several others.. Anything on the array writing something should allways write with groupid USERS, as long as that happens, it will work... Did you run the new permissions utility ? Does it only happen with files another utility writes ? Does it happen with files on the array you save yourself from your pc/mac ? Did you create your users through the unraid webpage and are you using these users on your pc/mac ? Link to comment
S80_UK Posted December 8, 2012 Share Posted December 8, 2012 I am running 5.0rc8a and I do see the problem that iarp reports. Question... Is this related to the Samba issue that gives some users reason to update to a later version of Samba than that in the release from Limetech? There are some aspects to this that I don't fully understand... Logged in as user test on my Win 7 machine I created a folder on the server called zzz. I can see from the unRAID command line that the folder was given ownership of test:users by unRAID. I then copied some other folders and files from Win 7 into zzz. They also were given the ownership of test:users. On the Win 7 machine the user test can see everything just added. Logged in from Windows as a different user, les (who also has a user account in unRAID), I can see the folder zzz, but I cannot see what is inside it. If I go to the command line in unRAID (logged in to the command line as root), and chown nobody:users zzz then the folder zzz is changed but none of the sub folders or files is changed (as I would expect, since I did not apply chown recursively). However, having changed zzz to nobody:users, I find that from Windows the user les can now see all of the sub-folders and files, including the files within the sub-folders of zzz that are still owned by test:users. The result of the last change seems inconsistent with the earlier lack of access to the contents of the folder zzz. From what has been said by Helmonder, since the group id was always users I think that I should always have had access to the folders and files whichever login was used. Puzzled. Les. Link to comment
S80_UK Posted December 8, 2012 Share Posted December 8, 2012 Answering my own question after some testing... This does seem to be fixed by updating to the more recent version of Samba. Instructions buried in the RC8A thread here... @iarp - If you are able and confident to do so, I suggest that you try this in preference to a downgrade to 4.7. It is probably the lower risk option. Link to comment
dgaschk Posted December 8, 2012 Share Posted December 8, 2012 It sounds like sabnzbd is not configured correctly. sabnzbd should be creating files as nobody/users, 660. Ask the Plug-in author for guidance on correct configuration in the User Customizations forum. Link to comment
iarp Posted December 8, 2012 Author Share Posted December 8, 2012 I think i have figured out the issue. I went out and grabbed the Samba 3.6.9 installer, but that gave me libpam.so.0 issues so i grabbed 3.6.8 from the link below. That did not fix the issue. In essence, the users that were having issues had changed their Windows password and were no longer authenticated properly with unraid. It's now anonymous users that have the problem, which i'm OK with. http://search.slackware.eu/cgi-bin/package.cgi/view/slackware-14.0/slackware/n/samba-3.6.8-i486-1.txz Link to comment
JustinChase Posted December 12, 2012 Share Posted December 12, 2012 I am having the same issues, and I believe it's to do with unRAID users and shares. Whenever sab finishes a download, processes it and puts it in the final location, i cannot watch, delete, nor move it until I run the newperms command on the directory containing them. I'm running 5.0-rc8a, and have some user shares which allow certain users certain accesses. This pretty much works, meaning that users that don't have access to a share actually don't have access. Users that do have access, do, etc. read/write permissions for these users generally works, after the newperms command has been run on all the files. The problems I have are any new downloads not being set correctly. I've had SABnzbd set to write permissions as 777, and recently changed to 755, but it's still not working. I also have the new SAMBA being installed at startup, and have verified that version 3.6.8 is the version running, but this has not helped. I'm not sure what to do now, but I'm very sick of having to run the newperms script constantly. It's not the plugin per se, as it's job is to download/install the program (SABnzbd), and that works fine. it's a problem with either SAB, or as I suspect, the users management of unRAID. Link to comment
dgaschk Posted December 12, 2012 Share Posted December 12, 2012 I am having the same issues, and I believe it's to do with unRAID users and shares. Whenever sab finishes a download, processes it and puts it in the final location, i cannot watch, delete, nor move it until I run the newperms command on the directory containing them. I'm running 5.0-rc8a, and have some user shares which allow certain users certain accesses. This pretty much works, meaning that users that don't have access to a share actually don't have access. Users that do have access, do, etc. read/write permissions for these users generally works, after the newperms command has been run on all the files. The problems I have are any new downloads not being set correctly. I've had SABnzbd set to write permissions as 777, and recently changed to 755, but it's still not working. I also have the new SAMBA being installed at startup, and have verified that version 3.6.8 is the version running, but this has not helped. I'm not sure what to do now, but I'm very sick of having to run the newperms script constantly. It's not the plugin per se, as it's job is to download/install the program (SABnzbd), and that works fine. it's a problem with either SAB, or as I suspect, the users management of unRAID. Please contact the add-on author for configuration advise in the User Customizations forum. The author is unlikely to read your post in this forum. Link to comment
JustinChase Posted December 12, 2012 Share Posted December 12, 2012 Thanks, but, who do you mean by "add on author"? The creator of the plugins that download and install SABnzbd? They aren't the correct person, as the plugin is working fine. The creator of SABnzbd? I'm not sure they frequent these forums. someone else? who? i really think this is an unRAID permissions issue, related to the usage of user accounts with various permissions for each user and/or share, combined with setting unRAID to be in a workgroup, and being used as a local master or not, and using a known buggy version of SAMBA. It's very possible that I'm mistaken in that assumption. I really don't know where else is more appropriate than the general help forum. If I can't get some help in this thread, I'll likely create a new one with a title more appropriate to my specific situation. i only replied to this one because the OP described the same issues I'm having, and also acknowledged that their issues remain, but that they can live with the situation. I cannot. Link to comment
kizer Posted December 12, 2012 Share Posted December 12, 2012 I've yet to encounter any issues you are describing using 4.7 or any of the 5 Versions. The only issue I've ever encountered required a running permissions script after installing 5 and rebooting my Windows7 machine because the permissions for some odd reason didn't allow my Windows7 machine to connect to them. Reboot and everything runs smooth. Currently I have an XP laptop, Xp Desktop, Windows7 Laptop, Windows7 Desktop, iMac and several phones of various flavors running several different permission configurations that connect to my unRAID machine on a regular basis and they have never reported a permission issue. I completely agree with somebody saying check that app or the plugin creator to see if there is a problem with it. Link to comment
whiteatom Posted December 12, 2012 Share Posted December 12, 2012 Justin, What file permissions do your new SAB downloads have? How are you trying to access this file? The newperms script is a steamroller that just resets everything on the drive to default permissions - if you're SAB user and access user have incompatible permissions, every new file will have the same problems and you'll never fix this because you are covering up the problem with the newperms script. If SAB is running as nobody:users and downloaded files have the permissions rwx------ and you are trying to access that file as bob:users, you'll have problems because your access is based on a common group and there is a lack of group permissions. If a downloaded file has permissions rwxrwx--- and you are accessing it at bob:bob, you'll get denied because you have nothing in common and there are no 'other' permissions. The other key thing is that you need 'x' privileges on every directory above the file you are trying to access. You need to show us the problem if we are going to help you fix it. Access your server through what ever method you are trying to view your files with (over the network with samba?) and create a test file (test.txt with notepad is perfect). Telnet into your server and do an ls -la on the directory where your test file is, and also an ls -la for the directory where your newly downloaded file is. Post the results and it should be pretty easy to see WHY you can't access the file. After that you'll need to set up the software to follow the permissions you want to allow access.... Do you need to have users security here? or should all users be able to access your newly downloaded files? I have found that for the VAST majority of users, permissions are not needed, so the best solution is to set them all common (as you are doing with the newperms script) and set up all the software to work with those. That means configuring SAMBA to use permissions that are common with sabnzbd. By default, unraid users are set up to use permissions as a regular linux user when connecting over SAMBA, this is not something wrong - this is secure. Changes need to be made to samba to follow a "open" permissions scheme, but this is often the best solutions for most unraid installs. Sorry if I'm comming across as a little hostile, but people who blame unRaid for permissions issues annoy me a bit because ALL linux file permissions problems stem from a lack of understanding on how they work. If you want to be able to work with file permissions and not just obliterate them, make some time to get on the Google and do some reading. Post the requested info, and we'll help you get this fixed. whiteatom Link to comment
JustinChase Posted January 13, 2013 Share Posted January 13, 2013 I'm so very sorry for the delay in my response. I just now noticed that anyone had replied. hopefully you're still around and willing to help Here is the information you've requested, for the file that doesn't work... -rw------- 1 nobody users 1228116380 2013-01-12 03:06 Fringe\ -\ s05e11\ -\ The\ Boy\ Must\ Live.mkv it doesn't have the correct permissions, obviously. That file exists via Sickbeard sending the nzb to SABnzbd, which downloaded it, then sent it to the post processing script, which put it in it's current location with those permissions. I have SAB set to apply these permissions - Permissions for completed downloads: 770 and run this script for this file: /mnt/cache/plugins/sickbeard/autoProcessTV/sabToSickBeard.py which is copied below... #!/usr/bin/env python # Author: Nic Wolfe <[email protected]> # URL: http://code.google.com/p/sickbeard/ # # This file is part of Sick Beard. # # Sick Beard is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Sick Beard is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Sick Beard. If not, see <http://www.gnu.org/licenses/>. import sys import autoProcessTV if len(sys.argv) < 2: print "No folder supplied - is this being called from SABnzbd?" sys.exit() elif len(sys.argv) >= 3: autoProcessTV.processEpisode(sys.argv[1], sys.argv[2]) else: autoProcessTV.processEpisode(sys.argv[1]) Movies get a similar permissions issue, but I don't have any right now that I haven't already fixed. I think I have one that will finish downloading this evening, so I can get the exact info, but I believe it has the same permissions as the TV show above. I do need user security here, as I have children that don't need access to a specific share, and I don't want them to have write (delete) permissions to the video, music or documents shares either. I have the shares set to Secure, with only some users having full read/write access. See attached for a screenshot. Other shares are set similarly. Hopefully this is enough information to help me get this 'fixed', but if not, PLEASE let me know what else you need, and I'll provide it quickly. thanks for any help! Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.