unRAID Server Release 5.0-rc11 Available


limetech

Recommended Posts

Specifically, you need to run the the New Permissions Utility. It will take a while. Don't close the browser window until it completes.

 

The problem with running the New Permissions script is that it clobbers everything.  Some applications need ownership/permissions different to those which the script imposes.  For instance, my mail folders don't use the default settings, nor the SqueezeboxServer files.  I'm wary, in particular, of disrupting my mail and so have not run the New Permissions.

 

In any case, there is still something in unRAID which sometimes makes files/directories inaccessible.  For instance, I ran mkvmerge on my Ubuntu desktop, the other evening, writing the output file to a user share on unRAID.  That process completed normally.  I then went to open the share I'd just written to, and I no longer had permission to read it.  I know that all the files are there, including the new one, because I can still access them via disk shares and from a telnet session.

 

I have detailed this problem on the forum in the past, but no one seems to have picked up on it - it also happens when I run jdownloader on the Ubuntu desktop, writing to user shares.

However, the newly modified NewPerms (as of RC9) has fixes for problems that sound very much like the 2 you mention above.

 

The problem with running the New Permissions script is that it clobbers everything.  Some applications need ownership/permissions different to those which the script imposes.  For instance, my mail folders don't use the default settings, nor the SqueezeboxServer files.  I'm wary, in particular, of disrupting my mail and so have not run the New Permissions.

That is true, there are some exceptions needed, but you do still need to run it, after identifying those exceptions.  Perhaps we need to collect all known exceptions, and create a simple script that includes them, called like /boot/newperms_exceptions?  Something like:

if exist crashburn
   set perms and owners for crashburn
if exist xyz_mail
   set perms and owners for xyz_mail
if exist squeezebox
   set perms and owners for squeezebox
etc

 

Plugin and addon authors could help here, as to how to detect the addon and the specific commands to set the appropriate perms and owners for the files associated with the addon.  Then perhaps Tom could add this to the end of NewPerms, if exist /boot/newperms_exceptions - run it.  Or SimpleFeatures could add something like it.

Link to comment
  • Replies 354
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Hi - I've just upgraded from 4.7 to rc-11 and all's looking good.  Followed the upgrade instructions and it all went smoothly.

 

Having trouble adding users though.  Root is the only user listed.  When I try to add a new one I get a very brief message  (something about restart SMB?), and it looks like it's done.  However, no new user on the list.

 

In my old configuration, I didn't use the Users section at all - I just fancied having a look at the FTP part.  I upgraded by stopping my array and updating the files to the flash share over the network.

 

If I click the log button afterwards, I get this...

 

/usr/bin/tail -f /var/log/syslog
Feb 3 15:01:10 unRAID1 emhttp: shcmd (73): smbpasswd -L -s -a Simon <<< "*****"$' '"*****"
Feb 3 15:01:10 unRAID1 emhttp: _shcmd: shcmd (73): exit status: 1
Feb 3 15:01:10 unRAID1 emhttp: shcmd (74): cp /etc/passwd /etc/shadow /etc/samba/private/smbpasswd /boot/config
Feb 3 15:01:10 unRAID1 emhttp: shcmd (75): :>/etc/samba/smb-shares.conf
Feb 3 15:01:10 unRAID1 emhttp: Restart SMB...
Feb 3 15:01:10 unRAID1 emhttp: shcmd (76): killall -HUP smbd
Feb 3 15:01:10 unRAID1 emhttp: shcmd (77): ps axc | grep -q rpc.mountd
Feb 3 15:01:10 unRAID1 emhttp: _shcmd: shcmd (77): exit status: 1
Feb 3 15:01:10 unRAID1 emhttp: shcmd (78): /usr/local/sbin/emhttp_event svcs_restarted
Feb 3 15:01:10 unRAID1 emhttp_event: svcs_restarted

 

Is that any use, or do I need to provide more?

 

EDIT: re-pasted log entry - missed off a bit originally

EDIT: pasted correct log entry - D'OH!

Link to comment
However, the newly modified NewPerms (as of RC9) has fixes for problems that sound very much like the 2 you mention above.

 

Really?  I hadn't appreciated that.  I thought the changes were all to do with SMB.  I only run Linux systems here, so use NFS exclusively (well, except for the flash drive which doesn't allow NFS).

 

That is true, there are some exceptions needed, but you do still need to run it, after identifying those exceptions.  Perhaps we need to collect all known exceptions, and create a simple script that includes them

 

I was thinking along the lines of only updating the ownership/permissions on files/directories which are set to the old defaults.

Link to comment

Having trouble adding users though.  Root is the only user listed.  When I try to add a new one I get a very brief message  (something about restart SMB?), and it looks like it's done.  However, no new user on the list.

User names must be lower case.  (You were using a leading capital letter)
Link to comment

Having trouble adding users though.  Root is the only user listed.  When I try to add a new one I get a very brief message  (something about restart SMB?), and it looks like it's done.  However, no new user on the list.

User names must be lower case.  (You were using a leading capital letter)

Ahh, thank you :)
Link to comment

Having trouble adding users though.  Root is the only user listed.  When I try to add a new one I get a very brief message  (something about restart SMB?), and it looks like it's done.  However, no new user on the list.

User names must be lower case.  (You were using a leading capital letter)

Other considerations when creating a new user:

 

 

http://lime-technology.com/wiki/index.php?title=Plugin/webGui/Users

Link to comment

I did back up the flash drive, so I just restored config/super.dat and now all the drives are green balled, and I am getting "configuration valid"

 

I originally went from 4.7 to 5.0-beta12a a long time back, and had some issues with permissions.  With this upgrade, I did not see specific instructions for going from 5.0-beta12a to 5.0-rc11, so I thought I may need to get rid of the Super.dat file and doing so might in someway help with my permissions issue (I am only guessing at that though).

 

Should I keep the old super.dat (the one I restored) or should I remove it and do a "start" with out the super.dat file?  I will hold off on starting the array, until I hear back.

 

Thanks for your input on this

 

Albin

Keep it like it is. Your configuration is valid. When you removed super.dat before you made it forget all about your configuration and so it saw everything as new disks. Now you are back to normal.

 

There is a link in the first post of this thread with the release notes. See the section labeled

  • All previous 5.0-beta and 5.0-rc versions including 5.0-rc8a

Specifically, you need to run the the New Permissions Utility. It will take a while. Don't close the browser window until it completes.

 

I did run the New Permissions utility when I went from 4.7 to 5.0-beta12 but it seemed to hang.  I started the array and ran the "New Permissions" Utility again, and it seems it did not hang this time.

 

/usr/local/sbin/newperms
processing /mnt/cache
... chmod -R u-x,go-rwx,go+u,ugo+X /mnt/cache
... chown -R nobody:users /mnt/cache
... sync
processing /mnt/disk1
... chmod -R u-x,go-rwx,go+u,ugo+X /mnt/disk1
... chown -R nobody:users /mnt/disk1
... sync
processing /mnt/disk2
... chmod -R u-x,go-rwx,go+u,ugo+X /mnt/disk2
... chown -R nobody:users /mnt/disk2
... sync
processing /mnt/disk3
... chmod -R u-x,go-rwx,go+u,ugo+X /mnt/disk3
... chown -R nobody:users /mnt/disk3
... sync
processing /mnt/disk4
... chmod -R u-x,go-rwx,go+u,ugo+X /mnt/disk4
... chown -R nobody:users /mnt/disk4
... sync
completed, elapsed time: 02:19:39

 

but I am seeing some REISERFS errors showing in the syslog.  I really do not know what they mean.  Not sure what device MD1 is.

 

  • Feb  2 23:17:42 Tower2 kernel: REISERFS warning: reiserfs-5083 is_leaf: wrong item type for item *3.5*[609350 612214 0x1 UNKNOWN], item_len 480, item_location 3356, free_space(entry_count) 65535
  • Feb  2 23:17:42 Tower2 kernel: REISERFS error (device md1): vs-5150 search_by_key: invalid format found in block 234783706. Fsck?

 

I found a thread with a similar issues:

http://lime-technology.com/wiki/index.php?title=Check_Disk_Filesystems

 

Seeing this seems to be unrelated to the version I am running and not related to permissions I started a new topic under General support and posted my reserfsck logfile there and here.

 

Location of new topic:

http://lime-technology.com/forum/index.php?topic=25740.0

 

I am not sure if there are any other items in the syslog that I need be concerned about so I will still post the syslogs.

 

I have attached a syslog snap shot prior to running new permissions, and a syslog snap shot after the new permissions finished.

 

 

Albin

syslog_pre_permissions.txt

syslog_post_permissions.txt

reiserfsck_logfile.txt

Link to comment

Hi - I've just upgraded from 4.7 to rc-11 and all's looking good.  Followed the upgrade instructions and it all went smoothly.

 

Having trouble adding users though.  Root is the only user listed.  When I try to add a new one I get a very brief message  (something about restart SMB?), and it looks like it's done.  However, no new user on the list.

 

In my old configuration, I didn't use the Users section at all - I just fancied having a look at the FTP part.  I upgraded by stopping my array and updating the files to the flash share over the network.

 

If I click the log button afterwards, I get this...

 

/usr/bin/tail -f /var/log/syslog
Feb 3 15:01:10 unRAID1 emhttp: shcmd (73): smbpasswd -L -s -a Simon <<< "*****"$' '"*****"
Feb 3 15:01:10 unRAID1 emhttp: _shcmd: shcmd (73): exit status: 1
Feb 3 15:01:10 unRAID1 emhttp: shcmd (74): cp /etc/passwd /etc/shadow /etc/samba/private/smbpasswd /boot/config
Feb 3 15:01:10 unRAID1 emhttp: shcmd (75): :>/etc/samba/smb-shares.conf
Feb 3 15:01:10 unRAID1 emhttp: Restart SMB...
Feb 3 15:01:10 unRAID1 emhttp: shcmd (76): killall -HUP smbd
Feb 3 15:01:10 unRAID1 emhttp: shcmd (77): ps axc | grep -q rpc.mountd
Feb 3 15:01:10 unRAID1 emhttp: _shcmd: shcmd (77): exit status: 1
Feb 3 15:01:10 unRAID1 emhttp: shcmd (78): /usr/local/sbin/emhttp_event svcs_restarted
Feb 3 15:01:10 unRAID1 emhttp_event: svcs_restarted

 

Is that any use, or do I need to provide more?

 

EDIT: re-pasted log entry - missed off a bit originally

EDIT: pasted correct log entry - D'OH!

 

You need I actually reboot the server, not just stop the array. And after you reboot you need to run "new config" and "new permissions" in the utilities section. You may have already done these things. Your post wasn't clear.

Link to comment

You need I actually reboot the server, not just stop the array. And after you reboot you need to run "new config" and "new permissions" in the utilities section. You may have already done these things. Your post wasn't clear.

Sorry, yes.  I meant I followed the upgrade instructions fully as per the release noyes and all upgraded fine.  Subsequent posts explained that my username must be lower case.  Thank you.

Link to comment

Having trouble adding users though.  Root is the only user listed.  When I try to add a new one I get a very brief message  (something about restart SMB?), and it looks like it's done.  However, no new user on the list.

User names must be lower case.  (You were using a leading capital letter)

Other considerations when creating a new user:

 

 

http://lime-technology.com/wiki/index.php?title=Plugin/webGui/Users

 

It would be great if Tom would enforce the limitations in the webgui rather than having the user find the wiki entry or post in the support forums  when things don't work as expected.

 

He already has the regex required in the wiki entry, making the webgui enforce it would be less than 10 lines of php.

Link to comment
It would be great if Tom would enforce the limitations in the webgui rather than having the user find the wiki entry or post in the support forums  when things don't work as expected.

I was thinking the same thing, but I'm currently assuming that the web GUI forms will be locked down once the back end functionality is sorted (potentially in a later version).  There's a few areas here where the interface could guide the user better, but I'm guessing they'll fall into place once the system's parameters have settled.

 

My job involves building web interfaces for applications.  It's in the publishing industry, so not identical, but I started sketching out a demo web front end with Jquery and its UI components.  Whilst it doesn't change the functionality of the system at all, it makes a huge difference to the appearance (in my opinion, obviously).

Link to comment

<snip>

It would be great if Tom would enforce the limitations in the webgui rather than having the user find the wiki entry or post in the support forums  when things don't work as expected.

 

He already has the regex required in the wiki entry, making the webgui enforce it would be less than 10 lines of php.

 

Is PHP running in the unRAID webserver?

 

So far, after a reboot, my HTTP daemon is staying up. Not clear what crashed it the first time. I am still having issues shutting down from time to time forcing me to cycle the system and go through parity - ick.

Link to comment

just upgraded from rc5 to r11

i examined partition format of my disks like i am to according to releasenotes

I have 1x3tb parity and 4x2tb data

2 of those data disks are saying "mbr unalligned"

Those are wd20ears

the rest is saying 3tb: gpt-4k aligned, and rest wd20ears: mbr 4k aligned

 

can i press start to bring array online?

Link to comment

I was not going to place this in this topic, but after working through it, I feel it may very well be version related.  Could be that it is something that many are already aware of, but I could not find it laid out like this.

 

I am running 5.0-rc11 and the "new permissions" utility was completed.

Note: I have another tower on the same network running 4.7 (not sure if this plays into things, but felt I should mention it seeing that I access that tower from my windows computer with different user credentials)

 

General Topic (Public users have read access to secure shares, and users with read/write access, can't write to secure shares, but can read and write to private shares)

 

I am struggling to access Exported Shares set to "YES" that have Security Set to "Secure".

Seems I have read/write access to public shares. (public share are working properly)

 

As I am trouble shooting I am changing the password of a  user, or changing a user from read only to read/write on a  particular share, I am wondering if each one of these changes should be instant, or do I need to reboot UnRAID between each change, or do I need to reboot windows (the computer associated with the edited user settings), or do I need to do both, or is there some other less time consuming option (stopping and restarting the array, or stopping and starting some service on windows).  (I answer this question below)

 

Test-1

changing a share from secure to public, and then (no reboots) trying to change the name of a file in the share from my computer did not work.  I get the "Destination Folder Access Denied" / "You need permission to perform this action" (options "try again" "cancel").  (I am accessing these through \\tower\folder\file and not as a mapped network drive )

 

Test-2

changed a different network share to public, then went to settings>share settings and changes "Enable User Shares:" to "NO" and then applied this setting, then changed "Enable User Shares:" back to "YES" and then applied this setting.  I then went to the share \\tower\folder2\file and I had read/write access.

 

So simply turning off the shares and then turning it back on seems to help with getting the changes to take effect.

 

Test-3

(note: I just rebooted my computer, I have not reconnected to any network drives, and there are no user credentials stored in the user credentials (except for windows live, which I have read you can delete it but it will just keep coming back, unles you uninstall windows live)

I can browse to a network share that is set to secure, and see the files and folders of that share even though I have not entered any credentials.

(I would think that if I have not logged in as a user I should not have read access to a network share that is set to secure

 

Test-4

changed a network share from secure to private (all users were set to "No Access") (disabled and then renabled shares to get the settings to take effect), then

browse to the network share, and I could not see or gain access to the share (this is what I would expect to happen)

 

Test-5

changed a network share from secure to private (set one user to read/write access) (disabled and then renabled shares to get the settings to take effect), then browse to the network share, and I could not see or gain access to the share, but I could read and write to the network share after entering the proper user credentials. (this is what I would expect to happen)

 

Conclusion:

Public Shares seem to work correctly

Secure Shares do not seem to be working correctly (public users have read access)

Private Shares seem to work correctly

 

Related links / Topics that may help others:

 

Create a file in the 'config' directory on your flash called 'smb-extra.conf'.  Inside this file, put this line:

 

acl check permissions = No

 

Then Stop array and Start array.  Now let me know if this problem persists.

 

I am entering the user with the the following guidelines:

 

User names can not contain capital letters.  Here are the rules:

 

- First character of a username must be a lower-case letter, or the underscore '_' character.

- Subsequent characters of a username may be lower-case letters, underscore, or dash '-' character.

- The very last character of a username is permitted to be a dollar sign '$'

- Maximum total length is 32 characters

 

Put another way (straight from the code of 'useradd' linux utility):

 

User/group names must match [a-z_][a-z0-9_-]*[$]

 

Thanks

 

Albin

Link to comment

Can someone move this Topic and related replies to:

 

Lime Technology - unRAID Server Community » General » General Support

 

With a Subject of: "Understanding Permissions and Using Windows Credentials to Log into Network Shares" (or some appropriate subject) Thanks

 

 

All users are intended to have read access to a Secure share. This is the difference between Secure and Private. The system is working correctly. Examine the share setup.

 

Sorry about that I incorrectly assumed what public, secure, private stood for.  I found the following which straightened me out:

 

 

Public means that no user account is needed on the server for someone to access the share.  This means you won't see the login box pop up when accessing the share.  It also means that anyone can read/write/create/delete any file or directory on the share.  This is the default setting when a new share is created.  This is also the default setting if a share is created by creating it on a disk share.  When a file is created it will be be owned on the linux-side by the 'nobody' user of the users group (uid/gid = 99/100).

 

Secure means that no user account is necessary on the server in order to access the share, and no login box will pop up.  But in this mode you can select users than can have read/write access to the share, all other users will have read-only access.  Since no login box will appear, in order to get this to work, this must be true:

- Whatever username you used to log in to your windows PC must also be a user name on the server.  The 'case' of the user name does not matter (actually you must enter all lower-case on server side).

- The password you set on the server must match exactly the password used for your windows logon.  The password IS case-sensitive.

 

Private means that you specify the exact set of users that can either have readonly or read/write access to the share.  If you try to connect to the server you may or may not get a login box.  If the username/password of your windows login matches one of the usernames defined on the server side, and that username has either readonly or read/write access (ie, not 'no access), then no login box will appear and you will be be logged into the share with the access rights specified.  But if either your windows username is unknown on the server, or your windows password does not match, then windows will present a login box prompting for a username/password.  Using this box you can then login to the share using one of the other username/passwords on the server.

 

Note that once you login to the server using some other username than your windows username, windows will use that username to access all shares on the server.

 

It appears that I do not have to enter log in credentials if my User Name and password that I use for logging into windows vista match the user name and password for an existing user on the unraid network shares.

 

I am interested in using this feature.  I adjust my Vista user name from "Firstname Lastname" to "firstnamelastname" (I guess I could have used "firstname_lastname" or some other combo.  The password stayed the same.  To make sure windows was not logged into any network share I did the following:

 

1.  Creating a Fresh Windows Connection

net use * /delete

2.  Rebooted Unraid

3.  Rebooted Windows

4.  logged into windows "firstnamelastname" "password"

 

I expected that I could browse to the network share and gain access to a private share that "firstnamelastname" has read/write access to, but I was prompted for a user name and password.  Before putting in credentials I went to a command window and did :

net use

and got the following response:

New connections will not be remembered.

There are no entries in the list.

 

Just to clarify:

I am trying to gain access to Network Share \\tower2\CDMedia

Network share Export is set to "YES"

Network share is set to Private

USER firstnamelastname has read/write access

 

Results for telnet session:

Type (replacing 'Media' with the share name--Capitalization is IMPORTANT):        ls -al ../mnt/user/Media

 

ls -al ../mnt/user/CDMedia

 

Tower2 login: root

Linux 3.4.26-unRAID.

root@Tower2:~# ls -al ../mnt/user/CDMedia

total 3047

drwxrwxrwx 1 nobody users    112 2013-02-06 08:44 ./

drwxrwxrwx 1 nobody users      80 2013-02-06 03:40 ../

-rw-rw-rw- 1 nobody users    6148 2010-01-15 16:23 .DS_Store

-rw-rw-rw- 1 nobody users 3104804 2005-12-22 11:15 _7A_00220.jpg

root@Tower2:~#

(currently only two files in this test directory)

 

Am I missing a step?  What else is needed to get my windows Vista credentials to work for my unraid user credentials?

 

Thanks

 

Albin

Link to comment

I having a problem with the RC11 regarding mounting ISO file in virtual drive, I play it with POWERDVD is very very..... slow (I have tried the other player still the same), basically it cannot be play. I tried back to RC10 it is play smoothly without any problem. Anyone have similar issue?

Link to comment

I noticed that my hard drives are not going to sleep anymore after upgrading to rc11.  The parity drive does but the rest of them do not.  I have confirmed that no resources are using any shares and before rc11, I would get up in the morning and find all drives spun down.

 

Anyone else having this same issue?

Link to comment

I noticed that my hard drives are not going to sleep anymore after upgrading to rc11.  The parity drive does but the rest of them do not.  I have confirmed that no resources are using any shares and before rc11, I would get up in the morning and find all drives spun down.

 

Anyone else having this same issue?

Works for me. Probably a plugin (Plex maybe?) Try

lsof /mnt/*

Link to comment

I noticed that my hard drives are not going to sleep anymore after upgrading to rc11.  The parity drive does but the rest of them do not.  I have confirmed that no resources are using any shares and before rc11, I would get up in the morning and find all drives spun down.

 

Anyone else having this same issue?

Works for me. Probably a plugin (Plex maybe?) Try

lsof /mnt/*

 

Ok, thanks.  I've been running Plex for over a year now and this wasn't a issue until rc11.  I'll try that command when I get home, but what will it tell me?

Link to comment

Ok, thanks.  I've been running Plex for over a year now and this wasn't a issue until rc11.  I'll try that command when I get home, but what will it tell me?

It will tell you what files are open that are stopping the disks being spun down.  Hopefully the names will help you identify the culprit.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.