4.5-beta6 permissions issue


Recommended Posts

I have a AD setup.  On the unRAID Settings tab, my AD initial owner is set my account and the AD initial group is set to "DOMAIN\unRAID Users".

 

I set permissions in order on all folders where the owner is my account and the group is "DOMAIN\unRAID Users".  All directory permissions are set to 775 and all file permissions are set to 644.

 

When I use Explorer to browse to a file on the user share (e.g. \\tower\TV\Comedy\Saturday Night Live\s34e21), I can see the file I want to view (let say it's an .avi or .mkv file).  If I double click it to launch Media Player, Media Player cannot play the file and unRAID magically changes the permissions on the folders so that I can no longer view the folders or files under TV\Comedy.

 

Logging into the server, and doing an "ls -lR /mnt/user/TV/Comedy", I see the folder permissions on TV/Comedy, TV/Comedy/Saturday Night Live, and TV/Comedy/Saturday Night Live/s34e21 and are now 644 and the group is now "DOMAIN\domain users".  If I use chown and chmod to reset the permissions back to 775, I still cannot access those folders after that (even though they do not change again upon re-attempted access via Explorer at that time).

 

Accessing via disk shares (e.g. \\tower\disk1\TV\Comedy ... ) works fine.

 

Edit:

I did a chmod -R 775 on /mnt/user/* and rebooted the unRAID server and the problem seems to have cleared up.

 

 

 

Link to comment

I'm having a similar problem with Beta 6. I haven't troubleshot it as much as Nyago123, but I did the permissions thing. Got access to my files. Next day, access gone again.

 

I've had to turn Active Directory support off for the moment so that we can continue to access files.

 

Hope we have a solution soon--I really want AD!

 

Tony

Link to comment
  • 1 month later...

I'd like to push this thread up - because me too tried AD-security without success (wastn't able to join the domain) and went back to simple security for the time now.

I definately need only readaccess for common users, restricted access for some shares for the kids and full access for the admin.

 

Anybody with a successful config in use? Or do I need to wait for next beta?

 

Thanks, Guzzi

 

PS:

log shows:

Jul 22 21:28:04 XMS-GMI-02 emhttp: shcmd (214): /usr/bin/net ads join -U "Administrator"%"*****" 2>&1 | logger

Jul 22 21:28:04 XMS-GMI-02 logger: realm must be set in in /etc/samba/smb.conf for ADS join to succeed.

Jul 22 21:28:04 XMS-GMI-02 logger: Invalid configuration. Exiting....

Jul 22 21:28:04 XMS-GMI-02 logger: Failed to join domain: Invalid parameter

Jul 22 21:28:05 XMS-GMI-02 emhttp: shcmd (215): /usr/bin/net ads testjoin -P >/dev/null 2>&1

Jul 22 21:28:05 XMS-GMI-02 emhttp: _shcmd: shcmd (215): exit status: -1

 

 

 

Link to comment

Hi Guzzi,

 

My AD works with caveats:

1. I created a domain admin login account with a password where neither contained any special characters or spaces which is exclusively for unRAID use.  Some of the early issues involving this may have been fixed but I'm sticking with this for now.

2. On the Shares page, I did set my own account and a group I created as the AD initial owner and the AD initial group.

 

I continue to see the aforementioned bug where security changes spontaneously when browsing on whole directory trees in /mnt/user.  What I notice is that the permissions go to 644 and the group becomes "domain users" instead of what I've specified as the AD initial group on the Shares page.  This tells me "domain users" is hard-coded in somewhere or is in some config file from prior use.  When this happens, I just go do a chmod -R 775 directory and a chown -R "<user>:<group>" directory to fix it in /mnt/user.

 

I do notice I have both a /mnt/user and a /mnt/user0.  I don't know what they are both for.

 

Link to comment

Hi Guzzi,

 

My AD works with caveats:

1. I created a domain admin login account with a password where neither contained any special characters or spaces which is exclusively for unRAID use.  Some of the early issues involving this may have been fixed but I'm sticking with this for now.

2. On the Shares page, I did set my own account and a group I created as the AD initial owner and the AD initial group.

 

I continue to see the aforementioned bug where security changes spontaneously when browsing on whole directory trees in /mnt/user.  What I notice is that the permissions go to 644 and the group becomes "domain users" instead of what I've specified as the AD initial group on the Shares page.  This tells me "domain users" is hard-coded in somewhere or is in some config file from prior use.  When this happens, I just go do a chmod -R 775 directory and a chown -R "<user>:<group>" directory to fix it in /mnt/user.

 

I do notice I have both a /mnt/user and a /mnt/user0.  I don't know what they are both for.

 

 

Hi Nyago,

 

thanks for your help offered, but I think I am too far away from linux to deal with permissionsets etc. - if Tom is aware of this problem I hope for a fix from his side for the next release.

I have now changed to user security for the time it takes - took me quite some time to figure out that no capital letters are allowed ....

 

 

/mnt/user0 is afaik the same as user and used internally if you have configured a cache disk.

 

I also use hidden shares for smb-extra.conf - I have my root share in there. Anybody know the securitysettings for this share (that allows access to averything and is not configurable in the webGUI)?

 

Guzzi

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.