Bifur Posted January 27, 2020 Share Posted January 27, 2020 Hello everyone. I just setup an Unraid server and loving it so far. However, running into a few issues and wanted to see if someone could assist me or at least help me think about doing this a different way to achieve what I need. The main point of the Unraid server was for storage. I had a 10TB drive as a second disk that got full so it made sense to move to Unraid for its obvious benefits. The storage is for backups for various applications (backups and config files basically). The way I previously got these files was via a FTP server that has the FTP root directory on the original 10tb secondary disk. I have 3 primary folders for 3 different applications: Phone Backups, Phone Config, and Computer Backups. Each of these folders has a unique FTP username (Let's say user1, user2, and user3). Since Unraid can easily do VMs, I decided to make an FTP server VM on Ubuntu 18.04. I added the FTP root/share to my /etc/fstab and am able to see that directory in my VM. I created the same usernames mentioned above on the VM. The problem now is I have is permissions. I got the FTP transfers working correctly, but then I am not able use SMB to copy/paste files. I would prefer to be able to access both and I am not quite sure what to do. I have tried in the VM to add each FTP user to group users but have each FTP user own the folder. Messaged around some in unraid via ssh as well. I guess I am not to familiar with how the VM mount permissions works with the unraid permissions and if its even possible for me to do what I need it to do. I have a consolidation program for the computer backups that needs R/W access via the SMB side, but I need the FTP server to be able to upload files to the storage array. This is where permissions are getting screwed up. Any suggestions is much appreciated! Quote Link to comment
Xaero Posted January 27, 2020 Share Posted January 27, 2020 (edited) 1 hour ago, Bifur said: Hello everyone. I just setup an Unraid server and loving it so far. However, running into a few issues and wanted to see if someone could assist me or at least help me think about doing this a different way to achieve what I need. The main point of the Unraid server was for storage. I had a 10TB drive as a second disk that got full so it made sense to move to Unraid for its obvious benefits. The storage is for backups for various applications (backups and config files basically). The way I previously got these files was via a FTP server that has the FTP root directory on the original 10tb secondary disk. I have 3 primary folders for 3 different applications: Phone Backups, Phone Config, and Computer Backups. Each of these folders has a unique FTP username (Let's say user1, user2, and user3). Since Unraid can easily do VMs, I decided to make an FTP server VM on Ubuntu 18.04. I added the FTP root/share to my /etc/fstab and am able to see that directory in my VM. I created the same usernames mentioned above on the VM. The problem now is I have is permissions. I got the FTP transfers working correctly, but then I am not able use SMB to copy/paste files. I would prefer to be able to access both and I am not quite sure what to do. I have tried in the VM to add each FTP user to group users but have each FTP user own the folder. Messaged around some in unraid via ssh as well. I guess I am not to familiar with how the VM mount permissions works with the unraid permissions and if its even possible for me to do what I need it to do. I have a consolidation program for the computer backups that needs R/W access via the SMB side, but I need the FTP server to be able to upload files to the storage array. This is where permissions are getting screwed up. Any suggestions is much appreciated! setgid: Binary executables with the setgid bit (chmod g+s path) can be executed with the privileges of the file's group. A useful property is to set the setgid bit on a directory so that all files and directories newly created within it inherit the group from that directory. In octal, the setgid bit is represented by 2000 e.g: "chmod 2755 path". setgid has no effect if the group does not have execute permissions. setgid is represented with a lower-case "s" in the output of ls. In cases where it has no effect it is represented with an upper-case "S". I would test this on a single directory and see if it resolves the issue: chmod g+s /path/to/testdir Edited January 27, 2020 by Xaero Quote Link to comment
Bifur Posted January 27, 2020 Author Share Posted January 27, 2020 Thanks for the reply. I am going to look at that command tonight. When you say run that on one directory, would I do this Unraid side or VM side? Quote Link to comment
Bifur Posted January 28, 2020 Author Share Posted January 28, 2020 (edited) 11 minutes ago, Bifur said: Thanks for the reply. I am going to look at that command tonight. When you say run that on one directory, would I do this Unraid side or VM side? The more I think about this, I want to do this via SSH on unraid and make sure the file permissions are nobody and user. Then by running the chmod g+s on the folder, any file created should inherit the permissions of that folder, not the user who created the file(s). Is that correct? EDIT: lol Now I am thinking I make sure file permissions are correct Unraid side, then run the chmod on the VM side since that is who will be creating the file. Edited January 28, 2020 by Bifur Quote Link to comment
Xaero Posted January 28, 2020 Share Posted January 28, 2020 9 minutes ago, Bifur said: The more I think about this, I want to do this via SSH on unraid and make sure the file permissions are nobody and user. Then by running the chmod g+s on the folder, any file created should inherit the permissions of that folder, not the user who created the file(s). Is that correct? EDIT: lol Now I am thinking I make sure file permissions are correct Unraid side, then run the chmod on the VM side since that is who will be creating the file. So, you want to run this on Unraid, via SSH. That's the correct way of thinking. First you'll want to make sure the directory is owned by the correct user, and the correct group for samba read/write to work. I don't know what this is in your case, but for stock unraid is nobody and the group users. From there you want to set the GID bit on that directory. Any files or folders created within that directory from ANY user will automatically have the correct group. Quote Link to comment
Bifur Posted January 28, 2020 Author Share Posted January 28, 2020 (edited) So..I think I am even more confused now. Sorry for my ignorance. Let me say what is going on now. This is what I did: chown -R nobody:users FTPa chmod g+s FTPa I was getting permission denied errors when trying to upload a file. I added User1 to Unraid with read/write to FTP_ROOT (parent folder to FTPa) and was able to get files to upload to FTPa. The permissions attached to the uploaded file are: -rw-r--r-- 1 FTPusername users 92682031 Jan 27 17:33 20200127-203213-1580175133-247300043.tgz The Parent folder permissions are: drwxrws--- 1 nobody users 166 Jan 27 17:33 FTPa/ I am able to copy files to FTPa from Windows SMB. Do these permissions look correct? If so, is there a recursive way to apply g+s to all folders in the FTP_ROOT? I know how to get around Linux somewhat, but I am no expert by any means. I guess I am worried about security as well. I have my 2 ftp users locked down separately in FTPa, FTBb, and FTPc so that should be OK. I guess I need to make sure my backup consolidation program can read as well as make changes to the files as well. I did not do this test on that directory yet. Thanks again for your time and help! Edited January 28, 2020 by Bifur Quote Link to comment
Xaero Posted January 28, 2020 Share Posted January 28, 2020 (edited) 1 hour ago, Bifur said: So..I think I am even more confused now. Sorry for my ignorance. Let me say what is going on now. This is what I did: chown -R nobody:users FTPa chmod g+s FTPa I was getting permission denied errors when trying to upload a file. I added User1 to Unraid with read/write to FTP_ROOT (parent folder to FTPa) and was able to get files to upload to FTPa. The permissions attached to the uploaded file are: -rw-r--r-- 1 FTPusername users 92682031 Jan 27 17:33 20200127-203213-1580175133-247300043.tgz The Parent folder permissions are: drwxrws--- 1 nobody users 166 Jan 27 17:33 FTPa/ I am able to copy files to FTPa from Windows SMB. Do these permissions look correct? If so, is there a recursive way to apply g+s to all folders in the FTP_ROOT? I know how to get around Linux somewhat, but I am no expert by any means. I guess I am worried about security as well. I have my 2 ftp users locked down separately in FTPa, FTBb, and FTPc so that should be OK. I guess I need to make sure my backup consolidation program can read as well as make changes to the files as well. I did not do this test on that directory yet. Thanks again for your time and help! Cool, so it did work to allow two different users to write to the directory. Yes, those permissions more or less look correct, you could recursively do this with chmod -R. That said, I see that it's creating the files with rw for owner in the FTP permissions. What do the permissions for that file look like on unraid? It might be that employing FACLS or some other robust solution is needed, or that we need to tell the FTP server to create files with the correct user and group IDs (this can be done, using umask to force the FTP server to use that UID/GID) There's a lot of ways to approach this, I'm not sure which is the best approach. EDIT: If your FTP uploads are setting -RW-R--R-- I think you need to change the FTP create mask on the ftp server side. This can be accomplished with setting the create mask to 000 rather than the current of 022 Edited January 28, 2020 by Xaero 1 Quote Link to comment
Bifur Posted January 28, 2020 Author Share Posted January 28, 2020 11 hours ago, Xaero said: Cool, so it did work to allow two different users to write to the directory. Yes, those permissions more or less look correct, you could recursively do this with chmod -R. That said, I see that it's creating the files with rw for owner in the FTP permissions. What do the permissions for that file look like on unraid? It might be that employing FACLS or some other robust solution is needed, or that we need to tell the FTP server to create files with the correct user and group IDs (this can be done, using umask to force the FTP server to use that UID/GID) There's a lot of ways to approach this, I'm not sure which is the best approach. EDIT: If your FTP uploads are setting -RW-R--R-- I think you need to change the FTP create mask on the ftp server side. This can be accomplished with setting the create mask to 000 rather than the current of 022 Unraid is showing those permissions. I copied it from Unraid SSH session. Had to get some sleep last night. Working on updating umask in FTP server. Quote Link to comment
Bifur Posted January 28, 2020 Author Share Posted January 28, 2020 I think we got somewhere...everything is working better, but may something is still off? I applied the above chown commands to the entire ftp root directory (/mnt/user/FTP_ROOT) and I have each FTP user (3 total with dedicated root folders for each) writing data. Consolidation program is consolidating properly. File permissions are like this now: -rw-rw-rw- 1 FTPUSER2 users 40040 Jan 28 09:28 testfile Some files are orange highlighted now and a lot of the file names have a * after them. Not quite sure what that means yet. Again...working better, just not sure if it is quite right still. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.