6.8.3 keep loosing permission to my share


Recommended Posts

Hi,

 

We run a small unraid server at the office for our product photo shoots.

 

We recently upgraded the server to version 6.8.3, after the update we lost permission to the output files of our docker pdf scanner docker - ocrmypdf-auto 

 

Today i solved this issue by running the Docker Safe New Perms from the tools section, this fixed the issue but now we are getting random access denied to our main SMB share from a windows machine.

 

If I re-run the Docker Safe New Perms it temporarily works before one of the sub folders get the same access denied error, re running the Docker Safe New Perms fixes this again but will randomly give the same error on another sub folder after a few minutes.

 

I tried running the New Permission selecting both our harddrives and the share folder, this gave the same temporary fix that later results in 1 or more folders getting access denied.

 

 

UPDATE! - Anytime we write something to a folder in the share we get access denied when trying to access it after. So any new file creation or copy of a file to a folder on the share results in access denied when trying to access that folder later.

 

I am a bit desperate and any help would be greatly appreciated 

Edited by nik82
Link to comment
2 hours ago, nik82 said:

pdf scanner docker - ocrmypdf-auto 

The owner and group for the files that it creates is probably set wrong in the setup of the Docker.  It should be   nobody   for the owner and    users   for group.  If it not obvious how to set these, you should be asking in the support thread for the Docker.

Link to comment

Thanks for getting back to me. 

 

The problem is that is is affecting folders that are not associated with the docker and when the docker is not used or started.

 

The docker has a separate folder on the share Input and Output folder, these have not been used today and the docker was turned off, yet we keep getting random access denied on random sub folders of our main SMB share.

 

 

Link to comment

Hi I think you are misunderstanding my problem.

 

Let me try to clarify. Our Normal SMB Share that we work from will work until we put any files on it. If we put a file in SMB SHARE -> SUB FOLDER1, as soon as the file is written we can no longer open SUB FOLDER1 as we get an access denied error. We can still access SUB FOLDER2, SUB FOLDER3 etc. If we save a file to SUB FOLDER2 the exact same thing happens, as soon as the file is saved, or if any file is copied we can no longer access SUB FILDER2.

 

If i then run Docker Safe New Perms it will temporarily fix the problem until we write anything to any folder again.

 

To clarify, we are NOT using a docker to write these files, we are saving them with Photoshop directly to the SMB Share, and the same thing happens if we just copy a file using windows.

 

The system has been working flawlessly for over a year prior to this issue but it all starter after running - Docker Safe New Perms to fix the permission error we got from files that the docker ocrmypdf-auto was creating. And that bug began after updating unraid to the latest version.


We have tried disabling the docker (Stopping it) but it does not fix the issue

Edited by nik82
Link to comment

I will tel you what you are going to have to do to begin to analyze this problem.  On the Taskbar (just under the Banner) at the right side, Open a terminal session.  It is the   >_   icon.  Now look at the screen capture below:

image.png.8bb0541f485f89dae23b58ccba3e3751.png

Quick explanation.  The    at the beginning of the permission means that the object is a directory.  The  -   at the beginning means it is a file.  There are now three blocks of    rwx  permisions, first is for owner, second is for group ant the third is for others.  A  -  in any spot means that permission does not exist for that attribute!  (Oh, the x stands for execute-- extensions have no meaning in Linux, you have to have explicitly set permission on a file to allow it to execute.  If a directory does not have the execute bit set, you can not browse the contents!!!)

 

You will have to navigate through your data files until you find something that does not exactly match the screen capture. 

 

Quick note:  after you have entered a few commands, just hit the 'UP' and 'DOWN' arrow keys. With a command in place, try the right and left arrow keys.  You will find that the shell has lot of editing 'features' built in to simplify your life!   Remember that Google is your friend...

 

Link to comment

Thank you for your reply.

 

quite note, disabling Cache drive on the share fixes the issue for some reason. With the cache drive disabled i ran your command and it resulted in the below with Nextcloud missing the RWX at the end 

 

drwxrwxrwx  1 nobody users   40 Mar 18 00:36 ./
drwxr-xr-x  7 root   root   140 Mar 18 19:35 ../
drwxrwxrwx  1 nobody users  142 Feb 11 11:40 appdata/
drwxrwxrwx  1 nobody users   20 Jun 28  2019 domains/
drwxrwxrwx  1 nobody users  117 Jun 28  2019 isos/
drwxrwx---  1 nobody users  189 Feb 13 17:02 nextcloud/   <-----------------------------------------------
drwxrwxrwx  1 nobody users   26 May  4  2019 system/
drwxrwxrwx+ 1 nobody users 4096 Mar 17 15:18 unraid/

Link to comment
On 3/17/2020 at 9:38 AM, nik82 said:

UPDATE! - Anytime we write something to a folder in the share we get access denied when trying to access it after. So any new file creation or copy of a file to a folder on the share results in access denied when trying to access that folder later.

 

Is this true for every computer on your network?  Is there a Docker or Plugin that could be involved?

7 hours ago, nik82 said:

drwxrwx---  1 nobody users  189 Feb 13 17:02 nextcloud/   <-----------------------------------------------

So the question you have to ask is "What exactly is doing the writing to these folders which is causing the permissions to get changed?"   I know of no way that a Windows computer can do this by writing using SMB!   Do you have any computers that are making a connection via NFS?  (And I am not sure that NFS could be able to make this type of change...)

Link to comment
  • 2 months later...
  • 1 month later...

Did anyone find a root cause and/or solution for this?

 

Mine is a little different but sounds very similar in that I would guess its more to do with a user group issue.

 

In my situation, I have a torrent-downloader with uid=99 and gid=100 that is creating folders/files with the drwxrwx--- permissions. Looks good because I am attempting to access from a user in the same "users" group (gid=100).. but I cannot access.

 

I have tried from both Win10 and Ubuntu with no success. Mapping to the /docker_downloads folder or to a "root folder" and signing in with the user2 name/pass makes no difference. I created another user, ensured it also was in gid=100 (it could not access), chown to the new user, but still cannot access from other users in the same group.

 

I ran the commands below to see the user/folder settings and it looks like it should work correct?

root@Tower:~# id nobody
uid=99(nobody) gid=100(users) groups=100(users)
root@Tower:~# id user2
uid=1001(user2) gid=100(users) groups=100(users)
root@Tower:~# ls -al /mnt/user/docker_downloads/
total 0
drwxrwxrwx+ 1 nobody users  28 Jul 23 13:55 ./
drwxrwxrwx+ 1 nobody users  76 Jul 22 13:37 ../
drwxrwxrwx+ 1 nobody users 122 Jun  1 14:00 xxxxx/
drwxrwxrwx+ 1 nobody users 266 Jul 23 13:31 xxxxxxxxxx/
drwxrwxrwx  1 nobody users  70 May 26 19:25 xxxxxx/
drwxrwxrwx  1 nobody users 796 Jul 10 12:25 xxxxxx/
drwxrwxrwx+ 1 nobody users  10 Jul 18 07:53 xxxxxx/
drwxrwx---+ 1 nobody users 244 Jul 23 11:29 test/
drwxrwxrwx  1 nobody users 176 Jul  2 12:07 xx-xxxxxx/
root@Tower:~# groups nobody
nobody : users
root@Tower:~# groups user2
user2 : users
Link to comment
On 7/23/2020 at 12:48 PM, FelixTheEpic said:

Did anyone find a root cause and/or solution for this?

 

Mine is a little different but sounds very similar in that I would guess its more to do with a user group issue.

 

In my situation, I have a torrent-downloader with uid=99 and gid=100 that is creating folders/files with the drwxrwx--- permissions. Looks good because I am attempting to access from a user in the same "users" group (gid=100).. but I cannot access.

 

I have tried from both Win10 and Ubuntu with no success. Mapping to the /docker_downloads folder or to a "root folder" and signing in with the user2 name/pass makes no difference. I created another user, ensured it also was in gid=100 (it could not access), chown to the new user, but still cannot access from other users in the same group.

 

I ran the commands below to see the user/folder settings and it looks like it should work correct?


root@Tower:~# id nobody
uid=99(nobody) gid=100(users) groups=100(users)
root@Tower:~# id user2
uid=1001(user2) gid=100(users) groups=100(users)
root@Tower:~# ls -al /mnt/user/docker_downloads/
total 0
drwxrwxrwx+ 1 nobody users  28 Jul 23 13:55 ./
drwxrwxrwx+ 1 nobody users  76 Jul 22 13:37 ../
drwxrwxrwx+ 1 nobody users 122 Jun  1 14:00 xxxxx/
drwxrwxrwx+ 1 nobody users 266 Jul 23 13:31 xxxxxxxxxx/
drwxrwxrwx  1 nobody users  70 May 26 19:25 xxxxxx/
drwxrwxrwx  1 nobody users 796 Jul 10 12:25 xxxxxx/
drwxrwxrwx+ 1 nobody users  10 Jul 18 07:53 xxxxxx/
drwxrwx---+ 1 nobody users 244 Jul 23 11:29 test/
drwxrwxrwx  1 nobody users 176 Jul  2 12:07 xx-xxxxxx/
root@Tower:~# groups nobody
nobody : users
root@Tower:~# groups user2
user2 : users

 

never found the root cause but with the help of another member I was able to remove ACL rules from the affected shares/directories.

 

see here  

 

  • Thanks 1
Link to comment
  • 6 months later...

I also have this EXACT same issue. 

 

I am browsing through folder on my Unraid NAS and at the next moment I cannot access that very same folder anymore. This while just browsing.

Folders and files change to permissions 644 and I have to go to the command line of Unraid to put the folder back  to 777 permissions. 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.