Problems with permissions

Truly · 3 January 2019 23:57

Hello everyone!

I’ve recently installed OSMC, Transmission, Samba, SickChill, CouchPotato and NextCloud on my Raspberry Pi 3 B with OSMC SD card and 2TB USB WD HDD.

I’m trying to set up users and permissions correctly so that all these applications work properly, but I keep experiencing problems and I would appreciate another pair of eyes since I’m definitely doing something wrong.

I’ve created a user group htmc and added osmc, www-data, sickchill and couchpotato users in it.

SickChill:

[Unit]
Description=SickChill Daemon

[Service]
User=sickchill
Group=htmc

Type=forking
GuessMainPID=no
ExecStart=/opt/sickchill/SickBeard.py -q --daemon --nolaunch --datadir=/opt/sickchill

[Install]
WantedBy=multi-user.target

CouchPotato:

[Unit]
Description=CouchPotato application instance
After=network-online.target

[Service]
ExecStart=/opt/CouchPotatoServer/CouchPotato.py --daemon
GuessMainPID=no
Type=forking
User=couchpotato
Group=htmc
KillMode=process

[Install]
WantedBy=multi-user.target

Transmission:

[Unit]
Description=Transmission BitTorrent Daemon
After=udisks-glue.service

[Service]
User=osmc
Group=htmc
Type=notify
ExecStartPre=/bin/sleep 10
ExecStart=/usr/bin/transmission-daemon -f --log-error --allowed ...

[Install]
WantedBy=multi-user.target

Here is the directory structure on the USB HDD:
DirStruct

And here are the ownership and permissions:
/mnt (root:root 0755)
/clouddrive (www-data:htmc 0770)
/Movies (osmc:htmc 0775)
/TV Shows (osmc:htmc 0775)
/Downloads (osmc:htmc 0775) and the same for the Movies and TV Shows directories inside

Basically, CouchPotato and SickChill initiate downloads in the /clouddrive/Downloads/Movies and TV Shows directories. After Transmission finishes downloading, both programs should create a symbolic link to the /clouddrive/Movies and TV shows directories which are Kodi libraries.

The first problem is that Transmission is creating directories in /clouddrive/Downloads with 0755 permissions thus preventing the sym link creation.
I’ve tried setting umask parameter in /home/osmc/.config/transmission-deamon/settings.json to 2, but it keeps getting back to 18 (18 decimal is 022 octal, the default umask setting that will lead to 0755 permission).

The second problem shows if I try to play a movie or a tv show. Kodi gives me a message “The file is no longer available. Would you like to remove it from the library?”

I just don’t get it. If all the permissions are 0775 and the group ownership is always htmc that contains all other relevant users why is this not working?

bmillham · 4 January 2019 04:23

You may want to look into using extended attributes using setfattr.

But before we get into that, how is the drive formatted? I’m guessing NTFS? If so unless you are going to use the drive on a Windows system, I’d recommend reformatting it to EXT4. I do not know if this will work with NTFS or exFAT.

To use attributes (ACLs), you need to install the package:

sudo apt install attr

An example of using extended attributes:

setfacl -R -m u:sickchill:rw,u:couchpotato:rw,u:osmc:rw /mnt/clouddrive

Will give users sickchill,couchpotato and osmc rw access.

On the directories you may also need to give the ‘x’ permission.

Here’s a short tutorial covering this: Learn to use extended file attributes in Linux to boost security | TechRepublic

EDIT: The tutorial mentions that you have to use the acl option for mounting. I’ve tested and that does not seem to be true. It may be that the acl option is on by default now as the article I linked is 10 years old…

shamael · 4 January 2019 09:40

Hi bmillham,

Maybe you can help me for a similar issue. My goal was to add permission for everyone on some folders and I tried to set the mask as below

sudo setfacl -Rd -m mask:007 $folder

At the end each files in the folder have the permission changed with 007 but…not if I move a folder in it. The top folder is well changed but not subfolder/files. I was not able to resolve this. Currently I have a chown in a cron as workaround, working but not a nice solution. I’ll dig it of course again but so far did I miss something obvious in the setfacl commands?

Thx

Truly · 4 January 2019 20:09

Yes the drive is formated using NTFS since I want to be able to plug it in a Windows system. It was mounted using fstab:

UUID=E63054C530549DFD /mnt/clouddrive ntfs-3g defaults,permissions,nofail

Here is the ls output for /mnt/clouddrive and /mnt/clouddrive/Downloads:

osmc@osmc:~$ ls -al /mnt/clouddrive/
total 53
drwxrwx--- 1 www-data www-data    0 Dec  5 23:16 $RECYCLE.BIN
drwxrwx--- 1 www-data htmc     8192 Dec 21 21:54 .
drwxr-xr-x 3 root     root     4096 Dec 18 00:51 ..
-rw-r--r-- 1 www-data www-data  324 Dec 18 22:11 .htaccess
drwxrwxr-x 1 osmc     htmc     4096 Dec 27 18:08 Completed downloads
drwxrwxr-x 1 osmc     htmc     4096 Dec 27 23:34 Downloads
drwxrwxr-x 1 osmc     htmc     8192 Jan  3 11:30 Movies
drwxrwxr-x 1 osmc     htmc     4096 Nov  9  2017 Music
drwx------ 1 root     www-data 4096 Dec  5 23:18 System Volume Information
drwxrwxr-x 1 osmc     htmc     4096 Jan  3 00:22 TV Shows
drwxr-xr-x 1 osmc     osmc     4096 Jul  8 22:12 backup
-rw-r--r-- 1 www-data www-data    0 Dec 18 22:11 index.html
-rw-r----- 1 www-data www-data 2626 Dec 18 22:11 nextcloud.log
drwxrwx--- 1 www-data www-data 4096 Dec 18 23:34 nextclouddata

osmc@osmc:~$ ls -al /mnt/clouddrive/Downloads/
total 32
drwxrwxr-x 1 osmc     htmc  4096 Dec 27 23:34 .
drwxrwx--- 1 www-data htmc  8192 Dec 21 21:54 ..
drwxrwxr-x 1 osmc     htmc  4096 Jan  4 14:02 Movies
drwxrwxr-x 1 osmc     htmc 16384 Jan  4 05:47 TV Shows

By the looks of it, all the users have read, write and execute permissions on all relevant directories through htmc group.

I can try your suggestion but I don’t understand why the regular approach doesn’t work.

dillthedog · 4 January 2019 21:23

As you’ve already figured out, the default umask for user osmc is 022, so this is expected behaviour.

For settings to stick, you need to have shut down transmission before changing the settings.json file.

Perhaps the Kodi-related error will sort itself out when you can successfully create the links.

Truly · 5 January 2019 01:42

Thanks for the tip, it worked and the first issue is resolved. Transmission is now creating directories with 0775 osmc:htmc permission and ownership.

Post processing for CouchPotato is working fine now, I just need to check SickChill.

I had to delete Kodi library and set it up again, but now it seems that all the media is recognized and can be reproduced.

bmillham · 7 January 2019 03:03

The setfacl command will not change the traditional linux permissions, so the command you are using only changes the ACL, not the actual permissions.

I tested creating and moving directories, and as long as the ACL was set with the -d option, they stick when moving a directory.

shamael · 7 January 2019 10:18

Thank you for your answer, I think I get the mistake I made.

Thx!

Truly · 8 January 2019 00:18

I can confirm that post processing for SickChill is working fine also.

Thanks everyone for the help!