Assistance/advice with setup - permissions!

jdelliott · 7. November 2015

This is probably going to be long, as I want to be thorough in the telling of what I am wanting to do. I have been running OMV for over a year, and it works, sometimes. I am wanting to re-do everything and start over, because permissions are giving me grief. Some users can write where they need to, some can't, etc. Maybe somone can tell me exactly what I need to do to get what I want

Setup:

OMV installed on laptop HDD
4 hard drives, (2) 2TB, RAID1 (Media), (1) 2TB (Data), and (1) 320G (Staging), and one 60G drive (System) will add more later

The media share is, obviously, for media - Movies, TV Shows, ROMs, photos, OS install images, program setup files, etc (I am a movie/music/tv show lover, and I am also a computer tech, so I tend to collect programs and install ISOs) - once there, the data does not change much, except to add more. Hierarchy:

/
Movies
TV Shows
Photos
ROM
OS Install
Programs
Personal Documents

On Staging, that will be for DVD rips, downloaded ISOs, new photos (I sort them according to event and year), etc. Stuff on here is fluid, and ideally the drive will stay empty for the most part, as the info will be moved to the Media share

On Data, that will be kind of a catch-all for various stuff, don't know exactly what, but the info will be mostly static

System is a drive for Mysql, Virtualbox, etc to house their info (database, a couple test VMs, etc.)

Groups/Users

John - should have read/write/everything access, no permissions issues or being told I can't do something, ever.

Family - Heather, John, Sandra, William, Michael, plus a Guest account - Should have read-only access to Media, and write access to Staging. Don't care about access to Data, as long as it's not write

Kodi - will have read-only access to Media, no access to any of the other shares.

I want to have the Mysql plugin installed for shared media library access for Kodi (I have 2 dedicated PCs - 1 Windows, 1 Mac Mini, connected to both of the TVs in the house, and both kids have it on their PCs). Database stored on System share

I want to have Transmission installed. incomplete directory will be on System, Complete and Watch directories on Media Staging (So that others can add torrent files and have them started).

I would like read/write access via SMB to all the shared folders. I would like to have NFS setup for the Media share, read-only, so that all the Kodi instances can have uniform paths across all platforms.

The transmission is a major sticking point. The way it is working now, Transmission can download everything, but via SMB I cannot MOVE the completed items out of the Complete directory to my Media disk - I always get a permission denied error.

Another issue is that a folder created on Data on one of the Kodi machines, I cannot add/delete/move anything in it from another computer/user- I can read it, just not write to it.

I know this has been long, and my root issue is permissions, but I just cannot figure it out. Normally I'd just go into it via SSH and chmod -R 0777 / on the entire drive, but I know that is not best practices, and it defeats the purpose of giving everyone different permissions. Thanks in advance for any light you can shed on this.

John

subzero79 · 8. November 2015

I have a couple of tips for you:

Make debian-transmission part of the group "users". usermod -G users debian-transmission. This use to be default behaviour but it was changed not so long ago.
Change the default umask in transmission, put the text field the value 2 (That's equivalent to 002 or 775).
For read only or read-write permission use the privileges button. You'll need to create all shares separately so they are well defined per folder and per user. Use samba and don't forget to checkmark "enable permission inheritance.
For moving content create a big share for the root of the media disk putting a / in path when you create a folder. Give access to this folder to yourself only. Moving data across two mounted shares will imply moving data through the client, for so extremely slow.
If you have omv-extras go to shared folder section, in the second tab you'll find a utility reset permission. Apply this to all shares you've created except for the big one. The default is admin-rw, users-rw, others read only.
If you use a pooling solution (AUFS) you'll need to reset permission at each branch disk.

KM0201 · 8. November 2015

If it were me... I'd set your user permissions by group.... This might be a bit long, so for the "tl;dr" crowd.. close out now... Understanding I am not a Windows user... all of the below works fine on my Linux OS. I've done things this way for a while, and it works pretty well for my situation. Is there a better solution? Probably. :), I've never done things the easy way.

First, go to Users, and create your users (in this case, I made John, Jill, and Jane)

(edit: woops, accidentally hit submit, give me a few minutes)

1. Click Users
2. Create your users (I've created John, Jill, and Jane)

3. Click Groups
4. Create however many groups you'll need (I think you'll need at least two, so in this example I used two... master and family). While creating the groups, click Members, and add the users you've created to the group you want them in. Obviously, you will be master... family will be the individuals with limited privileges (read only).

5. Now, create your shares. I think easiest way to accomplish what you want to do, is put your shares in the root partition of the drive to accomplish this... For now, don't worry about the permissions. Pay attention to the Path.. (ie, Folder_1/ not /Folder_1).

6. After you've created your shares, Highlight a share and click Permissions, and set them accordingly. This one, is obviously set for "master" group to have read/write, while "family" group will have read only.
.

7. Click SMB/CIFS and then the Shares tab. Create your Shares. The key thing to remember here, is to "Honor existing ACL's". Make sure that is "on". Repeat for however many shares you've made.

8. After you've added the shares, click settings and start Samba.

Once you log in w/ whatever your user credentials are, and map the appropriate shares.. everything should be good.

jdelliott · 8. November 2015

OK, I wiped out one of my drives, to start over, and see how this works. This is my problem:

Two users, User1 - should have access everywhere, not be denied anything
User2 - pretty much the same thing, but won't have access to certain folders. For now I am not worrying about that.

User2, from PC2, creates a folder on the Media drive.
User1 then goes and tries to delete a file, move a file into it, anything, can't do it - has read access, but not write. Cannot even add files to that folder. I followed what KM0201 suggested, and I cannot have it do what I want it to do. If I try to write to the folder, tells me that I must have permission from User2. What gives?

And this occurs no matter which way I try it - User1 cannot deal with any files/folder that User2 has created, and vice versa. For those users that I designate to have write access, why can they not write to anything but their own stuff?

subzero79 · 8. November 2015

Try reset permissions and this time mark the enable permission inheritance. The default umask is 755, that's why you can't delete files created by others.

jdelliott · 8. November 2015

OK - think I got it - I looked at this sticky thread - Samba Share Types in OMV

I had looked at that previously trying to figure this out, and I guess I glossed over the part about "Enable Permission Inheritance" to enable shares to be use flexily by different users, which is exactly what I needed. Now I am able to add and delete files and folders created by other users. I think I have it figured out now. I appreciate the help, and I also thank subzero79 for the tidbit about adding transmission to the users group. I'll let you all know if I need further help.

John

KM0201 · 9. November 2015

That's odd.. I didn't have to use "inherit permissions"... I just had to use the honor existing ACL's. I've always used groups for permissions and it's worked for me.. .

Regardless, glad you got it worked out.

jdelliott · 13. November 2015

I wanted to report back with my success, again. I used the rsync module to transfer all my media (movies/TV Shows/Music/ROMS, etc) from my 1TB drive to my 2TB drive after coming to the realization of how much I had, and that 1TB wasn't going to cut it. I got all my desired shares set up, and everything working well.

Then I decided to tackle Transmission again, using sebzero79's suggestion on adding debian-transmission to the users group, and setting the umask to 2. I got a share set up that I named OMVSystem, that I am using for all the transmission folders, and will also be using for mysql once I decide to take on a shared database for Kodi again. Right now I have it setup so that each instance of Kodi keeps it's own info, but would be nice to not have to hit the internet to download the same metadata, etc everytime I setup a new machine. Anyway, I downloaded a small torrent file, waited for it to complete, and then attempted to MOVE it out of the completed files directory, and it work great. Thanks once again for all your help. Any idea WHY they decided to not have debian-transmission be part of the users group? I am sure I'm not the only one running into this issue with OMV. If updates are done, will I have to redo this? I understance that setting made via the GUI are pretty well set in stone, but the debian-transmission user does not show in the Users section in the GUI, and I had to make that change via command line. Even if it showed in the GUI do it could be dealt with in the GUI would be a nice thing.

John

subzero79 · 13. November 2015

Well the group users, is a security concern by the transmission plugin developer. He decided that way. If you search the forum you'll find the previous discussion.
Comes to a point were the user has to decide what to do, because there are 3 options,
Open the transmission download folder in 777 mode
Use an acl
Or add debian-transmision to group users.

tekkb · 13. November 2015

4th option, write a script to handle torrents post download. You have the ability to run a script after a torrent finishes in the plugin. You don't need to add transmission to the users group. Files can be adjusted and then moved to a shared folder, or adjust post move. People would only have to adjust the path in the script for their systems.

Jetzt mitmachen!