Plugin losing permissions intermittently?

  • @subzero79 It is planed for the next version https://raw.githubusercontent.com/OpenMediaVault-Plugin-Developers/openmediavault-couchpotato/master/debian/couchpotato.init


    It needs a bit of work before it is ready for release as the user group was removed and I would like to keep it plus some other stuff to bring the plugin page inline with the other python plugin apps.

    [align=center]banner@1x.jpg
    What I am watching/watched on my Popcorn Hour media player
    omv 2.1.1 stoneburner | 64 bit | omvextrasorg 1.29
    MySQL (Percona[size=8]) | Newznab | Sonarr | CP | HP | NZBget | YAMJ | CUPS

  • For me testing that version the user did not show up in the users list, I had to add the users group to couchpotato via the command line.
    The change has been planed for a while so that it will make use of /etc/default/couchpotato so users could change some options (and via the plugin at a later date) this has already been done with some of the other plugin.
    The last few commits on CP were not done by myself, 99% of the changes are good but for me I want to keep the couchpotato user in the users group.

    [align=center]banner@1x.jpg
    What I am watching/watched on my Popcorn Hour media player
    omv 2.1.1 stoneburner | 64 bit | omvextrasorg 1.29
    MySQL (Percona[size=8]) | Newznab | Sonarr | CP | HP | NZBget | YAMJ | CUPS

  • I changed that to use the one provided by Couchpotato themselves as it was more ut to date with Debian practices.


    However, if you read the file it says:

    Bash
    # Extra start-stop-daemon option like START_OPTS=" --group=users"
    EXTRA_SSD_OPTS=${SSD_OPTS-}


    This means that if you open /etd/default/couchpotato and put the following in it it will do what you want.

    Bash
    SSD_OPTS=" --group=xxx --umask=xxx


    That avoids hardcoding some parameters.

    • Offizieller Beitrag

    The last few commits on CP were not done by myself, 99% of the changes are good but for me I want to keep the couchpotato user in the users group.


    I understand. This is really bad for user experience, the adduser uses system flag, uid lower than 1000 don't appear in webui, that would force users to go into ACL or do it via CLI to add group. The two things we try to avoid the most for new users.

  • I changed that to use the one provided by Couchpotato themselves as it was more ut to date with Debian practices.


    So you would not mind if I make it default for it to uses the users group? I remember you saying that you did not want it that way for your setup?

    [align=center]banner@1x.jpg
    What I am watching/watched on my Popcorn Hour media player
    omv 2.1.1 stoneburner | 64 bit | omvextrasorg 1.29
    MySQL (Percona[size=8]) | Newznab | Sonarr | CP | HP | NZBget | YAMJ | CUPS


  • I understand. This is really bad for user experience, the adduser uses system flag, uid lower than 1000 don't appear in webui, that would force users to go into ACL or do it via CLI to add group. The two things we try to avoid the most for new users.



    Still people would have to go to change that in CLI, if the user was available in the webui they easily add them in the interface


    It is added as a system user because that's what it is. It's not more weird than that. (Bloating the users page with system users is not very nice. It also makes it possible for users to easily remove users which are needed by a service.)


    I don't think this should be solved by making couchpotato a non system user. It would be better to make is possible to manage system users and groups from the web interface in that case. Just keep them separate from the user created ones. And even if that's not implemented, how hard can it be to write a guide for two commands, one to add a user to a group and one to remove a user from a group? It may even do some good since you have the chance to educate the users. Use the FAQ and point users to it.



    So you would not mind if I make it default for it to uses the users group? I remember you saying that you did not want it that way for your setup?


    No, I would mind. It's not specific for my setup, I would not want that for anyone's setup. It's not a good idea to add system/service users to the users group by default. As I've stated before, the day the service screws up and can modify everything the users group has access to is not the best of days. There's nothing friendly about potentially causing users that harm. It's the system administrators job to manually override that and add the system user to that group because then they've done a conscious decision knowing the implications.


    However, this is not really my plugin, so you can always do as you want. I will still disagree though.

  • Update: Changing umask to 0777 in cp fid not fix.Syncthing sync'd the rar folder to omv, cp saw folder, created a new folder in my media library, placed a properly named nfo file in media library, unrar'd the files, but could not move the unrar'd movie into my media library from the sync folder.


    So it seemed to start with permissions, until it tried to move the newly created unrar'd file over.

    OMV 1.9 - Lenovo Thinkserver TS140 - Xeon E3-1200 v3 Series w/ 8GB Ram: 3 x 3TB WD RED - AUFS Pool, 1 x 16GB Samsung SSD System Drive
    Plex - Syncthing - Couchpotato - Sonarr - NUT

  • No, I would mind. It's not specific for my setup, I would not want that for anyone's setup. It's not a good idea to add system/service users to the users group by default. As I've stated before, the day the service screws up and can modify everything the users group has access to is not the best of days. There's nothing friendly about potentially causing users that harm. It's the system administrators job to manually override that and add the system user to that group because then they've done a conscious decision knowing the implications.



    I do not agree with his philosophy in regards to a few issues but I firmly share his point of view on this matter. To many arguments I've been in over this subject.

  • I would not want that for anyone's setup. It's not a good idea to add system/service users to the users group by default.


    This is why CP has not been updated for a while. I am still learning (from you, Aaron and other devs) I see what you mean but for me if it is not part of the users group the interaction from the other plugins becomes a PITA with permissions problems.

    [align=center]banner@1x.jpg
    What I am watching/watched on my Popcorn Hour media player
    omv 2.1.1 stoneburner | 64 bit | omvextrasorg 1.29
    MySQL (Percona[size=8]) | Newznab | Sonarr | CP | HP | NZBget | YAMJ | CUPS

  • Why don't you add a field or combo box to input a group in the plugin settings? that would avoid bloating the user section


    This was what I was planning to do, user can change (via the plugin) the contents of /etc/default/couchpotato just like any other config can be modified but this does not resolve the issue of if to use the users group or not.


    I do not want to be responsible for any data loss or system failure if it can be avoided.

    [align=center]banner@1x.jpg
    What I am watching/watched on my Popcorn Hour media player
    omv 2.1.1 stoneburner | 64 bit | omvextrasorg 1.29
    MySQL (Percona[size=8]) | Newznab | Sonarr | CP | HP | NZBget | YAMJ | CUPS

  • Thank you for your help everyone.


    It's very cool to see such healthy discussions on the forum!


    I'm really enjoying using OMV and the learning curve it comes with.

    OMV 1.9 - Lenovo Thinkserver TS140 - Xeon E3-1200 v3 Series w/ 8GB Ram: 3 x 3TB WD RED - AUFS Pool, 1 x 16GB Samsung SSD System Drive
    Plex - Syncthing - Couchpotato - Sonarr - NUT

  • Question: can I delete openvpn and openvpnas users (I already configured my own admin user on the server)? it's just because I don't like to see its on the list... lol. Call me a maniac.


    Inexperienced users will do bad things if they have access to system users/groups. I think Volker is right in not making this accessible.


  • Inexperienced users will do bad things if they have access to system users/groups. I think Volker is right in not making this accessible.


    I realized that maybe it could be solved rather easily. The thing that's missing is the possibility to add system users to some groups.


    If one goes to Access Rights Management -> Groups -> Select a group -> Edit -> Members we could list system users below normal users in that list (similarly to how the ACL window is done). That way users could add and remove system users to our their own groups, but not from system groups. This should minimize the potential issues of users removing users from their needed groups. Thoughts?

  • Would it be at all advantageous to have a "beginner command line web interface" with things like users being inaccessible so that beginners can't screw things up beyond repair? I'm sure experienced users run test machines and stuff that like but that is beyond what most beginners will want to do.


    Once I get this up and running I'll need to learn how to use Clonezilla and make sure I have a spare ssd in case any issues arise down the line.


    I bought a batch of 5x 16GB Samsung ssd's for my OMV system specifically so I could run omv on one, while having a spare cloned, and building another OMV system on an old desktop for backup.

    OMV 1.9 - Lenovo Thinkserver TS140 - Xeon E3-1200 v3 Series w/ 8GB Ram: 3 x 3TB WD RED - AUFS Pool, 1 x 16GB Samsung SSD System Drive
    Plex - Syncthing - Couchpotato - Sonarr - NUT

  • I think this would work fine because it would only allow the user to add/remove a system user to a group created by the user. But in a lot of cases is it not desired to add a system user to the system group "users" (i.e. system user "couchpotato" to system group "users"). Is this not what most people are doing? I am not using any of the downloader plugins. But this seems to be what most people are doing.

  • I think this would work fine because it would only allow the user to add/remove a system user to a group created by the user. But in a lot of cases is it not desired to add a system user to the system group "users" (i.e. system user "couchpotato" to system group "users"). Is this not what most people are doing? I am not using any of the downloader plugins. But this seems to be what most people are doing.


    It still kind of wouldn't be possible since the users group doesn't show up in that list at the moment. It does however open up for a better alternative (in my opinion) since you then can create a group named moviemanagers which you can add all normal and system users to which should be able to manage movies for example. The users group is not really narrowed down enough in my opionion.


    The problem is that there's no way to change the owner and group of a directory in OMV yet. If you could do that and combined it with the possiblity to add system users to your own groups things would probably be a lot easier.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!