ACL settings not persistent

    • OMV 3.x
    • ACL settings not persistent

      Hi

      I recently enabled sonarr/radarr, the plugins are working well. The only issue I am not able to solve is a persistent ACL setting for the systemusers sonarr/radarr.

      Sonarr/Radarr should move the downloaded files to the specified folders on the share of the NAS but fails to do so. The log says authorization is missing. I assigned read/write Access in ACL settings for the users Sonarr/Radarr for the respective folders but somehow, this does not seem to be enough.

      Every time new content has been downloaded, I just go to ACL settings and enable the recursive permission anew. The files are then beeing moved.

      Is the recursive setting not persistent respectively inherited for new files? How can I fix that issue?

      Thank you and best regards

      Christoph
    • Details are missing which might explain why no one answered.

      What's in the log file(s)? (Paste it in or attach a file.)

      And, exactly, are you trying to do, or what is it that sonarr / deluge should be doing?
      (Locations of folders, what is supposed to happen and when, etc. A screen shot of your settings, that are not working, might help.)

      I've run sonarr and deluge in dockers, to help someone else get them running in Dockers, but I don't use them. (I'm not an expert on these app's.) In any case, for moving files around, there's more than one way to skin the cat.

      What I did learn, during that exercise is Deluge creates a system user and a group named "911" when it's installed.

      I'll try to help you with this.
      ___________________________________________________

      (Edit: I've loaded the plugin's on test hardware. Since you haven't responded, I'll speculate.)

      If the problem is with Deluge folders; Download to: versus Move completed to: , you could change the "Move completed to" folder permission to "Others" - "Read/Write".

      BTW: the deluge system user installed by the plugin is (on my box) deluge-damon [1001] You can find this user under Access Rights Managment, User.
      The deluge-damon user is added to the "users" group by default so if the Move completed to: folder allows the users group Read/Write, it should work. Check permissions on the destination.
      Good backup takes the "drama" out of computing
      ____________________________________
      OMV 3.0.99 Erasmus
      ThinkServer TS140, 12GB ECC / 32GB USB3.0
      4TB SG+4TB TS ZFS mirror/ 3TB TS

      OMV 3.0.99 Erasmus - Rsync'ed Backup
      R-PI 2 $29 / 16GB SD Card $8 / Real Time Clock $1.86
      4TB WD My Passport $119

      The post was edited 1 time, last by flmaxey: edit ().

    • Hi, your help is really appreciated!

      The users I see under Access Rights Management are Sonarr/Radarr which are system users. I granted Read/Write Access for download and destination folders.
      Every time a new file has been downloaded, I need to set the recursive permission for download folder manually.
      Only then the files are moved automatically.

      My working theory is that the ACL settings are only static, means only valid for the files already existing. Everytime a new file is being added, this file does not inherit the same Read/Write Access.

      In my setting, there is no deluge-daemon user. I am just trying to reproduce the behaviour so I can provide logs.
    • Here the log of Sonarr after download:

      Display Spoiler

      Couldn't import episode /media/4dd0923e-81fe-47ce-86ac-bd75f1ea3efb/share/Downloads_complete1/tv/The.Simpsons.S29E08.Mr.Lisas.Opus.1080p.AMZN.WEB-DL.DD5.1.H.264-SiGMA-Scrambled/337fc1a0dc4f4f86a00609e83b686822.mkv: Access to the path is denied.

      Exception

      System.UnauthorizedAccessException: Access to the path is denied. at System.IO.File.Move (System.String sourceFileName, System.String destFileName) [0x00000] in <filename unknown>:0 at NzbDrone.Common.Disk.DiskProviderBase.MoveFileInternal (System.String source, System.String destination) [0x00000] in <filename unknown>:0 at NzbDrone.Mono.Disk.DiskProvider.MoveFileInternal (System.String source, System.String destination) [0x00000] in <filename unknown>:0 at NzbDrone.Common.Disk.DiskProviderBase.MoveFile (System.String source, System.String destination, Boolean overwrite) [0x00000] in <filename unknown>:0 at NzbDrone.Common.Disk.DiskTransferService.TryMoveFileVerified (System.String sourcePath, System.String targetPath, Int64 originalSize) [0x00000] in <filename unknown>:0


      Here the log of OMV:

      Display Spoiler

      Mar 21 21:01:55 serverli rsyslogd: [origin software="rsyslogd" swVersion="8.4.2" x-pid="828" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
      Mar 21 21:08:09 serverli kernel: [1248993.067533] type=1702 audit(1521662889.664:8489): op=linkat action=denied pid=13004 comm="mono" path="/media/4dd0923e-81fe-47ce-86ac-bd75f1ea3efb/share/Downloads_complete1/tv/The.Simpsons.S29E08.Mr.Lisas.Opus.1080p.AMZN.WEB-DL.DD5.1.H.264-SiGMA-Scrambled/337fc1a0dc4f4f86a00609e83b686822.mkv" dev="md0" ino=135922440
      Mar 21 21:09:01 serverli CRON[12504]: (root) CMD ( [ -x /usr/lib/php5/sessionclean ] && /usr/lib/php5/sessionclean)
      Mar 21 21:09:38 serverli kernel: [1249082.217985] type=1702 audit(1521662978.860:8490): op=linkat action=denied pid=13005 comm="mono" path="/media/4dd0923e-81fe-47ce-86ac-bd75f1ea3efb/share/Downloads_complete1/tv/The.Simpsons.S29E08.Mr.Lisas.Opus.1080p.AMZN.WEB-DL.DD5.1.H.264-SiGMA-Scrambled/337fc1a0dc4f4f86a00609e83b686822.mkv" dev="md0" ino=135922440
      Mar 21 21:11:09 serverli kernel: [1249172.410381] type=1702 audit(1521663069.100:8491): op=linkat action=denied pid=13004 comm="mono" path="/media/4dd0923e-81fe-47ce-86ac-bd75f1ea3efb/share/Downloads_complete1/tv/The.Simpsons.S29E08.Mr.Lisas.Opus.1080p.AMZN.WEB-DL.DD5.1.H.264-SiGMA-Scrambled/337fc1a0dc4f4f86a00609e83b686822.mkv" dev="md0" ino=135922440
      Mar 21 21:15:01 serverli CRON[14443]: (root) CMD (/usr/sbin/omv-mkgraph >/dev/null 2>&1)
      Mar 21 21:15:01 serverli rrdcached[989]: Received FLUSHALL
      Mar 21 21:17:01 serverli CRON[14565]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
      Mar 21 21:17:01 serverli postfix/postsuper[14568]: fatal: scan_dir_push: open directory hold: No such file or directory




    • The sonarr system user is more for assigning permissions to its' own config folders, so it can save parameters. If it can save a new series, for example, it should be OK.

      Moving files, after downloaded, is a responsibility of deluge user. If the user deluge-damon is not in the users group, I would try reinstalling the plugin.
      __________________________________________

      The key to the issue is (with the user deluge-damon in the users group), the users group needs read/write access to all folders in the following path.

      /share/Downloads_complete1/tv/
      __________________________________________

      Things to note about permissions.

      First, the following window sets permissions for Shared folders created by OMV and it works fine for shared folders created at the root of the data drive. (In the example shown below, I created a folder called "Test" at the root of the data drive. BTW: Note the duluge-daemon user in the user accounts list.)

      Second: What is labeled as Extra Options (red box) is, in fact, standard (native) Linux permissions.
      What is labeled as User/Group permissions at the top of the box is, in fact, extended ACL's. These permissions are "add-on's" to the standard Linux file and are stored as extra attributes in Linux files and folders.
      **When extended permissions conflict with standard permissions, weird things can happen. They can, in some instances, cancel each other.**

      So, if it's at all possible, try to do what needs to be done in standard permissions (the red outlined box).



      ____________________________________________________________________________________

      Do you have WinSCP? If you do, it's relatively easy to look at the folders in the path and push standard permissions recursively.

      I created a string of folders much like you have and I set Deluge to download to "Downloads" and on completion to move files to "TV".

      /srv/dev-disk-by-label-DATA/Fileserver/Downloads/TV

      It didn't work because the the folder Fileserver, at the root of the data drive, was not created by Shared Folders, in OMV, so it's permissions were Owner:root and Group:root.

      So, using WinSCP, I went to the folder at the root of the data drive, Fileserver, and changed the users group from root to users, and pushed the change recursively.


      BTW: if you get an error when changing the group to users, just use the number 100. (That's the default ID for the users group.)
      ___________________________________________________________________________________

      In your case, you need to:
      1. Find out why the user deluge-damon is not in the user group. Adding this user seems to be the default action of the deluge plugin installation.

      THEN

      2.
      - If the "share" folder, at the root of your data drive, was created by OMV's Shared folders, you can use the Access Rights Management, Shared Folders, ACL Button to change the Group of the "share" folder from root to users and push the change recursively.
      (OR)
      - Use WinSCP and make the change to your folder "share" in a similar manner to the way shown above.
      Good backup takes the "drama" out of computing
      ____________________________________
      OMV 3.0.99 Erasmus
      ThinkServer TS140, 12GB ECC / 32GB USB3.0
      4TB SG+4TB TS ZFS mirror/ 3TB TS

      OMV 3.0.99 Erasmus - Rsync'ed Backup
      R-PI 2 $29 / 16GB SD Card $8 / Real Time Clock $1.86
      4TB WD My Passport $119
    • OK, now I'm confused. The following is your original post.

      grummelzwerg wrote:

      Hi

      I recently enabled sonarr/radarr, the plugins are working well. The only issue I am not able to solve is a persistent ACL setting for the systemusers sonarr/radarr.

      Sonarr/Radarr should move the downloaded files to the specified folders on the share of the NAS but fails to do so. The log says authorization is missing. I assigned read/write Access in ACL settings for the users Sonarr/Radarr for the respective folders but somehow, this does not seem to be enough.
      Followed by this excerpt, from a log entry posted, which appeared to be a torrent download.

      grummelzwerg wrote:

      Mar 21 21:11:09 serverli kernel: [1249172.410381] type=1702 audit(1521663069.100:8491): op=linkat action=denied pid=13004 comm="mono" path="/media/4dd0923e-81fe-47ce-86ac-bd75f1ea3efb/share/Downloads_complete1/tv/The.Simpsons.S29E08.Mr.Lisas.Opus.1080p.AMZN.WEB-DL.DD5.1.H.264-SiGMA-Scrambled/337fc1a0dc4f4f86a00609e83b686822.mkv" dev="md0" ino=135922440
      I have two plugins loaded, Sonarr and Deluge. As I understand how they work; Sonarr is a kind of director. Deluge is the downloader for Sonarr and it has it's own Web page.

      What the above noted, you mentioned NZB.
      In the Sonarr's settings page, I noted there are two downloaders, NZBGet and NZBVortex. If this is what you're using, I can't help you. I don't have a usenet account so I can't simulate the issue without the ability to download.
      _______________________________________

      EDIT: I loaded the NZBget plugin but, again, without an account I can't work with it. I did find a thread that might help you, here -> NBZGet thread.
      Good backup takes the "drama" out of computing
      ____________________________________
      OMV 3.0.99 Erasmus
      ThinkServer TS140, 12GB ECC / 32GB USB3.0
      4TB SG+4TB TS ZFS mirror/ 3TB TS

      OMV 3.0.99 Erasmus - Rsync'ed Backup
      R-PI 2 $29 / 16GB SD Card $8 / Real Time Clock $1.86
      4TB WD My Passport $119

      The post was edited 2 times, last by flmaxey: edit ().