Still trying to understand permissions - basic principles.

  • I am so sorry to raise this issue but despite my having read all related threads on this forum (and all I can about LInux permissions generally), I really just do not understand how permissions and ACL work together.


    Perhaps someone can help explain with a practical example, to help me understand:


    I have a single hard drive in my server and I create a single folder on it called "Recordings".


    I then want to install TVHeadend on my system. I need this application to have access to the "Recordings" folder to actually create the .ts file in it.


    What type of permission would I give to the "Recordings" folder, from the dropdown box?


    Would I have to change make any additional changes under ACL?

    • Offizieller Beitrag

    I really just do not understand how permissions and ACL work together.

    That is because ACLs are terrible.

    What type of permission would I give to the "Recordings" folder, from the dropdown box?

    It depends. What user is the TVH service running as? The Recordings folder would ideally be owned by a group that the TVH service user is part of.


    Would I have to change make any additional changes under ACL?

    I *never* use ACLs. Why do you think you need them?

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Thanks rycoaaron - it is very encouraging that if even you don't ever use ACLs, then I should certainly be staying away from them.


    With that out of the equation, understanding permissions will hopefully be a bit clearer.



    It depends. What user is the TVH service running as? The Recordings folder would ideally be owned by a group that the TVH service user is part of.


    Would you mind explaining how I can find this out, please?

    • Offizieller Beitrag

    Would you mind explaining how I can find this out, please?

    Never used tvheadend. I would start by looking at the output of ps aux for something obvious.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • I have had a bit of a further look at this and I am sort of very slowing getting this (I think).


    On my system, TVHeadend is known as hts.


    If I click on Access Rights Management and then on User, there is one user named - "alex" and in the group column it lists "users, cdrom, floppy, audio, dip, video, plugdev, netdev, alex".


    If I then click on Group, it has "alex" as the sole entry, with the member columns just showing "alex".


    What is the significance of this?

    • Offizieller Beitrag

    What is the significance of this?

    Nothing really since that is your user. If the user TVHeadend runs as is named hts, it is probably a system user which means it won't show up in the web interface. What is output of: groups hts

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    I would try adding the hts user to the users group. usermod -a -G users hts

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • That is great - I shall give that a go when I get in tonight.


    I think it is my being a Linux novice that is really holding me back on this.


    At a very fundamental level, am I correct in thinking that OMV lets you create individual users and groups and that you can specify permissions for each?


    Ultimately, in doing the above, are you creating hts as a user (like Alex), so you can give hts read and write privileges to the Record folder?


    Thanks for bearing with me on this - cannot understand why I am having such a tough time getting my heard around permissions.

    • Offizieller Beitrag

    am I correct in thinking that OMV lets you create individual users and groups and that you can specify permissions for each?

    Yes.


    Ultimately, in doing the above, are you creating hts as a user (like Alex), so you can give hts read and write privileges to the Record folder?

    No. It is adding hts to the users group. Since shared folders are owned by the users group (with default privileges), hts should have access.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • OK, this is very slowly sinking in.


    I have just been reading the Debian Wiki and I was unaware, until now, that "users" doesn't just mean individual users but also includes system users.


    So am I correct in thinking, therefore, that as soon as I installed TVHeadend on my server, TVHeadend was automatically added as a system user?

    • Offizieller Beitrag

    TVHeadend was automatically added as a system user?

    most likely. Most packages that provide a service do not want that service to run as root and the package will create a new user specifically for that service.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!