Still trying to understand permissions - basic principles.

    • OMV 4.x
    • Still trying to understand permissions - basic principles.

      I am so sorry to raise this issue but despite my having read all related threads on this forum (and all I can about LInux permissions generally), I really just do not understand how permissions and ACL work together.

      Perhaps someone can help explain with a practical example, to help me understand:

      I have a single hard drive in my server and I create a single folder on it called "Recordings".

      I then want to install TVHeadend on my system. I need this application to have access to the "Recordings" folder to actually create the .ts file in it.

      What type of permission would I give to the "Recordings" folder, from the dropdown box?

      Would I have to change make any additional changes under ACL?
    • elsmandino wrote:

      I really just do not understand how permissions and ACL work together.
      That is because ACLs are terrible.

      elsmandino wrote:

      What type of permission would I give to the "Recordings" folder, from the dropdown box?
      It depends. What user is the TVH service running as? The Recordings folder would ideally be owned by a group that the TVH service user is part of.

      elsmandino wrote:

      Would I have to change make any additional changes under ACL?
      I *never* use ACLs. Why do you think you need them?
      omv 4.1.19 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Thanks rycoaaron - it is very encouraging that if even you don't ever use ACLs, then I should certainly be staying away from them.

      With that out of the equation, understanding permissions will hopefully be a bit clearer.


      ryecoaaron wrote:

      elsmandino wrote:

      What type of permission would I give to the "Recordings" folder, from the dropdown box?
      It depends. What user is the TVH service running as? The Recordings folder would ideally be owned by a group that the TVH service user is part of.

      Would you mind explaining how I can find this out, please?
    • elsmandino wrote:

      Would you mind explaining how I can find this out, please?
      Never used tvheadend. I would start by looking at the output of ps aux for something obvious.
      omv 4.1.19 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • I have had a bit of a further look at this and I am sort of very slowing getting this (I think).

      On my system, TVHeadend is known as hts.

      If I click on Access Rights Management and then on User, there is one user named - "alex" and in the group column it lists "users, cdrom, floppy, audio, dip, video, plugdev, netdev, alex".

      If I then click on Group, it has "alex" as the sole entry, with the member columns just showing "alex".

      What is the significance of this?
    • elsmandino wrote:

      What is the significance of this?
      Nothing really since that is your user. If the user TVHeadend runs as is named hts, it is probably a system user which means it won't show up in the web interface. What is output of: groups hts
      omv 4.1.19 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • I would try adding the hts user to the users group. usermod -a -G users hts
      omv 4.1.19 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • That is great - I shall give that a go when I get in tonight.

      I think it is my being a Linux novice that is really holding me back on this.

      At a very fundamental level, am I correct in thinking that OMV lets you create individual users and groups and that you can specify permissions for each?

      Ultimately, in doing the above, are you creating hts as a user (like Alex), so you can give hts read and write privileges to the Record folder?

      Thanks for bearing with me on this - cannot understand why I am having such a tough time getting my heard around permissions.
    • elsmandino wrote:

      am I correct in thinking that OMV lets you create individual users and groups and that you can specify permissions for each?
      Yes.

      elsmandino wrote:

      Ultimately, in doing the above, are you creating hts as a user (like Alex), so you can give hts read and write privileges to the Record folder?
      No. It is adding hts to the users group. Since shared folders are owned by the users group (with default privileges), hts should have access.
      omv 4.1.19 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • elsmandino wrote:

      TVHeadend was automatically added as a system user?
      most likely. Most packages that provide a service do not want that service to run as root and the package will create a new user specifically for that service.
      omv 4.1.19 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!