I have some permission issues storing new torrents from Transmission in a Flexshare-folder. Transmission is running as user 'transmission' and stores the files as transmission:transmission if I 777 the Flexshare. Elsewhere if the folder is 775 e.g. it can't manage to store the files at all.
I'm looking for /etc/rc.d/init.d/transmission-daemon or similar to be able to set setuid and setgid (I think, I'm not that experienced in the Linux-world) to run it as a user within the granted group.
Where can I find the startup-file or decide the user the daemon is ran as.
Best regards,
Henning
I'm looking for /etc/rc.d/init.d/transmission-daemon or similar to be able to set setuid and setgid (I think, I'm not that experienced in the Linux-world) to run it as a user within the granted group.
Where can I find the startup-file or decide the user the daemon is ran as.
Best regards,
Henning
Share this post:
Responses (29)
-
Accepted Answer
is the regular user "transmission" a member of the group which has access to the flexshare? He should be. Also did you delete the original "transmission" user?. You'd then need to reset the permissions on /var/lib/transmission and perhaps elsewhere.
The other thing to do is look at the "umask" parameter in /var/lib/transmission/.config/transmission-daemon/settings.json. Transmission needs to be stopped before you change anything in this file or your changes will get overwritten when transmission stops. As an example, look at this and note its setgid tip and perhaps try using it with the "allusers" group do all filed and folders belong to the allusers group. THis may even get round needing a regular user, but without experimenting, I don't know. Try googling "transmission umask". -
Accepted Answer
Nick Howitt wrote:
To me the most likely solution to work is to create the transmission user as a regular user. It gives you transition issues as any file/folder currently owned by transmission will need to be changed to the new regular user. I don't know if this will work as an approach and would need someone to test. I used to have a regular user as I used transmission before it was packaged as an app, but that was back in the 6.x days and I did not use it with a flexshare. I hardly use transmission so I am not in a position to test.
I did follow your advise in respect of creating a normal user and use that for running transmission. That works fine, but I still have to "chmod 771 /var/flexshare/shares/vol2/" otherwise the services will have insufficient authorisation... -
Accepted Answer
Mansoor wrote:
I ran into a similar permission problem with transmission and solved it with mounting the Downloads folder to wherever I need it. For example, I wanted to access it from my personal account, so I did the following:
Just to follow up with this issue. I had to create mounting points for transmission Download folder because I thought that was the only way to access the folder from flexshare or user home via SMB. I didn't know about the setting that would allow SMB to follow symbolic links!
So, once you turn "follow symlinks" option on in the SMB' config, then you only need to make a symlink to the transmission Download folder! -
Accepted Answer
To me the most likely solution to work is to create the transmission user as a regular user. It gives you transition issues as any file/folder currently owned by transmission will need to be changed to the new regular user. I don't know if this will work as an approach and would need someone to test. I used to have a regular user as I used transmission before it was packaged as an app, but that was back in the 6.x days and I did not use it with a flexshare. I hardly use transmission so I am not in a position to test. -
Accepted Answer
Nick Howitt wrote:
It depends on what the problem is. You can try enabling "Third Party App Access" in the Flexshare webconfig. Alternatively you can disable the nightly update of permissions by changing the value of FlexshareSecurityPermissions to "off" in /etc/clearos/flexshare.conf.
Nick
Third Party App Access can only be set to "read only" access and therefor I'm not sure if that resolves the issue.
I'm most likely not the first person that wants:
- Flexshare permission check/repair process out of the box
- And still give 3rd party programs permanent access to the specific user folder on the specific flexshare.
What is the best solution in that situation? It is wel possible that the Directory is in use when the flexshare permission is being checked -
Accepted Answer
-
Accepted Answer
Flexshare rights are corrected via Cron...
chmod 777 /var/flexshare/shares/vol2/Downloads
chmod 771 /var/flexshare/shares/vol2/
Remains only for the day...
So every day I need to execute these corrections (which of course can be scheduled also) before using transmission...
What is the proper way to solve this ? -
Accepted Answer
Just re-installed my server and Transmission was causing an authorisation issue on the flexshare download location, although reading everything available. Finally checked the rights of the directory above the download directory and changed that with chmod 771 /var/flexshare/shares/vol2/Downloads...
That was the solution of my issue. So don't forget to check more than only the download location rights. Running Transmission with the standard default user transmission -
Accepted Answer
I ran into a similar permission problem with transmission and solved it with mounting the Downloads folder to wherever I need it. For example, I wanted to access it from my personal account, so I did the following:
First, test if it works with:
mkdir /home/user/torrents
mount --bind /var/lib/transmission/Downloads /home/user/torrents
You may need to change the permission of the Downloads folder to 775 or add the user to "transmission" withusermod -aG transmission user
Now test it with accessing it from smb share for example. If everything is good, then make the mounting permanent with:
umount /home/user/torrents
nano /etc/fstab
/var/lib/transmission/Downloads /home/user/torrents none defaults,bind 0 0
mount -a -
Accepted Answer
Alternatively go to /usr/lib/systemd/system/ and edit transmission-daemon.service and change the user to a regular user then restart transmission. This may work and achieve what you want. You may then need to change the file ownerships of at least the torrents to your regular user as well (and perhaps the other files owned by transmission). -
Accepted Answer
I'd start by noting down transmission's UID and GID from /etc/passwd "grep transmission /etc/passwd". Then use something like this to list all files owned by transmission. They are all probably under /var/lib/transmission and wherever your torrents are kept. Stop Transmission. At this point you should be able to delete the user transmission - google is your friend. Now your files originally owned by transmission should now be owned by transmission's old UID and GID.
Then set up your regular user transmission with the webconfig and use the same password as your old transmission user. Make him a member of the relevant flexshare group. You should then be able to do a recursive "chown -R ....." to change them all back to "transmission". Then restart transmission.
No guarantees but it is the approach I'd take. -
Accepted Answer
-
Accepted Answer
I still like my idea of deleting the user "transmission" and setting him up again through the webconfig so he becomes a normal user. You would need to change the ownership of any files previously owned by the old transmission user (now showing with a numerical owner). to the new transmission user. I have not tried it out, but it should work. -
Accepted Answer
Was anyone able to figure out what needs to be done in order for this to work?
Using ClearOS 7.3 and I have the same problem with transmission using a flexshare folder for downloads.
I have to chmod 777 the folder daily in order for the torrents to work.
If there is no solution is there a way to disable the script that runs daily and overwrites the folder permissions? -
Accepted Answer
Have you tried running transmission as a normal user who has flexshare access. I think you need to edit the config file for this. Alternatively try deleting the user transmission then adding him back through the webconfig. Then he becomes a normal user. Just be careful not to mess up his home folder. -
Accepted Answer
Still some trouble in the camp..
My solution below will work - temporarilly.. The flexshare rewrite the permissions (as might have been mentioned), and then there's no-go once again after some time.
I have tried:
[root@server ~]# usermod -a -G allusers transmission
with no luck...
[root@server ~]# groups transmission
transmission : transmission
I could add my downloads to a folder outside the Flexshare area, and then just symlink the folder. That should probably do it for me, but it's a compromise based on my lack of knowledge.
What I want to do is three things:
1. Find out why the system is rewriting the permissions in Flexshare (and maybe turn it of)
2. Make Transmission store the files with inherited permissions instead of give the files 777 (umask:0) to achieve what I want (access the files by another user)
3. Figure why I'm not able to add 'transmission' into my group ('allusers')
Thanks! -
Accepted Answer
To summarize the current status and solution:
To make Transmission store new files into a flexshare folder set the folder ownership to 'transmission' and the group to the actual group you use in your flexshare, e.g. 'allusers'
mkdir /var/flexshare/shares/yourfolder/downloadfolder
chown transmission:allusers /var/flexshare/shares/yourfolder/downloadfolder
And then set read and write rights to the folder, as well as make sure the parent folder(s) is executable for the 'transmission' user by setting the to e.g. 771:
chmod 770 /var/flexshare/shares/yourfolder/downloadfolder
chmod 771 /var/flexshare/shares/yourfolder
Then stop the Transmission daemon and set the umask to '0', before staring the daemon again.
service transmission-daemon stop
nano /var/lib/transmission/.config/transmission-daemon/settings.json
"umask": 0,
service transmission-daemon start
This will store newly downloaded files with chmod 777 wich make them usable to everyone (also your samba users within the flexshare).
However, even if this will work, I don't think this is the preferable solution. It would be better to store the files with the ownership and rights inherited from the parent folder. In this case all new files should be stored like:
myfile 770 transmission:allusers
Can anyone point me in the right direction to achieve this? -
Accepted Answer
Actually, I'd work all along by just setting my download folder to owner 'transmission' (and group allusers), as well as chmod 770. But what was fooling me was that I also had the parent folder set at 770, but with no 'trasmission' user or group rights. I sat the folder to 775, and then it worked.
Example:
# this will not work with user 'transmission':
/var/flexshare/shares 775 flexshare:allusers
/var/flexshare/shares/myfolder 770 myuser:allusers
/var/flexshare/shares/myfolder/mydownloadfolder 770 transmission:allusers
# this works:
/var/flexshare/shares 775 flexshare:allusers
/var/flexshare/shares/myfolder 775 myuser:allusers
/var/flexshare/shares/myfolder/mydownloadfolder 770 transmission:allusers
Howcome this? I'm not a very experienced user, but is this common? Do all parents need to be executable or readable to be able to write to a folder with sufficient rights?
Now, the only thing that's needs to be fixed is to make Transmission store the files with user rights inherited from the folder to make my system users (members of 'allusers') able to edit and read the files. (770 - transmission:allusers). I've tried umask '0' and '2' in /var/lib/transmission/.config/transmission-daemon/settings.json -
Accepted Answer
Henning Herfjord wrote:I think we are into something here. But I can't figure out exactly what. The 'transmission' user is actually listed in ldap:
That isn't LDAP. LDAP user numbers are >=1000
[root@system ~]# getent passwd
transmission:x:300:991:transmission daemon account:/var/lib/transmission:/sbin/nologin
You can try:
but I am not confident it will have the desired effect.useradd -G allusers transmission
Have you also set umask in the transmission config file? -
Accepted Answer
Hello again,
I'm terribly sorry for my lack of response to this issue. I have been fully preoccupied with other stuff, so this had to wait. I do intend clearing this out and post the solution here to help others in the same situation. Anyway - I really do appreciate your kind support this far
I think we are into something here. But I can't figure out exactly what. The 'transmission' user is actually listed in ldap:
[root@system ~]# getent passwd
transmission:x:300:991:transmission daemon account:/var/lib/transmission:/sbin/nologin
I'm not sure what the numbers means, and I could'nt actually easily figure by google, either. But I guess they define some user/group type. Could changing the numbers make 'transmission' user able to be added to the 'allusers' group?
And why can't 'transmission' write even if the folder is chmod 777?
If it matters: I have mounted a mdadm Raid 1 constallation into /var/flexshare/shares
[root@system ~]# nano /etc/fstab
#
# /etc/fstab
# Created by anaconda on Sat Mar 5 17:43:23 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/clearos-root / xfs defaults 0 0
UUID=6466fcfd-187b-4932-a4fa-579aa136160c /boot xfs defaults 0 0
/dev/mapper/clearos-swap swap swap defaults 0 0
UUID=98471351-453c-4a36-a94e-ed581d355a3b /var/flexshare/shares ext4 defaults 0 0
[root@system ~]# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sdc1[2] sdb1[0]
2900832256 blocks super 1.2 [2/2] [UU]
bitmap: 0/22 pages [0KB], 65536KB chunk
unused devices: <none>
-
Accepted Answer
There may be an issue with allusers, but it was where I was going to go if umask did not work. I think allusers is an LDAP group, but the user "transmission" is a system user so not in LDAP so it can't be added to the group allusers in the webconfig. You may need to add it to the allusers group at the command line with "useradd -G allusers transmission", but because it is outside LDAP I don't know if will work with samba authentication. It may, but would need to be tested. -
Accepted Answer
Strange, works like a charm for me on Clearos 6.7
I've promised “to kick the tiers of 7.2”, still have to find time.
I'll look in to this, if you find a solution keep us posted!
Just to be sure transmission is running as the user transmission you could check
ps -aux | grep transmission
Nick Howitt wrote:
You will probably find that ClearOS is overwriting the permissions of your flexshare.
You could try it with 'allsusers' in flexshare setting and dir ownership -
Accepted Answer
You will probably find that ClearOS is overwriting the permissions of your flexshare.
As a couple of ideas, can you either run transmission as a flexshare user, or, alternatively add the user transmission to whatever the flexshare group is. I have an old transmission set up so my transmission user was created differently, but I suspect you won't find your transmission user listed in Webconfig > System > Users. I also don't use flexshares. What is the standard permission of any file in any flexshare ("ls -l" from a flexshare folder)?
[edit]
Setting umask to 0 or 2 is probably the first thing to try
[/code] -
Accepted Answer
Thank you very much for your kind feedback, guys!
I did find the config file for the startup script just like Nick suggested:
nano /usr/lib/systemd/system/transmission-daemon.service
However when service was restarted it lacked som other permissions to run properly, among in apache I guess, so that was no fix, and maybe a bad idea. And yes, I'm running ClearOS 7.
Therefore Mark's answer is a good solution. I created an area on my share for the files accessable by Transmission, and then Transmission will be owner there, and my users that'll need to access and edit them will be part of the group for the files and -775/-770 access to the files. I'm not 100% sure what umask 2 will do, but I guess it then inherit the group from it's parent while creating new files. I have never quite understood the umask function.
However I ran in to another problem, that make sure I still haven't got this to work.
My Transmission daemon still got no access to the folder even if it's -777. I have this file structure:
mkdir /var/flexshare/shares/filearea/transmissionfolder
chown -R transmission:mygroup /var/flexshare/shares/filearea/transmissionfolder
And for the time beeing:
chmod -R 777 /var/flexshare/shares/filearea/transmissionfolder
Howecome Transmission can't access or write files to /var/flexshare/shares/filearea/transmissionfolder? From time to time the service also stops while trying. So do my Dropbox service. It start for some time, and then suddenly stops. It have synced thousands of files before the problem encountered without problems. Could it be a Flexshare-problem? -
Accepted Answer
It is not very clear what your permission problems are; what isn’t working for you?
I remember having permission problems but it is a very long time ago I have dealt with this.
The solution for me was changing the umask of the new files created (downloaded) by transmission so the group who has read/write permission to the flexshare is set as “group” for these files.
Try to set umask to 2 near the bottom of the file settings.json
(don’t forget the current setting if this is not the solution for you)
EDIT: Set "transmission" as owner and the group ownership of the existing directories and files to the group with read/write permissions for the flexhare.
service transmission-daemon stop
nano /var/lib/transmission/.config/transmission-daemon/settings.json
chown transmission:yourgroup -R /var/flexshare/shares/yourflexshare/dir
repace yourgroup with the group with permissions to the flexhare (Alternatively allusers);
yourflexshare/dir is the path to the directory transmission stores his files.
and restart the transmission daemon
service transmission-daemon start
BTW this applies to Clearos 6.x (clould work on 7.x) -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
It is not very clear what your permission problems are; what isn’t working for you?
I remember having permission problems but it is a very long time ago I have dealt with this.
The solution for me was changing the umask of the new files created (downloaded) by transmission so the group who has read/write permission to the flexshare is set as “group” for these files.
Try to set umask to 2 near the bottom of the file settings.json
(don’t forget the current setting if this is not the solution for you)
EDIT: Set "transmission" as owner and the group ownership of the existing directories and files to the group with read/write permissions for the flexhare. -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »