Forums

Resolved
0 votes
I have some permission issues storing new torrents from Transmission in a Flexshare-folder. Transmission is running as user 'transmission' and stores the files as transmission:transmission if I 777 the Flexshare. Elsewhere if the folder is 775 e.g. it can't manage to store the files at all.

I'm looking for /etc/rc.d/init.d/transmission-daemon or similar to be able to set setuid and setgid (I think, I'm not that experienced in the Linux-world) to run it as a user within the granted group.

Where can I find the startup-file or decide the user the daemon is ran as.

Best regards,
Henning
Tuesday, March 08 2016, 06:47 PM
Share this post:
Responses (29)
  • Accepted Answer

    Saturday, October 06 2018, 04:29 PM - #Permalink
    Resolved
    0 votes
    is the regular user "transmission" a member of the group which has access to the flexshare? He should be. Also did you delete the original "transmission" user?. You'd then need to reset the permissions on /var/lib/transmission and perhaps elsewhere.

    The other thing to do is look at the "umask" parameter in /var/lib/transmission/.config/transmission-daemon/settings.json. Transmission needs to be stopped before you change anything in this file or your changes will get overwritten when transmission stops. As an example, look at this and note its setgid tip and perhaps try using it with the "allusers" group do all filed and folders belong to the allusers group. THis may even get round needing a regular user, but without experimenting, I don't know. Try googling "transmission umask".
    The reply is currently minimized Show
  • Accepted Answer

    stassen
    stassen
    Offline
    Saturday, October 06 2018, 03:59 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    To me the most likely solution to work is to create the transmission user as a regular user. It gives you transition issues as any file/folder currently owned by transmission will need to be changed to the new regular user. I don't know if this will work as an approach and would need someone to test. I used to have a regular user as I used transmission before it was packaged as an app, but that was back in the 6.x days and I did not use it with a flexshare. I hardly use transmission so I am not in a position to test.


    I did follow your advise in respect of creating a normal user and use that for running transmission. That works fine, but I still have to "chmod 771 /var/flexshare/shares/vol2/" otherwise the services will have insufficient authorisation...
    The reply is currently minimized Show
  • Accepted Answer

    Mansoor
    Mansoor
    Offline
    Saturday, October 06 2018, 05:55 AM - #Permalink
    Resolved
    0 votes
    Mansoor wrote:

    I ran into a similar permission problem with transmission and solved it with mounting the Downloads folder to wherever I need it. For example, I wanted to access it from my personal account, so I did the following:


    Just to follow up with this issue. I had to create mounting points for transmission Download folder because I thought that was the only way to access the folder from flexshare or user home via SMB. I didn't know about the setting that would allow SMB to follow symbolic links!

    So, once you turn "follow symlinks" option on in the SMB' config, then you only need to make a symlink to the transmission Download folder!
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, October 04 2018, 11:23 AM - #Permalink
    Resolved
    0 votes
    To me the most likely solution to work is to create the transmission user as a regular user. It gives you transition issues as any file/folder currently owned by transmission will need to be changed to the new regular user. I don't know if this will work as an approach and would need someone to test. I used to have a regular user as I used transmission before it was packaged as an app, but that was back in the 6.x days and I did not use it with a flexshare. I hardly use transmission so I am not in a position to test.
    The reply is currently minimized Show
  • Accepted Answer

    stassen
    stassen
    Offline
    Thursday, October 04 2018, 11:08 AM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    It depends on what the problem is. You can try enabling "Third Party App Access" in the Flexshare webconfig. Alternatively you can disable the nightly update of permissions by changing the value of FlexshareSecurityPermissions to "off" in /etc/clearos/flexshare.conf.


    Nick

    Third Party App Access can only be set to "read only" access and therefor I'm not sure if that resolves the issue.

    I'm most likely not the first person that wants:
    - Flexshare permission check/repair process out of the box
    - And still give 3rd party programs permanent access to the specific user folder on the specific flexshare.

    What is the best solution in that situation? It is wel possible that the Directory is in use when the flexshare permission is being checked
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, October 04 2018, 10:09 AM - #Permalink
    Resolved
    0 votes
    It depends on what the problem is. You can try enabling "Third Party App Access" in the Flexshare webconfig. Alternatively you can disable the nightly update of permissions by changing the value of FlexshareSecurityPermissions to "off" in /etc/clearos/flexshare.conf.
    The reply is currently minimized Show
  • Accepted Answer

    stassen
    stassen
    Offline
    Thursday, October 04 2018, 08:53 AM - #Permalink
    Resolved
    0 votes
    Flexshare rights are corrected via Cron...

    chmod 777 /var/flexshare/shares/vol2/Downloads
    chmod 771 /var/flexshare/shares/vol2/

    Remains only for the day...

    So every day I need to execute these corrections (which of course can be scheduled also) before using transmission...

    What is the proper way to solve this ?
    The reply is currently minimized Show
  • Accepted Answer

    stassen
    stassen
    Offline
    Tuesday, October 02 2018, 07:42 PM - #Permalink
    Resolved
    0 votes
    Just re-installed my server and Transmission was causing an authorisation issue on the flexshare download location, although reading everything available. Finally checked the rights of the directory above the download directory and changed that with chmod 771 /var/flexshare/shares/vol2/Downloads...

    That was the solution of my issue. So don't forget to check more than only the download location rights. Running Transmission with the standard default user transmission
    The reply is currently minimized Show
  • Accepted Answer

    Mansoor
    Mansoor
    Offline
    Saturday, September 23 2017, 10:58 AM - #Permalink
    Resolved
    0 votes
    I ran into a similar permission problem with transmission and solved it with mounting the Downloads folder to wherever I need it. For example, I wanted to access it from my personal account, so I did the following:

    First, test if it works with:
    mkdir /home/user/torrents
    mount --bind /var/lib/transmission/Downloads /home/user/torrents

    You may need to change the permission of the Downloads folder to 775 or add the user to "transmission" with
    usermod -aG transmission user

    Now test it with accessing it from smb share for example. If everything is good, then make the mounting permanent with:
    umount /home/user/torrents
    nano /etc/fstab
    /var/lib/transmission/Downloads /home/user/torrents none defaults,bind 0 0
    mount -a
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, May 16 2017, 06:10 AM - #Permalink
    Resolved
    0 votes
    Alternatively go to /usr/lib/systemd/system/ and edit transmission-daemon.service and change the user to a regular user then restart transmission. This may work and achieve what you want. You may then need to change the file ownerships of at least the torrents to your regular user as well (and perhaps the other files owned by transmission).
    The reply is currently minimized Show
  • Accepted Answer

    Monday, May 15 2017, 08:59 PM - #Permalink
    Resolved
    0 votes
    I'd start by noting down transmission's UID and GID from /etc/passwd "grep transmission /etc/passwd". Then use something like this to list all files owned by transmission. They are all probably under /var/lib/transmission and wherever your torrents are kept. Stop Transmission. At this point you should be able to delete the user transmission - google is your friend. Now your files originally owned by transmission should now be owned by transmission's old UID and GID.

    Then set up your regular user transmission with the webconfig and use the same password as your old transmission user. Make him a member of the relevant flexshare group. You should then be able to do a recursive "chown -R ....." to change them all back to "transmission". Then restart transmission.

    No guarantees but it is the approach I'd take.
    The reply is currently minimized Show
  • Accepted Answer

    Marius E
    Marius E
    Offline
    Monday, May 15 2017, 07:48 PM - #Permalink
    Resolved
    0 votes
    How would I do this? And is this safe to do?
    Unfortunately I'm no linux expert.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 11 2017, 08:17 PM - #Permalink
    Resolved
    0 votes
    I still like my idea of deleting the user "transmission" and setting him up again through the webconfig so he becomes a normal user. You would need to change the ownership of any files previously owned by the old transmission user (now showing with a numerical owner). to the new transmission user. I have not tried it out, but it should work.
    The reply is currently minimized Show
  • Accepted Answer

    Marius E
    Marius E
    Offline
    Thursday, May 11 2017, 01:51 PM - #Permalink
    Resolved
    0 votes
    Was anyone able to figure out what needs to be done in order for this to work?
    Using ClearOS 7.3 and I have the same problem with transmission using a flexshare folder for downloads.
    I have to chmod 777 the folder daily in order for the torrents to work.
    If there is no solution is there a way to disable the script that runs daily and overwrites the folder permissions?
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, April 03 2016, 11:26 AM - #Permalink
    Resolved
    0 votes
    Have you tried running transmission as a normal user who has flexshare access. I think you need to edit the config file for this. Alternatively try deleting the user transmission then adding him back through the webconfig. Then he becomes a normal user. Just be careful not to mess up his home folder.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, April 03 2016, 10:26 AM - #Permalink
    Resolved
    0 votes
    Still some trouble in the camp..

    My solution below will work - temporarilly.. The flexshare rewrite the permissions (as might have been mentioned), and then there's no-go once again after some time.

    I have tried:
    [root@server ~]# usermod -a -G allusers transmission

    with no luck...
    [root@server ~]# groups transmission
    transmission : transmission


    I could add my downloads to a folder outside the Flexshare area, and then just symlink the folder. That should probably do it for me, but it's a compromise based on my lack of knowledge.

    What I want to do is three things:
    1. Find out why the system is rewriting the permissions in Flexshare (and maybe turn it of)
    2. Make Transmission store the files with inherited permissions instead of give the files 777 (umask:0) to achieve what I want (access the files by another user)
    3. Figure why I'm not able to add 'transmission' into my group ('allusers')

    Thanks!
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 28 2016, 05:08 PM - #Permalink
    Resolved
    0 votes
    To summarize the current status and solution:
    To make Transmission store new files into a flexshare folder set the folder ownership to 'transmission' and the group to the actual group you use in your flexshare, e.g. 'allusers'
    mkdir /var/flexshare/shares/yourfolder/downloadfolder
    chown transmission:allusers /var/flexshare/shares/yourfolder/downloadfolder

    And then set read and write rights to the folder, as well as make sure the parent folder(s) is executable for the 'transmission' user by setting the to e.g. 771:
    chmod 770 /var/flexshare/shares/yourfolder/downloadfolder
    chmod 771 /var/flexshare/shares/yourfolder

    Then stop the Transmission daemon and set the umask to '0', before staring the daemon again.
    service transmission-daemon stop
    nano /var/lib/transmission/.config/transmission-daemon/settings.json

    "umask": 0,

    service transmission-daemon start

    This will store newly downloaded files with chmod 777 wich make them usable to everyone (also your samba users within the flexshare).

    However, even if this will work, I don't think this is the preferable solution. It would be better to store the files with the ownership and rights inherited from the parent folder. In this case all new files should be stored like:
    myfile 770 transmission:allusers

    Can anyone point me in the right direction to achieve this?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 28 2016, 03:42 PM - #Permalink
    Resolved
    0 votes
    Actually, I'd work all along by just setting my download folder to owner 'transmission' (and group allusers), as well as chmod 770. But what was fooling me was that I also had the parent folder set at 770, but with no 'trasmission' user or group rights. I sat the folder to 775, and then it worked.

    Example:
    # this will not work with user 'transmission':
    /var/flexshare/shares 775 flexshare:allusers
    /var/flexshare/shares/myfolder 770 myuser:allusers
    /var/flexshare/shares/myfolder/mydownloadfolder 770 transmission:allusers

    # this works:
    /var/flexshare/shares 775 flexshare:allusers
    /var/flexshare/shares/myfolder 775 myuser:allusers
    /var/flexshare/shares/myfolder/mydownloadfolder 770 transmission:allusers


    Howcome this? I'm not a very experienced user, but is this common? Do all parents need to be executable or readable to be able to write to a folder with sufficient rights?

    Now, the only thing that's needs to be fixed is to make Transmission store the files with user rights inherited from the folder to make my system users (members of 'allusers') able to edit and read the files. (770 - transmission:allusers). I've tried umask '0' and '2' in /var/lib/transmission/.config/transmission-daemon/settings.json
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 28 2016, 11:17 AM - #Permalink
    Resolved
    0 votes
    Henning Herfjord wrote:I think we are into something here. But I can't figure out exactly what. The 'transmission' user is actually listed in ldap:

    [root@system ~]# getent passwd
    transmission:x:300:991:transmission daemon account:/var/lib/transmission:/sbin/nologin
    That isn't LDAP. LDAP user numbers are >=1000

    You can try:
    useradd -G allusers transmission
    but I am not confident it will have the desired effect.

    Have you also set umask in the transmission config file?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 28 2016, 09:54 AM - #Permalink
    Resolved
    0 votes
    Hello again,

    I'm terribly sorry for my lack of response to this issue. I have been fully preoccupied with other stuff, so this had to wait. I do intend clearing this out and post the solution here to help others in the same situation. Anyway - I really do appreciate your kind support this far :)

    I think we are into something here. But I can't figure out exactly what. The 'transmission' user is actually listed in ldap:

    [root@system ~]# getent passwd
    transmission:x:300:991:transmission daemon account:/var/lib/transmission:/sbin/nologin


    I'm not sure what the numbers means, and I could'nt actually easily figure by google, either. But I guess they define some user/group type. Could changing the numbers make 'transmission' user able to be added to the 'allusers' group?

    And why can't 'transmission' write even if the folder is chmod 777?

    If it matters: I have mounted a mdadm Raid 1 constallation into /var/flexshare/shares

    [root@system ~]# nano /etc/fstab

    #
    # /etc/fstab
    # Created by anaconda on Sat Mar 5 17:43:23 2016
    #
    # Accessible filesystems, by reference, are maintained under '/dev/disk'
    # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
    #
    /dev/mapper/clearos-root / xfs defaults 0 0
    UUID=6466fcfd-187b-4932-a4fa-579aa136160c /boot xfs defaults 0 0
    /dev/mapper/clearos-swap swap swap defaults 0 0
    UUID=98471351-453c-4a36-a94e-ed581d355a3b /var/flexshare/shares ext4 defaults 0 0



    [root@system ~]# cat /proc/mdstat
    Personalities : [raid1]
    md0 : active raid1 sdc1[2] sdb1[0]
    2900832256 blocks super 1.2 [2/2] [UU]
    bitmap: 0/22 pages [0KB], 65536KB chunk

    unused devices: <none>
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, March 12 2016, 06:13 PM - #Permalink
    Resolved
    0 votes
    There may be an issue with allusers, but it was where I was going to go if umask did not work. I think allusers is an LDAP group, but the user "transmission" is a system user so not in LDAP so it can't be added to the group allusers in the webconfig. You may need to add it to the allusers group at the command line with "useradd -G allusers transmission", but because it is outside LDAP I don't know if will work with samba authentication. It may, but would need to be tested.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, March 12 2016, 05:43 PM - #Permalink
    Resolved
    0 votes
    Strange, works like a charm for me on Clearos 6.7

    I've promised “to kick the tiers of 7.2”, still have to find time.
    I'll look in to this, if you find a solution keep us posted!

    Just to be sure transmission is running as the user transmission you could check
    ps -aux | grep transmission


    Nick Howitt wrote:
    You will probably find that ClearOS is overwriting the permissions of your flexshare.

    You could try it with 'allsusers' in flexshare setting and dir ownership
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, March 12 2016, 12:43 PM - #Permalink
    Resolved
    0 votes
    You will probably find that ClearOS is overwriting the permissions of your flexshare.

    As a couple of ideas, can you either run transmission as a flexshare user, or, alternatively add the user transmission to whatever the flexshare group is. I have an old transmission set up so my transmission user was created differently, but I suspect you won't find your transmission user listed in Webconfig > System > Users. I also don't use flexshares. What is the standard permission of any file in any flexshare ("ls -l" from a flexshare folder)?

    [edit]
    Setting umask to 0 or 2 is probably the first thing to try
    [/code]
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, March 12 2016, 08:16 AM - #Permalink
    Resolved
    0 votes
    Thank you very much for your kind feedback, guys!

    I did find the config file for the startup script just like Nick suggested:
    nano /usr/lib/systemd/system/transmission-daemon.service


    However when service was restarted it lacked som other permissions to run properly, among in apache I guess, so that was no fix, and maybe a bad idea. And yes, I'm running ClearOS 7.

    Therefore Mark's answer is a good solution. I created an area on my share for the files accessable by Transmission, and then Transmission will be owner there, and my users that'll need to access and edit them will be part of the group for the files and -775/-770 access to the files. I'm not 100% sure what umask 2 will do, but I guess it then inherit the group from it's parent while creating new files. I have never quite understood the umask function.

    However I ran in to another problem, that make sure I still haven't got this to work.
    My Transmission daemon still got no access to the folder even if it's -777. I have this file structure:
    mkdir /var/flexshare/shares/filearea/transmissionfolder
    chown -R transmission:mygroup /var/flexshare/shares/filearea/transmissionfolder

    And for the time beeing:
    chmod -R 777 /var/flexshare/shares/filearea/transmissionfolder


    Howecome Transmission can't access or write files to /var/flexshare/shares/filearea/transmissionfolder? From time to time the service also stops while trying. So do my Dropbox service. It start for some time, and then suddenly stops. It have synced thousands of files before the problem encountered without problems. Could it be a Flexshare-problem?
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, March 09 2016, 07:33 AM - #Permalink
    Resolved
    0 votes
    It is not very clear what your permission problems are; what isn’t working for you?

    I remember having permission problems but it is a very long time ago I have dealt with this.
    The solution for me was changing the umask of the new files created (downloaded) by transmission so the group who has read/write permission to the flexshare is set as “group” for these files.

    Try to set umask to 2 near the bottom of the file settings.json
    (don’t forget the current setting if this is not the solution for you)
    EDIT: Set "transmission" as owner and the group ownership of the existing directories and files to the group with read/write permissions for the flexhare.

    service transmission-daemon stop
    nano /var/lib/transmission/.config/transmission-daemon/settings.json
    chown transmission:yourgroup -R /var/flexshare/shares/yourflexshare/dir

    repace yourgroup with the group with permissions to the flexhare (Alternatively allusers);
    yourflexshare/dir is the path to the directory transmission stores his files.

    and restart the transmission daemon
    service transmission-daemon start


    BTW this applies to Clearos 6.x (clould work on 7.x)
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, March 09 2016, 07:29 AM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:
    I think you need to stop transmission-daemon before you edit settings.json or you lose your changes.

    Yes, there was something quirky; this could be it.
    Also forgot to mention to set the group ownership of the directories to the group with permissions to the (flex)share
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, March 08 2016, 09:27 PM - #Permalink
    Resolved
    0 votes
    I think you need to stop transmission-daemon before you edit settings.json or you lose your changes.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, March 08 2016, 08:38 PM - #Permalink
    Resolved
    0 votes
    It is not very clear what your permission problems are; what isn’t working for you?

    I remember having permission problems but it is a very long time ago I have dealt with this.
    The solution for me was changing the umask of the new files created (downloaded) by transmission so the group who has read/write permission to the flexshare is set as “group” for these files.

    Try to set umask to 2 near the bottom of the file settings.json
    (don’t forget the current setting if this is not the solution for you)
    EDIT: Set "transmission" as owner and the group ownership of the existing directories and files to the group with read/write permissions for the flexhare.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, March 08 2016, 07:08 PM - #Permalink
    Resolved
    0 votes
    In 6.x the user is specified in /etc/rc.d/init.d/transmission-daemon. In 7.x you'll need to track it down some other way, probably under /usr/lib/systemd/system/, as it uses a completely different start-up mechanism.
    The reply is currently minimized Show
Your Reply