Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › Somewhat of a permissions nightmare
New Posts  All Forums:Forum Nav:

Somewhat of a permissions nightmare

post #1 of 11
Thread Starter 
Okay, so I finally saved enough money to purchase a new raid controller for my home server - and got things back up and running again.

I run a few services already, but one that I never really had working the way that I wanted was Deluge and my storage array...

Deluge and it's web service are both run as the user "deluge" and files they create are created with the owner set to deluge and the group set to deluge. The Public data folder (where most stuff is stored) is owned by the user "the" and the group is set to "users"

When Deluge finishes a file I'd like it to be able to automatically move files into the Public directory that I set when I add them to the list via the WebUI. Currently, this doesn't happen - and I'm not really sure why.
The directories are all chmod'd to 0755 because Samba doesn't play nicely without chmod a+x at a minimum (seriously, on Windows it freezes without those two flags set). I added the deluge user to the group "users" but the files it creates are still (obviously) in the group "deluge"

No matter what I change the permissions or group/user variables on the folders to I can't seem to get a smart balance where the user "the" (which is what Samba MUST use) can read and write to the share, and the user "deluge" can move data into the Public directories.
Currently deluge cannot move anything into the Public directory, and I manually chown/chgrp everything and then move it into the public directories manually - this is kind of a pain. Does anyone have a similar setup and have any pointers on how to configure things?

(I know I should be better than this, but I've failed to figure it out so I'm coming to you guys lol)

Everything is running on a fully up-to-date ArchLinux running Linux-ck. Obviously this is mostly a filesystem and permissions issue - so things like logging data isn't really going to be very helpful...
    
CPUMotherboardGraphicsRAM
Core i7 920 D0 4.2ghz HT (1.3625v) Asus R3E 2xGTX 460 (non SLi, no overclock) 6x2gb G.skill @ 6-8-6-24-1T 
Hard DriveOptical DriveOSMonitor
WD-VR 300GBx1, 2xWD 1tb,2x60gb Agility Some crappy combo burner... Arch x64 3xDell U2410f rev A02 
KeyboardPowerCaseMouse
X-Armor U9BL TT Toughpower 1200w (NTB more efficient) Mountain Mods Pinnacle 24 CYO Roccat Kone (R.I.P. A4Tech x7) 
Mouse Pad
Steelpad Experience I-1 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i7 920 D0 4.2ghz HT (1.3625v) Asus R3E 2xGTX 460 (non SLi, no overclock) 6x2gb G.skill @ 6-8-6-24-1T 
Hard DriveOptical DriveOSMonitor
WD-VR 300GBx1, 2xWD 1tb,2x60gb Agility Some crappy combo burner... Arch x64 3xDell U2410f rev A02 
KeyboardPowerCaseMouse
X-Armor U9BL TT Toughpower 1200w (NTB more efficient) Mountain Mods Pinnacle 24 CYO Roccat Kone (R.I.P. A4Tech x7) 
Mouse Pad
Steelpad Experience I-1 
  hide details  
Reply
post #2 of 11
Sorry, I have nothing to offer but I'd like to see how this sort of problem can be solved with Unix permission system. NTFS would take care of it by rewriting ACLs when files are copied or moved to inherit those of the destination folder and I've often wondered how you would get it to work with Unix/Linux.
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
post #3 of 11
Why not change the user running deluge and make it the same as the samba share? Or just change the group ID. I read this that it look easy enough but I haven't run Deluge so I don't know for sure.

http://dev.deluge-torrent.org/wiki/UserGuide/InitScript/Ubuntu%2011.04%2B%20%28Upstart%20Job%29
post #4 of 11
Did you create a group for the "the" user, and is deluge in it? I don't know if that would help any, but it's something I would try out. Permissions aren't really one of my strong points. redface.gif
post #5 of 11
Also something that always gets me when changing permissions is restarting/logging. I've drove myself nuts wondering why my user wasn't in a group until I realized I needed to log.
post #6 of 11
Thread Starter 
Quote:
Originally Posted by thestraw0039 View Post

Why not change the user running deluge and make it the same as the samba share? Or just change the group ID. I read this that it look easy enough but I haven't run Deluge so I don't know for sure.

http://dev.deluge-torrent.org/wiki/UserGuide/InitScript/Ubuntu%2011.04%2B%20%28Upstart%20Job%29
The problem with changing the initscript to the "the" user is that "the" has a password, and higher level permissions than I wish a p2p client to have (if I vulnerability arises in the protocol that allows a user to gain temporary control over the machine; I'd like to keep damage to an absolute minimum. Having the user deluge in the group users makes me uneasy enough.
Quote:
Originally Posted by Ferrari8608 View Post

Did you create a group for the "the" user, and is deluge in it? I don't know if that would help any, but it's something I would try out. Permissions aren't really one of my strong points. redface.gif

The user "the" is in the majority of normal groups; but for the purposes of this thread, the user "the" is in the groups "users" and "deluge"

I'm not sure why deluge, being in both the "users" group and the "deluge" group cannot move a file that is in the the "deluge" group to a folder that is in the "users" group. It's kind of aggravating...
    
CPUMotherboardGraphicsRAM
Core i7 920 D0 4.2ghz HT (1.3625v) Asus R3E 2xGTX 460 (non SLi, no overclock) 6x2gb G.skill @ 6-8-6-24-1T 
Hard DriveOptical DriveOSMonitor
WD-VR 300GBx1, 2xWD 1tb,2x60gb Agility Some crappy combo burner... Arch x64 3xDell U2410f rev A02 
KeyboardPowerCaseMouse
X-Armor U9BL TT Toughpower 1200w (NTB more efficient) Mountain Mods Pinnacle 24 CYO Roccat Kone (R.I.P. A4Tech x7) 
Mouse Pad
Steelpad Experience I-1 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i7 920 D0 4.2ghz HT (1.3625v) Asus R3E 2xGTX 460 (non SLi, no overclock) 6x2gb G.skill @ 6-8-6-24-1T 
Hard DriveOptical DriveOSMonitor
WD-VR 300GBx1, 2xWD 1tb,2x60gb Agility Some crappy combo burner... Arch x64 3xDell U2410f rev A02 
KeyboardPowerCaseMouse
X-Armor U9BL TT Toughpower 1200w (NTB more efficient) Mountain Mods Pinnacle 24 CYO Roccat Kone (R.I.P. A4Tech x7) 
Mouse Pad
Steelpad Experience I-1 
  hide details  
Reply
post #7 of 11
Thread Starter 
Got it. Overlooked a small permission flag on one of the nested folders. group was set to read + execute - but not write. I feel dumb now.
    
CPUMotherboardGraphicsRAM
Core i7 920 D0 4.2ghz HT (1.3625v) Asus R3E 2xGTX 460 (non SLi, no overclock) 6x2gb G.skill @ 6-8-6-24-1T 
Hard DriveOptical DriveOSMonitor
WD-VR 300GBx1, 2xWD 1tb,2x60gb Agility Some crappy combo burner... Arch x64 3xDell U2410f rev A02 
KeyboardPowerCaseMouse
X-Armor U9BL TT Toughpower 1200w (NTB more efficient) Mountain Mods Pinnacle 24 CYO Roccat Kone (R.I.P. A4Tech x7) 
Mouse Pad
Steelpad Experience I-1 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i7 920 D0 4.2ghz HT (1.3625v) Asus R3E 2xGTX 460 (non SLi, no overclock) 6x2gb G.skill @ 6-8-6-24-1T 
Hard DriveOptical DriveOSMonitor
WD-VR 300GBx1, 2xWD 1tb,2x60gb Agility Some crappy combo burner... Arch x64 3xDell U2410f rev A02 
KeyboardPowerCaseMouse
X-Armor U9BL TT Toughpower 1200w (NTB more efficient) Mountain Mods Pinnacle 24 CYO Roccat Kone (R.I.P. A4Tech x7) 
Mouse Pad
Steelpad Experience I-1 
  hide details  
Reply
post #8 of 11
Code:
find . -type d | xargs chmod 770

I believe there's a way for find to grab file names with specific permissions, but I don't know how to do that. It's probably a good idea to make sure you got everything though if there's sub-directories to worry about.
post #9 of 11
You need to have group write and SGID (chmod g+s) for the "users" group on the public directory, and make it recursive if there are sub directories. This is only a directory permission requirement, in Unix as long as you have parent directory write permissions you can delete a file below it regardless of its permissions. Unless you want "the" user to modify the file and not just delete, then you will need to change "deluge" user's umask value to have group write.
Edited by CaptainBlame - 4/5/14 at 4:16pm
post #10 of 11
So in summary

Add deluge user to users group.
Code:
Find /public/dir -type d -exec chown the:users {} \;
Find /public/dir -type d -exec chmod 2775 {} \;

Set umask for deluge to 002 # optional, only required if you want "the" user to modify files that deluge added, not required if you want "the" user just to delete files.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › Somewhat of a permissions nightmare