Jump to content

Setting permissions in FreeNAS 11.3+ and TrueNAS 12.0+


MRobi

Recommended Posts

MRobi

Permission issues are one of the biggest issues we troubleshoot in this section. Thankfully, with the release of FreeNAS 11.3 they've implemented a new featured called the ACL Manager. With this new feature, configuring permissions for your jails has never been easier!

 

I've done up a quick how-to guide and attached.

 

This is only for new jails created in 11.3. Anybody upgrading from an older version of FreeNAS that already has Emby installed will not need to follow this guide as they'd have already configured permissions under the old system.

Emby File Permission Setup FreeNAS 11.3.pdf

NOTE: To access the ACL in TrueNAS 12.0+ the location has changed slightly. You must go to Storage -> Pools, click the 3 dots beside your pool, select Edit Permissions. This will put you into the ACL Manager. All other steps are the same. I no longer use TrueNAS so I don't have screenshots, but anybody is free to update this document and provide screen shots if needed.

Edited by MRobi
  • Like 8
  • Thanks 3
Link to comment
Share on other sites

  • 2 months later...
  • 7 months later...
On 2/25/2021 at 11:47 AM, Romeo123 said:

Note for others who can't read, like me.
Use 989 and not user 'media' as displayed in one of the screenshots, this is important!

Thanks for the feedback !

Link to comment
Share on other sites

  • 1 month later...
ohitsyouagain

Luke?  or Romeo123... I looked for 989 in my list of users and groups... didn't see it.   OBTW my pool "m1" says it can't be edited.

Link to comment
Share on other sites

MRobi
2 hours ago, ohitsyouagain said:

Luke?  or Romeo123... I looked for 989 in my list of users and groups... didn't see it.   OBTW my pool "m1" says it can't be edited.

The ACL settings are done on the host system (TrueNAS). User 989 doesn't technically exist on the host,  it exists within the Emby jail. After you mount your storage to the jail, user 989 will try to access your files, which is why you need to give it permission on host. Since it doesn't exist on host, when you type in 989 in the ACL settings it says "Could not find a user name for this user ID.". This is expected and normal which is why the document says "Don't worryif it says Could not find a user name for this user ID" ;)

You could go into your users and create a user 989 on host and call it Emby if you want, but it's an extra step that's not needed

  • Like 1
Link to comment
Share on other sites

ohitsyouagain
12 hours ago, MRobi said:

The ACL settings are done on the host system (TrueNAS). User 989 doesn't technically exist on the host,  it exists within the Emby jail. After you mount your storage to the jail, user 989 will try to access your files, which is why you need to give it permission on host. Since it doesn't exist on host, when you type in 989 in the ACL settings it says "Could not find a user name for this user ID.". This is expected and normal which is why the document says "Don't worryif it says Could not find a user name for this user ID" ;)

You could go into your users and create a user 989 on host and call it Emby if you want, but it's an extra step that's not needed

Like this ? not sure about group issue

user989.png

Emby_pools.png

Edited by ohitsyouagain
added info
Link to comment
Share on other sites

MRobi
15 hours ago, ohitsyouagain said:

Like this ? not sure about group issue

user989.png

Emby_pools.png

That's not the ACL manager at all. What exactly are you trying to do? Have you looked at the first post and followed the pdf guide?

Link to comment
Share on other sites

ohitsyouagain

The example in the pdf doesn't FIT my configuration.  I have separate storage for my data, and as shown above a separate storage for emby1 & emby2.  None of them fits the example.  I am running TrueNAS under VMware Workstation 16   image.png.41ef0f25c42e6e4382fd720516ee33af.png

so that I may use the rest of the host computer to manage the TrueNAS installation.  I start VMware using sudo so that I may have root access to the hardware of the host computer.  Thus allowing me to bring in the 4TB drive and the 1TB drive for use in TrueNAS as in a hardware based installation.

as shown in the photos above M1 is my emby storage drive, and is NOT able to be modified using the three dot method described.

So... am I on my own, or do you have a suggestion ?

 

Link to comment
Share on other sites

MRobi
50 minutes ago, ohitsyouagain said:

The example in the pdf doesn't FIT my configuration.  I have separate storage for my data, and as shown above a separate storage for emby1 & emby2.  None of them fits the example.  I am running TrueNAS under VMware Workstation 16   image.png.41ef0f25c42e6e4382fd720516ee33af.png

so that I may use the rest of the host computer to manage the TrueNAS installation.  I start VMware using sudo so that I may have root access to the hardware of the host computer.  Thus allowing me to bring in the 4TB drive and the 1TB drive for use in TrueNAS as in a hardware based installation.

as shown in the photos above M1 is my emby storage drive, and is NOT able to be modified using the three dot method described.

So... am I on my own, or do you have a suggestion ?

 

Your screenshot above shows pools mounted in TrueNAS therefore you should have access to the ACL manager to configure permissions in TrueNAS. It's a core feature in the TrueNAS OS, so if it isn't working you should contact TrueNAS support.

While M1 is your system dataset, you have your iocage jails stored on public so your entire emby jail is actually on public not m1. Now without knowing your setup, I'm assuming when you say M1 is your emby storage drive that means you've got your emby configuration mounted on the M1 dataset and that's completely fine as long as you've mounted it to your emby jail as well as your media. As a point of reference, when I ran Emby on TrueNAS, my jails were on 1 dataset, my configuration stored on another dataset and all of my media was on another. After setting up the configuration mount and storage mount to the emby jail and configuring the ACL settings for both it worked fine.

I can try to walk you through the old school method for setting permissions in a jail if you'd like, it's much more complicated and I'm still not seeing anything that would make your setup not work with the ACL manager unless you've mounted your storage to the jail incorrectly. Can you post up a screenshot of your mount points to the Emby jail?

It should also be noted that it's generally not recommended to virtualize TrueNAS. If it's a must, you should be blacklisting the hardware that TrueNAS will be accessing on your host system and passing them through. If your host has access to those drives you are sharing with TrueNAS it can cause you all sorts of issues including a complete loss of your data. My genuine recommendation is to either run Emby on your host system, or run TrueNAS bare metal.

Link to comment
Share on other sites

ohitsyouagain

Thanks for the info MRobi.  It's unlikely that I'll resort to running it on baremetal.  It's just a learning tool for me and saves me having to use two computers in order to source the Emby server and another to manage it.  It's all on one box.  I've run Nextcloud this way as well and it's very stable.  No other users making things happen.  Just me.

Public is the only place where their are jails.  If you look at the photos again you'll only see iocage on Public.  A one Terra-byte drive for the sole purpose of housing TrueNAS plugins that I may want to try.  The m1 drive is of course a ZFS drive and it's sole purpose is for the media files.  Mount points take care of the linkage...  I believe the source side of the Mount Point controls the ACL.  So I believe my settings there control what the jail does...  The m1 drive is operating in Passthrough mode.

I have five Proliant DL380 servers and one G8 series is a dedicated Emby box with six 2TB drives, 32 cores, and 64G of memory.  I call this my production box.  The one we're talking about above is simply a play around and try configurations.  I have yet to successfully configure it to go on the Internet.  That is my next project.  I'd prefer to use my own SSL keys and will be happy with self signed because I'll be the only user.  Accepting an Exception isn't a problem and I can make the keys good for 20 years.  I'll be dead or nearly so by then,.

When I figure out how to put Emby on the Internet, I'll do it on the DL380pG8.  But as yet following the instructions has not led me to JOY.

BTW ==> https://itigic.com/truenas-core-guide-to-install-and-configure-an-advanced-nas/

Thanks

 

 

Host System.png

Emby_PC_server.png

Edited by ohitsyouagain
updated photo
Link to comment
Share on other sites

MRobi

I'm not saying by virtualizing TrueNAS it won't work. I'm saying it's not recommended. Just because there's a blog by someone online showing how to do it, doesn't mean the dev's at TrueNAS designed it to be run that way. You can also drive a car drunk, some people even do it regularly without any issues, but it doesn't mean it's recommended to do it. For the record, I also virtualized TrueNAS on proxmox as I migrated off of it.

Now back to the point, none of this leads me to believe that you can't setup an ACL entry. 

Public houses all of your jails. If you navigate to the iocage folder you'll see a folder for every jail you have deployed.

m1 is your media. It's a ZFS pool mounted and controlled by TrueNAS. You should have an fstab entry to mount this media into your emby jail, you should have done this while setting up the jail. Assuming you have, you must then give the emby user permission to read/write to this storage pool. To do this you follow the guide in post 1 and create an ACL entry for user 989.

I feel you're overthinking this whole thing. As it sits, there is nothing unique here that would require additional steps to give emby access to your media.

Link to comment
Share on other sites

ohitsyouagain
Quote

You should have an fstab entry to mount this media into your emby jail, you should have done this while setting up the jail.

I used "Mount Points" not digging around outside TrueNAS suggested methods.  I'll give it another look.  But honestly it's working VERY well right now.  I'm tempted to just leave well enough alone.  I was just interested in the whole 989 thing and had wondered from the beginning what Emby really wanted the ownership of the Storage to be.  At the moment it's mylogin:wheel and 777.  I know that may be risky... but don't feel the risk with not being Internet connected.

Thanks for your assistance MRobi....

D...

Link to comment
Share on other sites

Baenwort
13 hours ago, ohitsyouagain said:

I used "Mount Points" not digging around outside TrueNAS suggested methods.  I'll give it another look.  But honestly it's working VERY well right now.  I'm tempted to just leave well enough alone.  I was just interested in the whole 989 thing and had wondered from the beginning what Emby really wanted the ownership of the Storage to be.  At the moment it's mylogin:wheel and 777.  I know that may be risky... but don't feel the risk with not being Internet connected.

Thanks for your assistance MRobi....

D...

fstab is the process on the server that the mount point interface is a variable too. The information you enter in the mount point area is fed into a fstab command to link the folders.

Link to comment
Share on other sites

  • 5 months later...
On 4/8/2021 at 7:42 PM, MRobi said:

For the record, I also virtualized TrueNAS on proxmox as I migrated off of it.

I hope you are still around.  I'm just curious, if you don't mind me asking, why did you migrate off of TrueNAS?  Switched to something else?

I'm in the process of building a new custom NAS box, and I'm thinking of trying TrueNAS for the first time.  I'm tired of windows running whatever it wants, whenever it wants, no matter how hard I lock it down.  I'm an old school UNIX/Linux and even FreeBSD dude, it's been a while, but should be comfortable with TrueNAS, unless it sucks hah.

@MRobi

Link to comment
Share on other sites

Well one reason I could guess might be software compatibility. Freebsd is not Linux, therefore software has to be specially designed for it. This leads to some apps not being available on freebsd, or available but with limitations compared to other platforms.

That's why the new truenas scale is very attractive as it is Linux based.

Link to comment
Share on other sites

1 hour ago, Luke said:

Well one reason I could guess might be software compatibility. Freebsd is not Linux, therefore software has to be specially designed for it. This leads to some apps not being available on freebsd, or available but with limitations compared to other platforms.

That's why the new truenas scale is very attractive as it is Linux based.

Thanks, I saw the Linux Scale mentioned, but haven't looked at it yet.  If it's viable, I might just go that way instead, since I'm a Linux head.  Other apps are important too.

Link to comment
Share on other sites

Hot damn, Scale is based on Debian!  I'm a huge Debian fan, everyone knows it's the best distro, always has been.  This looks interesting.  Will definitely start with Scale, even though it's still "beta", released over a year ago?

Link to comment
Share on other sites

On 16/09/2021 at 10:09, Bingie said:

I hope you are still around.  I'm just curious, if you don't mind me asking, why did you migrate off of TrueNAS?  Switched to something else?

I'm in the process of building a new custom NAS box, and I'm thinking of trying TrueNAS for the first time.  I'm tired of windows running whatever it wants, whenever it wants, no matter how hard I lock it down.  I'm an old school UNIX/Linux and even FreeBSD dude, it's been a while, but should be comfortable with TrueNAS, unless it sucks hah.

@MRobi

My main motivation for moving off of TrueNAS was GPU passthrough. It can technically be done in TrueNAS but it's not very intuitive. I'm now able to use the GPU in Emby and Plex for transcoding but also have an instance of Tdarr using it. Tdarr isn't available on TrueNAS and  allows me to convert all my media automatically to x265. I've saved somewhere around 18tb of storage so far. 

TrueNAS is superior for managing and sharing storage which is why I kept it in a VM and passed through my HBA to it so TrueNAS has full control over all the drives and then shares it back to the proxmox host, other containers and VM's via NFS.

TrueNAS scale does look promising though and when it's out of infancy I may look at going back for simplicity sake. I may spin it up in a VM just to play with it and see what it can do.

EDIT: I loaded up TrueNAS Scale in a VM on proxmox. Mounted an extra drive as storage. From there I went under apps, manage catalogs and added the TrueCharts catalogue. Just by doing that the amount of available apps is massive compared to TrueNAS. Emby is part of the TrueCharts repository and was a simple 1-click install. This will open up so many more doors to those that like the TrueNAS interface. 

Edited by MRobi
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...