- access to your data dataset/folders
- permissions to write to your data folders.
1) MAKING DATA ACCESSIBLE TO YOUR PLUGIN'S JAIL
- It is preferred that your data reside on a dataset(s) outside of your jail that you regularly snapshot and backup.
- FreeNAS plugins, by default, have no access to files residing outside of its jail.
- Data datasets/folders should be mounted into the plugin's jail as described in the FreeNAS User Guide.
Choose one of the 4 solutions to give your plugin write permission to your data folders.
- Every folder/file has a UNIX permission level, UID ownership, and GID ownership, which determines which user/group members can read/write to that folder/file. Basic UNIX permissions are described in the opening part of Chapter 4, Part 4, of the FreeBSD handbook.
- Jails and the FreeNAS host do not share user/group databases. They only associate UIDs/GIDs to users/groups if that mapping exists in it's particular user/group database.
- Processes running inside a jail's userland (plugins) are permitted to read/write files/folders according to the jail's user/group database.
- By default, most plugins run as a specific user, with a specific UID, and keep their configuration/databases/logs in what I will refer to as a data-directory.
- Never change the ownership or permission levels of Jail datasets. These contain operating system and application files that will not work properly if changed. Only ever change ownership or permission levels of datasets that contain only your data and that are mounted into your Jail(s).
SOLUTION 1 - USER WRITEABLE
- Add a user in the FreeNAS WebUI with a matching UID as the plugin's default user.
- Change ownership of the data dataset/folders to the newly added user.
SOLUTION 2 - USER WRITEABLE
- In the jail, add a user with a matching UID as the owner of the data dataset/folders.
pw useradd -n USER -u UID -d /nonexistent -s /usr/sbin/nologin
- In the jail, change the user the plugin runs as, and change ownership of the data-directory.
service PLUGIN onestop chown -R USER:GROUP /var/db/PLUGIN sysrc 'PLUGIN_user=USER' service PLUGIN start
SOLUTION 3 - GROUP WRITEABLE
- Change permission of the data dataset/folders to allow group writing.
- In the jail, add a group with a matching GID as the group owner of the data dataset/folders.
pw groupadd -n GROUP -g GID
- In the jail, add the user the plugin runs as to the newly added group.
pw groupmod GROUP -m USER
SOLUTION 4 - OTHER WRITEABLE
- Change permission of the data dataset/folder to allow other writing.