freenas 插件权限设置
2015-02 from–https://www.ixsystems.com/community/threads/how-to-giving-plugins-write-permissions-to-your-data.27273/
In order for your plugin to be able to write to your data datasets/folders it must have..

  1. access to your data dataset/folders
  2. permissions to write to your data folders.


1) MAKING DATA ACCESSIBLE TO YOUR PLUGIN’S JAIL

  • It is preferred that your data reside on a dataset(s) outside of your jail that you regularly snapshot and backup.
  • FreeNAS plugins, by default, have no access to files residing outside of its jail.

2) PERMISSIONS
Choose one of the 4 solutions to give your plugin write permission to your data folders.

FACTS

  • Every folder/file has a UNIX permission level, UID ownership, and GID ownership, which determines which user/group members can read/write to that folder/file. Basic UNIX permissions are described in the opening part of Chapter 4, Part 4, of the FreeBSD handbook.
  • Jails and the FreeNAS host do not share user/group databases. They only associate UIDs/GIDs to users/groups if that mapping exists in it’s particular user/group database.
  • Processes running inside a jail’s userland (plugins) are permitted to read/write files/folders according to the jail’s user/group database.
  • By default, most plugins run as a specific user, with a specific UID, and keep their configuration/databases/logs in what I will refer to as a data-directory.

NOTE

  • Never change the ownership or permission levels of Jail datasets. These contain operating system and application files that will not work properly if changed. Only ever change ownership or permission levels of datasets that contain only your data and that are mounted into your Jail(s).

SOLUTION 1 – USER WRITEABLE

  • Add a user in the FreeNAS WebUI with a matching UID as the plugin’s default user.
  • Change ownership of the data dataset/folders to the newly added user.

SOLUTION 2 – USER WRITEABLE

  • In the jail, add a user with a matching UID as the owner of the data dataset/folders.
    • Code:
      pw useradd -n USER -u UID -d /nonexistent -s /usr/sbin/nologin
  • In the jail, change the user the plugin runs as, and change ownership of the data-directory.
    • Code:
      service PLUGIN onestop
      chown -R USER:GROUP /var/db/PLUGIN
      sysrc 'PLUGIN_user=USER'
      service PLUGIN start

SOLUTION 3 – GROUP WRITEABLE

  • Change permission of the data dataset/folders to allow group writing.
  • In the jail, add a group with a matching GID as the group owner of the data dataset/folders.
    • Code:
      pw groupadd -n GROUP -g GID
  • In the jail, add the user the plugin runs as to the newly added group.
    • Code:
      pw groupmod GROUP -m USER

SOLUTION 4 – OTHER WRITEABLE

  • Change permission of the data dataset/folder to allow other writing.
上一篇
下一篇