When Freedombox is rebooted and I then add a new torrent to Transmission I get a error message in Transmission web UI ‘Error permission denied’. Then, if I disable Samba and Transmission and then re-enable Transmission and Samba and add a new torrent all works OK. The Freedombox user is ‘admin’ with all privileges.
Steps to Reproduce
Reboot Freedombox and add a new torrent to Transmission and the error message is there again. Disable the two apps again and enable them and all is OK again until a reboot.
If there is a kernel updated in the morning time and Freedombox needs a reboot. The torrent will be broken because of the permission issue.
Then it disable and re-enable Transmission and Samba and all back to working again.
Regards: peter
Screenshot
I have attach a screenshot of Transmission Web UI that shows the error message. After a reboot and a new torrent is added.
Minidlna shouldn’t need any extra permissions. The version with the fix FreedomBox 21.4.1 released has not landed in buster-backports yet, it can take about a month as Debian has slowed down package updates because of upcoming new stable release.
I have a similar symptom in Debian 13 with FreedomBox 25.9.3 on an x86-64 computer.
If I disable and re-enable Samba and Transmission, the same error occurs. If I also set up MiniDLNA in its own folder, instead of in the Samba folder, the same error occurs.
Just in case: I deleted the admin user created during the FreedomBox installation when I created another admin user.
group-share permissions:
$ ls -ld /var/lib/freedombox/shares/group_share
drwxrwsr-x+ 2 root freedombox-share 4096 ago 23 19:39 /var/lib/freedombox/shares/group_share
nslcd.service status:
$ sudo systemctl status nslcd.service
...
ago 25 12:22:26 hostname nslcd[1385]: [4t6c14] <passwd=""> request denied by validnames option
ago 25 12:22:26 hostname nslcd[1385]: [6y067c] <passwd=""> request denied by validnames option
ago 25 12:44:52 hostname nslcd[1385]: [7u75b4] <passwd="pam_unix_non_existent:"> request denied by validnames option
ago 25 13:16:24 hostname nslcd[1385]: [r4dc54] <passwd="pam_unix_non_existent:"> request denied by validnames option
ago 25 13:16:39 hostname nslcd[1385]: [f82329] <authc="admin"> uid=admin,ou=users,dc=thisbox: Invalid credentials
ago 25 13:16:41 hostname nslcd[1385]: [3f76b3] <passwd="pam_unix_non_existent:"> request denied by validnames option
ago 25 13:16:57 hostname nslcd[1385]: [tf9aad] <authc="admin"> uid=admin,ou=users,dc=thisbox: Invalid credentials
ago 25 13:16:59 hostname nslcd[1385]: [9bd497] <passwd="pam_unix_non_existent:"> request denied by validnames option
ago 25 13:17:34 hostname nslcd[1385]: [1349b6] <passwd="pam_unix_non_existent:"> request denied by validnames option
The service is active but last lines returned don’t look happy. However the Transmission permission error also happens with other unprivileged users.
If I should to start a new thread to discuss this issue, please let me know.
@Peterc can you post the output from getfacl /var/lib/freedombox/shares/group_share? I’d be curious to see that from the default directories used by Transmission as well.
$ ls -ld /var/lib/freedombox/shares/group_share
drwxrwsr-x+ 2 root freedombox-share 4096 ago 23 19:39 /var/lib/freedombox/shares/group_share
Let’s unpack the permissions for a second (drwxrwsr-x+)
d: it is a directory
rwx owning user (root) can read, write, and list files in the directory
having the “x” execute bit set on a directory allows you to see the contents
rws group owner (freedombox-share) is read, write, set gid
The setgid bit on a directory also causes all newly created subdirectories to have their setgid bit set, which automatically extends the above properties downward throughout all the project’s subdirectories.
This sounds like what we want, but reading on…
When User Private Groups Cannot Be Used
User private groups cannot be used when association with a group is required for another purpose, e.g., content served by a webserver is expected to be associated with the www-data group. In these cases ACLs must be used to share files and directories.
We see the ACL is set - and I think you may need to fine tune ACL here. Sadly, I’ve never used ACL but I think this may be an application for this. I’m going to have the same thing between syncthing and zoph soon, I suspect.
I read what you are doing as using Transmission - but locating the .torrent and the downloaded files in the Samba share. You’d like the setgid bit to make those files read/write/execute for the freedombox-share group upon creation and at the moment of creation the effective user or group is that of Transmission which may not be either user or group of the group_share folder. If you read through these wiki pages I see two details that may be important.
system umask may come into play
ACL may be required because there is a bit-torrent group for Transmission and a freedox-share group for Samba.
I don’t understand it all myself yet, but this looks like this may just be an advanced filesystem permissions question you have rather than any kind of bug.
The first file comes from a torrent file and had that error when I paused the download. The second file comes from a magnet link and had that error during the download. Both downloaded data before reaching the error. Transmission is configured to save partial files in /var/lib/transmission-daemon/Downloads and complete files in /var/lib/freedombox/shares/group_share.
@joseph in my case, I don’t think it’s a bug either. I have manipulated the system too much. When FreedomBox was newly installed, Transmission worked fine. I will look into the matter. Thanks for the explanation and the links.
I see, you have enabled a temporary folder for partial files. Please change the directory to lower case /var/lib/transmission-daemon/downloads as this is the directory Debian creates by default.
When I disabled downloading in /var/lib/transmission-daemon/Downloads so that it only uses /var/lib/freedombox/shares/group_share (for both partial and completed files), it worked.
When, following your suggestion, I changed the partial file download folder to lowercase (from /var/lib/transmission-daemon/Downloads to /var/lib/transmission-daemon/downloads), it also worked.
I don’t remember manually changing the folder name. Could this be a minor bug in the default configuration? If this is the case, Transmission worked fine at first because the temporary folder was not enabled.
Thanks for your help. I’m glad my system now works better than before.
