Ask Your Question
0

Permissions - Shared group folder on ext USB drive

asked 2017-06-12 17:57:43 -0500

JetStream gravatar image

I'm attempting to set up a shared folder on an external USB drive (ext4 formatted) that contains my media collection such that they can be accessed by users and a minidlna server process.

Any thoughts on what is going wrong here? Schoolboy error?

The USB drive is mounted at /mnt/WDCB500. Here's the entry from /etc/fstab

/dev/mapper/WDCB5000 /mnt/WDCB500 ext4 auto,nofail,defaults 0 0

  • Minidlna server runs under the default minidlna user
  • There is a group media. minidlna and other users are members of this group
  • The folder videos has ownership minidlna:media
  • The setgid bit is set as well
  • SELinux is disabled on the system

 [jetstream@dellgx620 ~]$ sudo ls -las /mnt/WDCB500/
 4 drwxrwx---  5 root      root      4096 Jun 12 20:58 .
 4 drwxr-xr-x. 7 root      root      4096 Jun 12 20:42 ..
16 drwxr-x---  2 root      root     16384 Jun  9 20:27 lost+found
 4 drwxr-x---  3 jetstream jetstream  4096 Jun  8 21:37 receipts
 4 drwxrwsrwx  3 minidlna  media     4096 Jun 12 09:00 videos

/etc/minidlna.conf

media_dir=/mnt/WDCB500/videos

Yet these users are denied access to the folder

Jun 12 21:05:54 dellgx620 minidlnad[1616]: [2017/06/12 21:05:54] minidlna.c:614: error: Media directory "/mnt/WDCB500/videos" not accessible [Permission denied]

[jetstream@dellgx620 ~]$ id
uid=1000(jetstream) gid=1000(jetstream) groups=1000(jetstream),10(wheel),3333(media)
[jetstream@dellgx620 ~]$ ls /mnt/WDCB500/videos
ls: cannot access '/mnt/WDCB500/videos': Permission denied
[jetstream@dellgx620 ~]$ id test
uid=1002(test) gid=1002(test) groups=1002(test),3333(media)
[jetstream@dellgx620 ~]$ sudo su - test
[test@dellgx620 ~]$ cd /mnt/WDCB500/videos
-bash: cd: /mnt/WDCB500/videos: Permission denied
edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
2

answered 2017-06-12 19:46:22 -0500

sideburns gravatar image

I see two things wrong: first, SELinux should never be disabled without very good reasons, and the fact that this is still happening is proof that it's not involved. Unless you have other issues that you think it's causing, please enable it for your own security. Second, /mnt/WDCB500 has ownership of root root and nobody not in the root group has access to it. That means that regular users can't access anything in that directory, including the videos directory, regardless of what its permissions are. My advice is to add root to the media group and then use sudo chown root media /mnt/WDCB500 to allow anybody in the media group access to it.

edit flag offensive delete link more

Comments

Thanks @sideburns. Got me thinking though .. if I put in sudo chown root media /mnt/WDCB500 here to let members of the group media have access to the videos sub folder, how would it play out if there was a need to create a different shared subfolder to /mnt/WDCB500?

i.e. if I needed to create a similar group (say finance) and make that group the owner of the subfolder receipts there how would the permissions need to be set on /mnt/WDCB500/mnt/WDCB500/videos/mnt/WDCB500/receipts such that finance has access to receipts and media to videos?

JetStream gravatar imageJetStream ( 2017-06-13 08:11:09 -0500 )edit

Re: SELinux - I have this set to off on this box as I use it as a development setup, as a test bed various software bits. To keep it easy to troubleshoot on this is something doesn't work.

JetStream gravatar imageJetStream ( 2017-06-13 08:26:41 -0500 )edit
1

In answer to your first question, your best bet would be to give everybody access to the mountpoint and control access to the subdirectories as needed. And, as far as SELinux goes, I've often found that getting alerts about access violations a good way to find out what a program is doing wrong, instead of wondering why some other random program crashed, but YMMV.

sideburns gravatar imagesideburns ( 2017-06-13 08:39:37 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-06-12 17:57:43 -0500

Seen: 69 times

Last updated: Jun 12 '17