This might be the wrong forum - but I thought I would give it a try.
I have managed to installed a FreeNas jail running Duplicati and after some buggering around managed to log in. I then created 3 folders in /mnt called (Install, Music, Data) and then use FreeNas to assign mountpoints to the appropriate datapools in FreeNas - so far so good.
If I then open a shell into the Duplicati Jail, I can see the mount points I have configured and cd into them to find all the files in the datapool(s). whoami says I am root
I then open duplicati up and set up a backup but when it comes to selcting files /mnt is empty. This implies that duplicati, the program, is running as a different user with different permissions - but I have no idea who or how to find out.
Background Info:
FreeNas is domain attached
The 3 datasets are shared using domain permissions appropriate to the folder, but all have standard freenas owner@ and group@ permissions as well
The 3 datasets are configured under an SMB dataset that isn’t CIFS shared, but that everyone has access to via evereyone@, group@ and owner@
I feel this ought to work, and its annoying me that it isn’t
I only tested FreeNAS once with the Duplicati package, but from what I recall it does not run the process as root. You can verify by opening a shell into the Duplicati jail and running:
# ps aux
You may need to change the setting and have Duplicati run as root in order to back up all your data.
OK, that makes some sense BUT
if I shell into duplicati, I am running as root, and root can see the files. Presumably therefore running duplicati as root rather than as duplicati that should work should it not? Any idea how?
As you may be able to tell I am WAY out of my depth here
Another thought. I looked at the folders I created in /mnt. These folder are what I mount the FreeNas folders to so I can segment the backup into different processes.
root can see these folders, but duplicati cannot. All duplicati can see is the /mnt with nothing in it.
I created these folders as root.
What do I need to change so that the user duplicati can see these folders, and then maybe duplicati will see the files below that
?
I tried chmod -v 755 * (also directory names) and get Operation not permitted
using chown to give ownership to duplicati means I can see the folders but nothing in them
bummer… sorry, I have very little experience with FreeNAS jails. Maybe another user with more experience can speak up.
That may be part of it, but Duplicati still needs to read files within those mount points. So if any don’t have at least read access to “other” users, Duplicati won’t be able to back them up.
What are the current permissions of the mount points within /mnt ? Can you do an ls -l /mnt and show the output?
Instead of messing with chmod or chown inside the FreeNAS jail, try looking at the mapped folder settings in the FreeNAS Web UI instead. I don’t recall if there was any ability there to customize access to the mapped folders for the jailed application.
If I give access to everyone in the FreeNAS settings then Duplicati has access. However I consider giving everyone access, which also effects any Windows (CIFS/Samba) shares a s a bad thing, and walk over any form of security.
The duplicati user is not defined in FreeNas, only in the Jail so I have no apparent way to assign privaleges to duplicati
Personally I would just get Duplicati to run as root in the freenas jail, instead of changing permissions on your nas shares.
When I mentioned the freenas web UI I was talking about management of the Duplicati jail. There may be a way to get Duplicati to run as root there. If you are still stuck I can try bringing up a freenas vm to experiment
I tried messing with a load of settinsg for the Jail. No effect.
I agree with you that running duplicati as root will solve the issue. Just can’t figure out how. I am not an “ix” expert by any stretch of imagination (even mine)
I believe that is the correct method instead of editing the /usr/local/etc/rc.conf file directly.
I also changed ownership of the Duplicati config files:
# chown -R root:wheel /config
I restarted the jail and noticed the same thing you did - Duplicati doesn’t start. But what’s weird is you can manually start it by doing this from the jail shell:
I don’t understand why it no longer auto-starts after issuing those sysrc commands to change the user it runs as. I’ll try to do more digging when I have time, but I wanted to share my progress so far.
I also have had some luck.
Speaking to a freind of mine he came up with an a idea.
Given that the jail file structure is part of the FreeNAS file structure. He suggested creating a user with the same UID as the UID that was in the Jail passwd file (1001)
So we created a user in FreeNAs with a UID of 1001 to match the 1001 inside the Jail and gave that use all rights over the Dataset that we were trying to backup.
And it worked - the duplicati user can now see the files in the mounts
and back them up
and restore them (even more important than backing them up). caveat - I am getting some restore errors about failing to apply metadata to some files but the files are there and working.
[I am testing with a bunch of MP3’s so testing the files is quite easy]
An example below
2020-04-28 21:15:17 +01 - [Warning-Duplicati.Library.Main.Operation.RestoreHandler-MetadataWriteFailed]: Failed to apply metadata to file: “/mnt/Music/Atomic Kitten/Right Now (2001)/12 - Strangers.mp3”, message: Unterminated string. Expected delimiter: ". Path ‘[‘unix-ext:user.DosStream.01APIC_00.jpg:$DATA’]’, line 1, position 102397.
BUT the specific file mentioned is back and readable. I think this is a different issue (currently), also permissions, but different
Following the post you linked would be the intended course of action. You will find similar posts if you look for information around resilio sync or other plugins that you want to interact with your datapools. Plugins use the freebsd jails construct. Jails are isolated to themselves by design and require a bit of tweaking to get to interact with the host system.
Hello
I’m a newbee with truenas and I testing it at this time…
I have made install of the plugin Duplicati under truenas but I cannot see the directory under /MNT/
I have read here it needeed to create a user in truenas with the UID in the jail duplicati…
But how to know the UID of duplicati ?