Hello everyone,
I have recently upgraded my FreeBSD 10.3 server to 11.2.
With this change, I also setup my system using jails:
- Plex
- Samba
- Apache PHP stack
- Nginx Node.js stack
- Database stack
- Etc.
I have two ZFS pools:
- zfs-os the FreeBSD OS
- data mounted to /data
I am using sysutils/iocage as tool for managing my jails.
The issue
After setting up my jails, I mounted bits of the data pool to some of my jails using nullfs:
After mounting, I restarted and went into the jail and set the rights to a local user, for plex this was the user plex:
I then continued to setup the other jails, ending with the samba jail:
I then started using the system and everything seemed fine, the samba was working and other jails were working fine too.
But, when I later wanted to use the plex server, the plexdata folder and its subfolders were inaccessible.
I noticed that the plexdata directory had different user/group permissions, set to a GUID:
After changing the permissions of the folder recursive back to user plex, group plex, samba could not access the directory anymore?
Also, I noticed that the /data directory on my host had changed its permissions to the GUID of the plex user.
I thought that each jail has it's own permission system and could not change things on the host.
I also thought that mounting a directory to a jail using nullfs would create a different access point, without collision of permissions.
Apparently I was wrong.
Is there a way to get this working?
And could you please explain me why using jails and mounting a directory still changes permissions on host/other jail?
I have recently upgraded my FreeBSD 10.3 server to 11.2.
With this change, I also setup my system using jails:
- Plex
- Samba
- Apache PHP stack
- Nginx Node.js stack
- Database stack
- Etc.
I have two ZFS pools:
- zfs-os the FreeBSD OS
- data mounted to /data
I am using sysutils/iocage as tool for managing my jails.
The issue
After setting up my jails, I mounted bits of the data pool to some of my jails using nullfs:
iocage fstab -a plex "/data/media /plexdata nullfs rw 0 0"
After mounting, I restarted and went into the jail and set the rights to a local user, for plex this was the user plex:
chown -R plex:plex /plexdata
I then continued to setup the other jails, ending with the samba jail:
iocage fstab -a samba "/data /share nullfs rw 0 0"
chown -R user:group /share
I then started using the system and everything seemed fine, the samba was working and other jails were working fine too.
But, when I later wanted to use the plex server, the plexdata folder and its subfolders were inaccessible.
I noticed that the plexdata directory had different user/group permissions, set to a GUID:
drwxrwxr-- 6 972 972 6 Nov 13 2016 plexdata
After changing the permissions of the folder recursive back to user plex, group plex, samba could not access the directory anymore?
Also, I noticed that the /data directory on my host had changed its permissions to the GUID of the plex user.
I thought that each jail has it's own permission system and could not change things on the host.
I also thought that mounting a directory to a jail using nullfs would create a different access point, without collision of permissions.
Apparently I was wrong.
Is there a way to get this working?
And could you please explain me why using jails and mounting a directory still changes permissions on host/other jail?