What is the default user:group that channels runs as in Freenas?

JMcGuire · March 12, 2018, 6:38pm

Just looking for the name and UID

tmm1 · March 12, 2018, 6:45pm

Not sure, it would be whatever freenas sets up in the plugin jail.

JMcGuire · March 12, 2018, 7:46pm

"If you prefer instead to install into /usr/local, run this before the setup script: cd /usr/local && sudo mkdir -p channels-dvr && sudo chown $(id -u -n) channels-dvr"

Could I first create a user:group “channels” with…iocage exec channels "pw user add channels -c channels -u 820 -d /nonexistent -s /usr/bin/nologin", then run the setup script within the jail?

The only thing I don’t fully understand is how to fill in (id -u -n) when running the script.

tmm1 · March 12, 2018, 7:47pm

id -u -n returns the id of the current user. Replace it with the user id or name you want to use instead.

JMcGuire · March 12, 2018, 10:19pm

I think I’ve got everything installed correctly but I cant restart the service. This was normal with warden jails as well, I had to go into “plugins” as start the service after boot. With iocage I’m not sure how to manually do that or fix it to start when the jail is restarted.

So far these are the steps I’ve done:

echo '{"pkgs":["curl","ca_root_nss"]}' > /tmp/pkg.json
iocage create -n "channels" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage exec channels mkdir /usr/local/etc/rc.d
iocage exec channels "pw user add channels -c channels -u 820 -d /nonexistent -s /usr/bin/nologin"
iocage console channels
cd /usr/local 
mkdir -p channels-dvr 
chown -R channels:channels channels-dvr
curl -f -s https://getchannels.com/dvr/setup.sh | sh
pw groupadd -n admin -g 1000
pw groupmod admin -m channels
exit
iocage fstab -a channels /mnt/storage/dvr /dvr nullfs rw 0 0

I could be messing up somewhere but I believe this should install the dvr in /usr/local/channels-dvr, running as the user=channels uid=820. The /dvr directory is mounted and owned by the “admin” group which channels has been added to within the jail. If you have a chance and can find any faults in this let me know.

tmm1 · March 12, 2018, 10:31pm

The chown should happen after the curl.

For auto-start, try this inside the console session:

echo ‘channels_dvr_enable=“YES”’ >> /etc/rc.conf

tmm1 · March 12, 2018, 10:32pm

Might be better yet to run the setup.sh as your user instead. So:

curl -f -s https://getchannels.com/dvr/setup.sh | sudo -u channels sh

Might require “sudo” in your pkg.json

JMcGuire · March 12, 2018, 11:14pm

EDIT: nevermind, it was a bug in vnet where I needed to specify iocage exec <jail> 'sysrc ifconfig_epair0_name="epair0b"'

Restarted fine and is working

tmm1 · March 12, 2018, 11:19pm

Processes within the jail need to be able to talk to each other over 127.0.0.1 (localhost). Sounds like the loopback network adapter isn’t setup or something.

JMcGuire · March 12, 2018, 11:20pm

thanks, I forgot about the vnet bug, edited previous comment

tmm1 · March 12, 2018, 11:21pm

You need to add to this somehow (with a comma? not sure): lo1|127.0.1.1/8

tmm1 · March 12, 2018, 11:21pm

Cool!

Can you update your earlier iocage post with the updated steps (correct chown ordering etc).

JMcGuire · March 12, 2018, 11:22pm

Thats filled in, I just didn’t copy it over on here. The problem was the code above in the edited comment.

JMcGuire · March 12, 2018, 11:25pm

Would it be better if I just create a “how to” thread and then this thread can be deleted?

tmm1 · March 12, 2018, 11:30pm

Sure.

I think there’s still an issue where the DVR isn’t running as the user you created. What does ps aux | grep channels-dvr show?

The setup.sh installs a /usr/local/etc/rc.d/channels_dvr but it doesn’t specify a user to run the daemon as.

JMcGuire · March 12, 2018, 11:37pm

root@channels:~ # ps aux | grep channels-dvr
root 20784 0.0 0.0 14828 1848 0 S+J 19:36 0:00.00 grep channels-dvr

So I guess its still running as root

JMcGuire · March 12, 2018, 11:38pm

not a huge deal but all of my other jails run as their own user, I was just hoping to keep that structure since it makes it easier for me to understand and set the permissions

JMcGuire · March 12, 2018, 11:45pm

Here is an example of how my other jails are setup, with the config being stored on my main pool in case I need to reinstall the jail without losing settings…

echo '{"pkgs":["mono","ca_root_nss","unzip","sqlite3"]}' > /tmp/pkg.json
iocage create -n "ombi" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage fstab -a ombi /mnt/tank1/apps/ombi /config nullfs rw 0 0
iocage exec ombi ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec ombi "fetch https://github.com/tidusjar/Ombi/releases/download/v2.2.1/Ombi.zip -o /usr/local/share"
iocage exec ombi "unzip -d /usr/local/share /usr/local/share/Ombi.zip"
iocage exec ombi mv /usr/local/share/Release /usr/local/share/ombi
iocage exec ombi rm /usr/local/share/Ombi.zip
iocage exec ombi sqlite3 /config/Ombi.sqlite "create table aTable(field1 int); drop table aTable;"
iocage exec ombi mkdir -p /config/Backups
iocage exec ombi ln -s /config/Ombi.sqlite /usr/local/share/ombi/Ombi.sqlite
iocage exec ombi ln -s /config/Backups /usr/local/share/ombi/Backups
iocage exec ombi "pw user add ombi -c ombi -u 819 -d /nonexistent -s /usr/bin/nologin"
iocage exec ombi chown -R ombi:ombi /usr/local/share/ombi /config
iocage exec ombi mkdir /usr/local/etc/rc.d

Create an rc file for ombi using your favorite editor at /mnt/iocage/jails/ombi/root/usr/local/etc/rc.d/ombi

RC File:

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: ombi
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# ombi_enable (bool): Set to NO by default.
# Set it to YES to enable it.
# ombi_user: The user account ombi daemon runs as what
# you want it to be. It uses 'ombi' user by
# default. Do not sets it as empty or it will run
# as root.
# ombi_group: The group account ombi daemon runs as what
# you want it to be. It uses 'ombi' group by
# default. Do not sets it as empty or it will run
# as wheel.
# ombi_data_dir:    Directory where ombi configuration
#            data is stored.
#            Default: /usr/local/share/ombi

. /etc/rc.subr

name=ombi
rcvar=ombi_enable
load_rc_config ${name}

: ${ombi_enable:=NO}
: ${ombi_user:=ombi}
: ${ombi_group:=ombi}
: ${ombi_data_dir:="/config"}

procname="/usr/local/bin/mono"
command="/usr/sbin/daemon"
command_args="-f ${procname} /usr/local/share/ombi/Ombi.exe"

start_precmd=ombi_precmd
ombi_precmd() {
if [ ! -d ${ombi_data_dir} ]; 
then install -d -o ${ombi_user} -g ${ombi_group} ${ombi_data_dir}
fi
export XDG_CONFIG_HOME=${ombi_data_dir}
}

run_rc_command "$1"

Then:

iocage exec ombi chmod u+x /usr/local/etc/rc.d/ombi
iocage exec ombi sysrc ombi_enable=YES
iocage exec ombi service ombi start

tmm1 · March 12, 2018, 11:46pm

If it’s already in a jail, there may not be any point in setting up another user. Unless you’re trying to control the permissions of the recording files?

To run as the user, I think something like this would work:

curl -f -s …setup.sh | DOWNLOAD_ONLY=1 sh
chown -R …
curl -f -s https://getchannels.com/dvr/install-freebsd.sh | sed -e ‘s,daemon -p,daemon -u channels -p,’ > channels-dvr/install-freebsd.sh
sh channels-dvr/install-freebsd.sh

JMcGuire · March 12, 2018, 11:48pm

Its not a big deal if it works, I’m just used to having to add the user of the jail to my “admin” group for permissions, since it runs as root I guess that isn’t needed.