root@channels:~ # ps aux | grep channels-dvr
root 20784 0.0 0.0 14828 1848 0 S+J 19:36 0:00.00 grep channels-dvr
So I guess its still running as root
not a huge deal but all of my other jails run as their own user, I was just hoping to keep that structure since it makes it easier for me to understand and set the permissions
Here is an example of how my other jails are setup, with the config being stored on my main pool in case I need to reinstall the jail without losing settings…
echo '{"pkgs":["mono","ca_root_nss","unzip","sqlite3"]}' > /tmp/pkg.json
iocage create -n "ombi" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage fstab -a ombi /mnt/tank1/apps/ombi /config nullfs rw 0 0
iocage exec ombi ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec ombi "fetch https://github.com/tidusjar/Ombi/releases/download/v2.2.1/Ombi.zip -o /usr/local/share"
iocage exec ombi "unzip -d /usr/local/share /usr/local/share/Ombi.zip"
iocage exec ombi mv /usr/local/share/Release /usr/local/share/ombi
iocage exec ombi rm /usr/local/share/Ombi.zip
iocage exec ombi sqlite3 /config/Ombi.sqlite "create table aTable(field1 int); drop table aTable;"
iocage exec ombi mkdir -p /config/Backups
iocage exec ombi ln -s /config/Ombi.sqlite /usr/local/share/ombi/Ombi.sqlite
iocage exec ombi ln -s /config/Backups /usr/local/share/ombi/Backups
iocage exec ombi "pw user add ombi -c ombi -u 819 -d /nonexistent -s /usr/bin/nologin"
iocage exec ombi chown -R ombi:ombi /usr/local/share/ombi /config
iocage exec ombi mkdir /usr/local/etc/rc.d
Create an rc file for ombi using your favorite editor at /mnt/iocage/jails/ombi/root/usr/local/etc/rc.d/ombi
RC File:
#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: ombi
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# ombi_enable (bool): Set to NO by default.
# Set it to YES to enable it.
# ombi_user: The user account ombi daemon runs as what
# you want it to be. It uses 'ombi' user by
# default. Do not sets it as empty or it will run
# as root.
# ombi_group: The group account ombi daemon runs as what
# you want it to be. It uses 'ombi' group by
# default. Do not sets it as empty or it will run
# as wheel.
# ombi_data_dir: Directory where ombi configuration
# data is stored.
# Default: /usr/local/share/ombi
. /etc/rc.subr
name=ombi
rcvar=ombi_enable
load_rc_config ${name}
: ${ombi_enable:=NO}
: ${ombi_user:=ombi}
: ${ombi_group:=ombi}
: ${ombi_data_dir:="/config"}
procname="/usr/local/bin/mono"
command="/usr/sbin/daemon"
command_args="-f ${procname} /usr/local/share/ombi/Ombi.exe"
start_precmd=ombi_precmd
ombi_precmd() {
if [ ! -d ${ombi_data_dir} ];
then install -d -o ${ombi_user} -g ${ombi_group} ${ombi_data_dir}
fi
export XDG_CONFIG_HOME=${ombi_data_dir}
}
run_rc_command "$1"
Then:
iocage exec ombi chmod u+x /usr/local/etc/rc.d/ombi
iocage exec ombi sysrc ombi_enable=YES
iocage exec ombi service ombi startIf it’s already in a jail, there may not be any point in setting up another user. Unless you’re trying to control the permissions of the recording files?
To run as the user, I think something like this would work:
curl -f -s …setup.sh | DOWNLOAD_ONLY=1 sh
chown -R …
curl -f -s https://getchannels.com/dvr/install-freebsd.sh | sed -e ‘s,daemon -p,daemon -u channels -p,’ > channels-dvr/install-freebsd.sh
sh channels-dvr/install-freebsd.sh
Its not a big deal if it works, I’m just used to having to add the user of the jail to my “admin” group for permissions, since it runs as root I guess that isn’t needed.
Okay, I updated our freebsd installer script to be user/group aware.
Try this and LMK if it works:
pw groupadd -n admin -g 1000
pw groupmod admin -m channels
cd /usr/local
mkdir -p channels-dvr
chown -R channels:channels channels-dvr
curl -f -s https://getchannels.com/dvr/setup.sh | su channels env DOWNLOAD_ONLY=1 sh
sysrc channels_dvr_user=channels
sysrc channels_dvr_group=admin
curl -f -s https://getchannels.com/dvr/install-freebsd.sh | sh
Ok, I’ll try that out. The only thing different would be not having the config located outside of my jails volume but channels shouldn’t need that since the config isn’t as complicated as having to setup something like sonarr all over again in the event of a jail disk failure.
DOWNLOAD_ONLY command not recognized
typo’d, fixed in edit above (DOWNLOAD_ONLY=1)
Also running into this now but wasn’t before…
root@channels:/usr/local # curl -f -s https://getchannels.com/dvr/setup.sh | sh
Downloading Channels DVR 2018.01.30.0033 (freebsd-x86_64) to /usr/local/channels
-dvr.....
channels_dvr_enable: -> YES
daemon: illegal option -- g
usage: daemon [-cfrS] [-p child_pidfile] [-P supervisor_pidfile]
[-u user] [-o output_file] [-t title]
[-l syslog_facility] [-s syslog_priority]
[-T syslog_tag] [-m output_mask]
command arguments ...Okay try again, without the sysrc channels_dvr_group....
DOWNLOAD_ONLY=1: Command not found.
(23) Failed writing body
Try curl -f -s ... | sudo -u channels env DOWNLOAD_ONLY=1 sh
sudo: command not found (i didn’t install sudo since everything seems to run without it)
-u: command not found
Okay, try
curl -f -s … | su channels env DOWNLOAD_ONLY=1 sh
root@channels:/usr/local # chown -R channels:channels channels-dvr
root@channels:/usr/local # curl -f -s ... | channels env DOWNLOAD_ONLY=1 sh
channels: Command not found.
root@channels:/usr/local # curl -f -s https://getchannels.com/dvr/setup.sh | sh
Downloading Channels DVR 2018.01.30.0033 (freebsd-x86_64) to /usr/local/channels
-dvr.....
channels_dvr_enable: -> YES
Channels DVR has been installed. Visit http://dvr-channels.local:8089/ in your b
rowser.
root@channels:/usr/local # chown -R channels:channels channels-dvr
root@channels:/usr/local # sysrc channels_dvr_user=channels
channels_dvr_user: -> channels
root@channels:/usr/local # sysrc channels_dvr_group=channels
channels_dvr_group: -> channels
root@channels:/usr/local # ps aux | grep channels-dvr
root 13972 0.0 0.0 14828 1800 0 S+J 20:45 0:00.00 grep channels-dvrThe curls are not right. The “…” was meant to be a placeholder for the URL. You only need to run the DOWNLOAD_ONLY version, and not the old one.
IGNORE: using this for c/p
echo '{"pkgs":["curl","ca_root_nss","sudo"]}' > /tmp/pkg.json
iocage create -n "channels" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|192.168.1.77/24" defaultrouter="192.168.1.1" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage exec channels mkdir /usr/local/etc/rc.d
iocage exec channels "pw user add channels -c channels -u 820 -d /nonexistent -s /usr/bin/nologin"
iocage console channels
pw groupadd -n admin -g 1000
pw groupmod admin -m channels
cd /usr/local
mkdir -p channels-dvr
curl -f -s https://getchannels.com/dvr/setup.sh | env DOWNLOAD_ONLY=1 sh
chown -R channels:channels channels-dvr
sysrc channels_dvr_user=channels
curl -f -s https://getchannels.com/dvr/install-freebsd.sh -o channels-dvr/install.sh
chmod +x channels-dvr/install.sh
sh channels-dvr/install.sh
echo 'channels_dvr_enable="YES"' >> /etc/rc.conf
exit
iocage fstab -a channels /mnt/storage/dvr /dvr nullfs rw 0 0
iocage fstab -a channels /mnt/transcode/channels /streaming nullfs rw 0 0
iocage exec channels 'sysrc ifconfig_epair0_name="epair0b"'
iocage restart channelsgetting an error: “nologin not found in usr/bin”
Should I create the channels user differently?