SABnzbd Forums

My new folders created by sabnzdb are no longer inheriting the permissions of the parent Share as before; only user "admin" has access (and me as an administrator).

This began with the latest version that I got a couple days ago, 3.0.1.

Nothing has changed in the container. It runs with the PUID/PGID for the user "admin."

Normally, I keep that user disabled (it still works for containers), but I enabled the user and tested another download. Still no inherited permissions.

So, I logged into synology as the user admin and created a folder in the same share. It was created with inherited permissions.

Any advice?

In SAB 3.0.1, there were changes to permissions. See https://github.com/sabnzbd/sabnzbd/releases/tag/3.0.1 "Permissions were not set correctly when creating directories."

So, can you try SAB 3.0.0 and see if that works how you want it to work?

No, don't do that. The permissions code in 3.0.0 is not the way it should be at all.
Will investigate.

I might have an idea what is going wrong:
Do you have anything set for Config > Folders > Directory Permissions?

safihre wrote: ↑August 21st, 2020, 2:34 am I might have an idea what is going wrong:
Do you have anything set for Config > Folders > Directory Permissions?

I saw the "Permissions for completed downloads" in the config area last night and will spend some time on it today, but I am not sure what to set the value such that it would inherit permissions. Up to now, I have just left it blank and it worked. (I have had this synology setup for about 10 months. Before that it was Windows for several years.)

I did discover last night that v 3.0.0 left new folders with an even different set of permissions: admin had r/w permission while administrators + everyone had read permission.

Today, I am also going to create a new user fo sabnzbd so it no longer runs as admin.

Oke, yes indeed it should work with the permissions setting empty. I found the bug and will fix it later today!
Just have to write some automated tests so this won't happen again in the future!

Thank you for reporting

That is great. Thanks.
Hopefully, my docker container builds an update right away, too. (linuxserver/sabnzbd)

safihre wrote: ↑August 21st, 2020, 5:17 am Oke, yes indeed it should work with the permissions setting empty. I found the bug and will fix it later today!
Just have to write some automated tests so this won't happen again in the future!

Thank you for reporting

I just got some items using version 3.0.2.

The good news is the sorted folder being created for completion is using inherited privileges.
The bad news is the item in the folder is not inheriting those privileges. It is not the same as 3.0.1 which was just admin having access. Now, it has a curious list of custom privileges for admin, administrators, and everyone.

I checked items in the incomplete folder and it seems it is those privileges (almost) that are being used when the item is moved to its complete folder.

Note that my "Permissions for completed downloads" value is empty.

So what permissions are applied?
The code will do the following: 0777 for directories but masked with the umask of the process.
The folders will have 0666.
This is (almost) the same as it was in 2.3.9
What is the logging showing for the applied permissions?

not sure what this translate into with chmod terms but the file has the following

admin has list, read, create, write, delete
adminstrators and everyone has list, read

I don't know that I can even describe the permissions I want in chmod terms, but the file's folder is created with permissions inherited from the parent folder that includes user groups as well as other users having a mix of list & read only (ie local consumer users) and others having list, read, create, delete (ftp users/content creators).

In version 2.3.9, the new folder and file inherited permitted from parent.

Could something like "synoacltool -enforce-inherit" be needed here?

Yeah I'm not completly sure how it is supposed to work.
The code is now doing the same as it would do in 2.3.9, so not sure anymore what I can change..

That is unfortunate. I am assuming that because a new folder, in the category parent, properly inherits permissions that the problem must be related to moving the file from the download folder to the complete sorting folder.

That being said, I reviewed the filesystem.py to see if I can find any differences. Being that I am not a python developer and not familiar with the code, the only area I can identify as different is in the filesystem.py line 514, but it does not seem significant 0666 vs 7666.

Could it be that with changes from PY2 to PY3 that maybe the filesystem is not ready to change the new file's permissions when set_permissions is called? Maybe it is not there yet?

I am just throwing any idea out there. I apologize if it seems insulting. RIght now, I am logging into the synology DMS's File Station and right clicking the share to enforce inherited permissions.

I have attempted to add a post-processing bash script to update the permission, but it fails because the command "synoacltools" cannot be found.

Hopefully, I can remedy that. Until then, I have a task scheduled every night on the Synology that looks for anything created in the last 24 hours and enforces inherit permissions.

Here is that script for anyone else with this issue:

find '/path/to/folder/' -mindepth 1 -mtime -1 ! -path '*/@eaDir*' ! -path '*/#recycle*' ! -path '*/#snapshot*' | while read line; do echo "$line"; synoacltool -enforce-inherit "$line"; done

edit: changed ctime to mtime

I am pretty sure this bug is back. I have sabnzbd running on a Synology NAS and a recent update seems to have introduced this bug again. As a temporary workaround, I have found that if I set "Permissions for completed downloads" to 777 it fixes the issue, but if it is left blank permissions are not set correctly. It is specifically an issue with Plex's PlexMediaServer system user that does not get access, only the assigned user and admin group gets permission to the file.

Hi,

i have a simular issue after the juli update dam 7.0 i am using the 777 fix for quite a long time now, and untill now it did solve mine issues.

But now sabnzb is able to download but than it is not able to move it to the right folder.

i am getting an PermissionError: [Errno 13] Permission denied than.

Anyone an idea what this can be?

many thanks in advance for your help

kind regards
tom