Sunday, January 05, 2014

Sorting out permissions for Raspberrypi with Btsync and Owncloud

Hello all, I hope this helps

This is a quick post about my solution to sort out the file permissions for Btsync daemon in order to allow owncloud to read and write the synchronized files and folders.


The issue:

I installed my own "File shared cloud solution" by following this great post here posted by Dan. I installed nginx just for fun and because I read that it has better performance, anyway the Raspberry is what it is, so I did not notice much difference, but its nice to try new things, isn't it?

It was all up and running quite quickly. However I did not used the autostart solution from Dan, it did not work for me, I am not sure why, so I first tried to use this simple script, but at the end I needed to use that one in order to run the service as a daemon with the required configuration, more details later.

When I start using OwnCloud I was seeing a warning message that reads like "You don't have permission to upload or create files here".
OwnCloud warning message




That wast the begging of almost a day of "geeky fun", I did not really understand much about what users and what permissions where running Bittorrent sync and Owncloud.


Solution:

After some time googleling and reading more posts and forums, see below for the list of used resources, I finally understood what and why I had all this issue. At least I think so, so please correct me if I am wrong.

Using that instructions from Dan, I ended up with a BtSync service running as root (using the init.d/btsync simple script ). Those instructions do not install BtSync package, so the service is not really installed and setup into the different folders like /etc, /usr/share, and so on. You just download a "btsync_arm.tar.gz"  file and extract that. This is important because it looks like this tar file is a compiled BtSync for the arm architecture (raspeberry pi). I found out that you can also install BtSync from correspondent architecture packages, see this post. Anyway, as a good geek, I remained to the same track using the tar file and try to understand more about my issue.

First part, run the service as user pi and group www-data. So with BtSync running as a root and Owncloud running as www-data user, I first updated the init.d/btsync simple script to run the BtSync service as user pi and www-data. I just added the user and group parameters to the start command as follows:
"sudo -u pi -g www-data /home/pi/.btsync/btsync"

The second part of my solution was to setup umask for the service. All right I had it running as user pi and group www-data, but I still had same warning message while using Owncloud when I created new folders and files from my computer. When BtSync copy those folders and files to the /media/Sync the user and group were right but the permissions were not as the www-data had only read access.

All right, I tried to add the config file with the deamon commented configuration lines following the instructions from here and here.  And I added the config file as follows:

"sudo -u pi -g www-data /home/pi/.btsync/btsync --config /home/pi/.btsync/.config"

It did not work. I guess that it was because that simple script is not running a deamon, it is simply running the service as a process. So I found the init.d script to run the BtSync as a deamon from here. Now the BtSync service was running as a daemon, but the  DAEMON_** configuration lines were not having any effect. Again, not sure why, but I guess that because I did not installed the package and all the /etc and ~/ files something is not really working there.

Anyway, I did a man of the "start-stop-daemon" which is the main command of the new init.d script. I found that I could directly add the group and umask to the daemon process. So my final solution is the init.d/btsync script that follows, based on the original one here. I just updated the user to pi, added the group and the umask and deleted the config file.

#!/bin/sh
### BEGIN INIT INFO
# Provides: btsync
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Should-Start: $network
# Should-Stop: $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Multi-user daemonized version of btsync.
# Description: Starts the btsync daemon for all registered users.
### END INIT INFO
 
# Replace with linux users you want to run BTSync clients for
BTSYNC_USERS="pi"
BTSYNC_GROUP=www-data
BTSYNC_UMASK=0002
DAEMON=/home/pi/.btsync/btsync

start() {
  for btsuser in $BTSYNC_USERS; do
    HOMEDIR=`getent passwd $btsuser | cut -d: -f6`
    if [ -f $config ]; then
      echo "Starting BTSync for $btsuser"
      start-stop-daemon -b -o -c $btsuser -S -u $btsuser --group $BTSYNC_GROUP --umask $BTSYNC_UMASK -x $DAEMON --
    else
      echo "Couldn't start BTSync for $btsuser (no $config found)"
    fi
  done
}

stop() {
  for btsuser in $BTSYNC_USERS; do
    dbpid=`pgrep -fu $btsuser $DAEMON`
    if [ ! -z "$dbpid" ]; then
      echo "Stopping btsync for $btsuser"
      start-stop-daemon -o -c $btsuser -K -u $btsuser -x $DAEMON
    fi
  done
}

status() {
  for btsuser in $BTSYNC_USERS; do
    dbpid=`pgrep -fu $btsuser $DAEMON`
    if [ -z "$dbpid" ]; then
      echo "btsync for USER $btsuser: not running."
    else
      echo "btsync for USER $btsuser: running (pid $dbpid)"
    fi
  done
}

case "$1" in
 start)
start
;;
stop)
stop
;;
restart|reload|force-reload)
stop
start
;;
status)
status
;;
*)
echo "Usage: /etc/init.d/btsync {start|stop|reload|force-reload|restart|status}"
exit 1
esac

exit 0


That is all for me, now my personal cloud is all synchronized and I can access all files from OwnCldoud.

I just need to setup few more things about security, I found this post really interesting and I guess necessary to protect my little Raspberry from being eaten by worms.

Thanks for reading.


Resources:

Posted by Marc Andreu.

No comments: