Transmission daemon permissions problem. SUID related???

cbass · 10-08-2011, 05:24 PM

Hi all,

I've installed transmission-daemon on a fairly fresh Debain Squeeze install, but am having some file permission problems.

The transmission user in Debian is "debian-transmission". I have verified that the daemon is started as this user:

Code:

$ ps --user debian-transmission
  PID TTY          TIME CMD
 3473 ?        00:00:00 transmission-da

I have created debian-transmission's home directory, with a torrents and .incomplete directory inside it:

Code:

$ ls -la /home/debian-transmission/

drwxrwxr-x 4 debian-transmission debian-transmission 4096 Oct  8 21:19 .
drwxr-xr-x 6 root                root                4096 Oct  8 20:39 ..
drwxr-xr-x 2 debian-transmission debian-transmission 4096 Oct  8 21:19 .incomplete
drwxr-xr-x 2 debian-transmission debian-transmission 4096 Oct  8 21:08 torrents

I copied the settings.json file over from a previous Ubuntu install, where it worked as expected. In the old install my download directory was inside my main user's home directory, with the permissions changed to allow debian-transmission to write to it. As you can see, in this install I have changed the settings.json to download into the transmission user's home dir.

Code:

$ sudo cat /etc/transmission-daemon/settings.json
[sudo] password for charlie: 
{
    "alt-speed-down": 1, 
    "alt-speed-enabled": true, 
    "alt-speed-time-begin": 420, 
    "alt-speed-time-day": 127, 
    "alt-speed-time-enabled": true, 
    "alt-speed-time-end": 1380, 
    "alt-speed-up": 1, 
    "bind-address-ipv4": "0.0.0.0", 
    "bind-address-ipv6": "::", 
    "blocklist-enabled": false, 
    "dht-enabled": true, 
    "download-dir": "/home/debian-transmission", 
    "download-limit": 300, 
    "download-limit-enabled": 1, 
    "encryption": 1, 
    "incomplete-dir": "/home/debian-transmission/.incomplete", 
    "incomplete-dir-enabled": true, 
    "lazy-bitfield-enabled": true, 
    "lpd-enabled": false, 
    "max-peers-global": 200, 
    "message-level": 2, 
    "open-file-limit": 32, 
    "peer-limit-global": 120, 
    "peer-limit-per-torrent": 30, 
    "peer-port": 51413, 
    "peer-port-random-high": 65535, 
    "peer-port-random-low": 49152, 
    "peer-port-random-on-start": false, 
    "peer-socket-tos": 0, 
    "pex-enabled": true, 
    "port-forwarding-enabled": false, 
    "preallocation": 1, 
    "proxy": "", 
    "proxy-auth-enabled": false, 
    "proxy-auth-password": "", 
    "proxy-auth-username": "", 
    "proxy-enabled": false, 
    "proxy-port": 80, 
    "proxy-type": 0, 
    "ratio-limit": 1.0000, 
    "ratio-limit-enabled": true, 
    "rename-partial-files": true, 
    "rpc-authentication-required": true, 
    "rpc-bind-address": "0.0.0.0", 
    "rpc-enabled": true, 
    "rpc-password": "{b479a979442320560a5fd6c6047461452ad68501/1dEzN8u", 
    "rpc-port": 9091, 
    "rpc-username": "charlie", 
    "rpc-whitelist": "127.0.0.1,192.168.0.*", 
    "rpc-whitelist-enabled": true, 
    "script-torrent-done-enabled": false, 
    "script-torrent-done-filename": "", 
    "speed-limit-down": 300, 
    "speed-limit-down-enabled": true, 
    "speed-limit-up": 10, 
    "speed-limit-up-enabled": true, 
    "start-added-torrents": true, 
    "trash-original-torrent-files": false, 
    "umask": 2, 
    "upload-limit": 50, 
    "upload-limit-enabled": 0, 
    "upload-slots-per-torrent": 14, 
    "watch-dir": "/home/debian-transmission/torrents", 
    "watch-dir-enabled": true
}

I can access the web interface on localhost and via the local network. I have copied an old .torrent file into the "torrents" directory and changed its permissions to debian-transmission:debian-transmission (although I never had to do this on the old install, and can't think why I'd have to; I'm just trying to eliminate some causes).

When I try to run the download, the web interface reports"Error: Permission denied", even though it can connect to peers, and reports a download rate (for a while at least).

I've no idea why this permission problem is occurring. The filesystem permissions are as they were with my previous install, but the permission denied error indicates that the FS is where the issue lies.

Now, this is where my Linux-fu runs out. The default transmission data directories have slightly different permissions. (Note the sneaky 's' in the owner permissions):

Code:

$ ls -la /var/lib/transmission-daemon/
total 36
drwxr-xr-x  7 root                root                4096 Oct  8 21:58 .
drwxr-xr-x 63 root                root                4096 Oct  8 20:28 ..
drwxr-xr-x  2 root                root                4096 Oct  8 21:56 blocklists
drwsrwxr-x  2 debian-transmission debian-transmission 4096 Oct 17  2010 downloads
drwsr-x---  5 debian-transmission debian-transmission 4096 Oct  8 22:54 info
drwxr-xr-x  2 root                root                4096 Oct  8 21:58 resume
-rw-------  1 root                root                1871 Oct  8 21:58 settings.json
-rw-------  1 root                root                 137 Oct  8 21:58 stats.json
drwxr-xr-x  2 root                root                4096 Oct  8 21:57 torrents

This is something to to with SUIDs or GUIDs or something. I've done a bit of reading, and don't really get the significance of these. Can someone enlighten me? Do I have to set the SUID of debian-transmission's home directory to the same as the "downloads" directory above? Why? What are the security implications of this? Why did this work before on my Ubuntu install?

Thanks in advance,

Charlie

neonsignal · 10-09-2011, 08:37 AM

The SUID bit and SGID bits on directories are intended as a way of having files inside the directory inherit user and or group ownership from the directory (at the time of creation). However, on Linux the SUID bit for directories is not functional, so it will make no difference if you set it.

My guess is that the problem is more likely to be something to do with directory locations. A few things to try would be:

1) disable the incomplete directory in settings.json (just as a test), likewise the watch directory
2) check the default locations of things like the settings files (eg blocklists, and so on) - I notice on my Debian system that they are actually located inside the info subdirectory
3) remove your Ubuntu settings file and get it working first with the standard Debian settings, then start moving things into the /home/debian-transmision directory and see which ones are causing the failure

cbass · 10-19-2011, 03:03 PM

OK sorry I've forgotten about this. I kind of knew I'd posted something, but couldn't even remember the subject!

In the end, I reinstalled transmission daemon to get the standard .json file back. Did progressive testing from standard through to the settings I wanted (baby steps etc), expecting to find the point of failure. I didn't.

It's now doing what it should have done in the first place, but I don't know why (or rather why it didn't work before).

I might post again if I figure out why it didn't work originally, but for now the issue is solved.

Thanks for your help.