Page 1 of 1

Could not open out file: permission denied

Posted: Mon Jun 29, 2020 4:28 pm
by Zipdox
I can't seem to be able to make zoneminder use an external drive. Despite having set the ownership and permissions of the directory correctly, it still fails.
Take a look at the attached images.
What am I missing?

Re: Could not open out file: permission denied

Posted: Tue Jun 30, 2020 3:59 pm
by mikb
Need more information about the external drive -- most importantly, is it using a FAT filesystem, or a proper one like ext4? How is it connected (USB, network?) Model number etc. (so others can Google what you've got).

It is possible that the drive is using a FAT file system (which is pretty clueless about permissions and ownership -- no matter what Linux will try and show you) and worse still, doesn't understand symbolic links, which are used by ZoneMinder and a fundamental part of a real filesystem.

The permissions look a bit enthusiastic there - rwxrwxrwx means EVERYONE can look in there, create, edit, delete stuff, which is not great for security, so you may want to tighten that up later.

Re: Could not open out file: permission denied

Posted: Wed Jul 01, 2020 3:57 pm
by Zipdox
mikb wrote:
Tue Jun 30, 2020 3:59 pm
Need more information about the external drive -- most importantly, is it using a FAT filesystem, or a proper one like ext4? How is it connected (USB, network?) Model number etc. (so others can Google what you've got).

It is possible that the drive is using a FAT file system (which is pretty clueless about permissions and ownership -- no matter what Linux will try and show you) and worse still, doesn't understand symbolic links, which are used by ZoneMinder and a fundamental part of a real filesystem.

The permissions look a bit enthusiastic there - rwxrwxrwx means EVERYONE can look in there, create, edit, delete stuff, which is not great for security, so you may want to tighten that up later.
It's ext4. I chose the lackluster permissions to make sure that the permissions are not the problem. The disk is connected to motherboard SATA. Here's a parted dump:

Code: Select all

Model: ATA WDC WD80PURZ-85Y (scsi)
Disk /dev/sdb: 8002GB
Sector size (logical/physical): 512B/4096B
Partition Table: loop
Disk Flags:

Number  Start  End     Size    File system  Flags
 1      0.00B  8002GB  8002GB  ext4

Re: Could not open out file: permission denied

Posted: Thu Jul 02, 2020 3:29 pm
by mikb
Ah, not what I was expecting!

ext4 is a proper file system. Good.

Direct SATA connection -- Good -- this rules out flaky USB enclosures and CIFS/SMB networking devices that don't know how to work properly.

The wide permissions being deliberate I can understand, please make sure to re-attach the doors and windows once you're done testing!

Do I understand correctly that /survaillance (directory ".." from your screenshot) is owned by "server, server" and is therefore only accessible to that user? Could this stop zoneminder traversing into /survaillance to get to the lower directories (zoneminder/events)?

Maybe /survaillance should be rwxr-xr-x (chmod 755) to let ZM look in there? Or try "rwx--x--x" (chmod 711) to let it go in but not look around?

Re: Could not open out file: permission denied

Posted: Fri Jul 03, 2020 3:01 am
by rockedge
the directories ownership needs to be the same as the web server and Zoneminder user. There are several that need to be the same.

Re: Could not open out file: permission denied

Posted: Fri Jul 03, 2020 10:25 am
by Zipdox
mikb wrote:
Thu Jul 02, 2020 3:29 pm
Ah, not what I was expecting!

ext4 is a proper file system. Good.

Direct SATA connection -- Good -- this rules out flaky USB enclosures and CIFS/SMB networking devices that don't know how to work properly.

The wide permissions being deliberate I can understand, please make sure to re-attach the doors and windows once you're done testing!

Do I understand correctly that /survaillance (directory ".." from your screenshot) is owned by "server, server" and is therefore only accessible to that user? Could this stop zoneminder traversing into /survaillance to get to the lower directories (zoneminder/events)?

Maybe /survaillance should be rwxr-xr-x (chmod 755) to let ZM look in there? Or try "rwx--x--x" (chmod 711) to let it go in but not look around?
I will try that.

Re: Could not open out file: permission denied

Posted: Sun Jul 05, 2020 1:14 am
by Zipdox
Yep that fixed it.