Could not open out file: permission denied

Previous development branch now released as 1.36
Locked
Zipdox
Posts: 4
Joined: Mon Jun 29, 2020 4:22 pm

Could not open out file: permission denied

Post by Zipdox »

I can't seem to be able to make zoneminder use an external drive. Despite having set the ownership and permissions of the directory correctly, it still fails.
Take a look at the attached images.
What am I missing?
Attachments
20200629_181601.jpg
20200629_181601.jpg (78.92 KiB) Viewed 4221 times
20200629_181908.jpg
20200629_181908.jpg (51.88 KiB) Viewed 4221 times
mikb
Posts: 585
Joined: Mon Mar 25, 2013 12:34 pm

Re: Could not open out file: permission denied

Post by mikb »

Need more information about the external drive -- most importantly, is it using a FAT filesystem, or a proper one like ext4? How is it connected (USB, network?) Model number etc. (so others can Google what you've got).

It is possible that the drive is using a FAT file system (which is pretty clueless about permissions and ownership -- no matter what Linux will try and show you) and worse still, doesn't understand symbolic links, which are used by ZoneMinder and a fundamental part of a real filesystem.

The permissions look a bit enthusiastic there - rwxrwxrwx means EVERYONE can look in there, create, edit, delete stuff, which is not great for security, so you may want to tighten that up later.
Zipdox
Posts: 4
Joined: Mon Jun 29, 2020 4:22 pm

Re: Could not open out file: permission denied

Post by Zipdox »

mikb wrote: Tue Jun 30, 2020 3:59 pm Need more information about the external drive -- most importantly, is it using a FAT filesystem, or a proper one like ext4? How is it connected (USB, network?) Model number etc. (so others can Google what you've got).

It is possible that the drive is using a FAT file system (which is pretty clueless about permissions and ownership -- no matter what Linux will try and show you) and worse still, doesn't understand symbolic links, which are used by ZoneMinder and a fundamental part of a real filesystem.

The permissions look a bit enthusiastic there - rwxrwxrwx means EVERYONE can look in there, create, edit, delete stuff, which is not great for security, so you may want to tighten that up later.
It's ext4. I chose the lackluster permissions to make sure that the permissions are not the problem. The disk is connected to motherboard SATA. Here's a parted dump:

Code: Select all

Model: ATA WDC WD80PURZ-85Y (scsi)
Disk /dev/sdb: 8002GB
Sector size (logical/physical): 512B/4096B
Partition Table: loop
Disk Flags:

Number  Start  End     Size    File system  Flags
 1      0.00B  8002GB  8002GB  ext4
mikb
Posts: 585
Joined: Mon Mar 25, 2013 12:34 pm

Re: Could not open out file: permission denied

Post by mikb »

Ah, not what I was expecting!

ext4 is a proper file system. Good.

Direct SATA connection -- Good -- this rules out flaky USB enclosures and CIFS/SMB networking devices that don't know how to work properly.

The wide permissions being deliberate I can understand, please make sure to re-attach the doors and windows once you're done testing!

Do I understand correctly that /survaillance (directory ".." from your screenshot) is owned by "server, server" and is therefore only accessible to that user? Could this stop zoneminder traversing into /survaillance to get to the lower directories (zoneminder/events)?

Maybe /survaillance should be rwxr-xr-x (chmod 755) to let ZM look in there? Or try "rwx--x--x" (chmod 711) to let it go in but not look around?
rockedge
Posts: 1173
Joined: Fri Apr 04, 2014 1:46 pm
Location: Connecticut,USA

Re: Could not open out file: permission denied

Post by rockedge »

the directories ownership needs to be the same as the web server and Zoneminder user. There are several that need to be the same.
Zipdox
Posts: 4
Joined: Mon Jun 29, 2020 4:22 pm

Re: Could not open out file: permission denied

Post by Zipdox »

mikb wrote: Thu Jul 02, 2020 3:29 pm Ah, not what I was expecting!

ext4 is a proper file system. Good.

Direct SATA connection -- Good -- this rules out flaky USB enclosures and CIFS/SMB networking devices that don't know how to work properly.

The wide permissions being deliberate I can understand, please make sure to re-attach the doors and windows once you're done testing!

Do I understand correctly that /survaillance (directory ".." from your screenshot) is owned by "server, server" and is therefore only accessible to that user? Could this stop zoneminder traversing into /survaillance to get to the lower directories (zoneminder/events)?

Maybe /survaillance should be rwxr-xr-x (chmod 755) to let ZM look in there? Or try "rwx--x--x" (chmod 711) to let it go in but not look around?
I will try that.
Zipdox
Posts: 4
Joined: Mon Jun 29, 2020 4:22 pm

Re: Could not open out file: permission denied

Post by Zipdox »

Yep that fixed it.
Locked