You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following is a guide to allow other swizzin users to use the non-multi-user filebrowser app.
Disclaimer:
While figuring this out, it was only my 2nd day of using Swizzin and also learning about linux file permissions. I apologize if I do anything incorrectly, have a exploit, or a typo in the guide. Please give me any advice / feedback.
When following this guide, there is only one instance / process of filebrowser. This means that:
The main / first swizzin user will have to manage anything relating to filebrowser (aka making users within filebrowser). However assuming your the main user, and root for your server, you have to manage setting up new users in swizzin anyways.
Users can use another user login in filebrowser to view another user files, since its one instance of filebrowser. However if you know another user swizzin user login details then you can just access directly into their swizzin, making this point null but wanted to explain anyways.
Goal
The idea is to have the filebrowser (that is not swizzin multi-user, and runs under the main swizzin user) app file path to be at /home, and then add users within the filebrowser app with the scope of their own home directory. There is some setup needed though since while a another filebrowser user logs into filebrowser, since the filebrowser process is running under the main swizzin user, it doesn't have access to other user's home current and future files. We also want the other user to have a link to filebrowser in the panel webpage for easy access.
Getting Started
Have swizzin installed and confirm it works
Install a torrent client, know the default download path (should be /home/USERNAME/torrents/TORRENTCLIENT), and confirm it works
Install filebrowser and confirm it works
Use touch /etc/swizzin/.dev.lock to disable swizzin updates until your ready to update (just incase a future update modifies / breaks something in the guide.) You can just delete the .dev.lock file to enable swizzin updates.
Terminology
MAINUSER is the name of the main / first user that you create at swizzin install script
SECONDUSER is the name of another user (will create later in the guide)
TORRENTCLIET is the name of your preferred torrent client. You can use a different download app you just need to know the swizzin default save path / location / directory of that app.
While ssh or other terminal access, log in as MAINUSER or su - MAINUSER to change your currently logged in user.
Change your directory cd $HOME/.config/Filebrowser and use filebrowser config set --root /home. There might be a lot of terminal output relating to filebrowser which is okay.
If you get a timeout error then you did not disable filebrower.
Then re-enable and restart filebrowser in the swizzin web panel.
(thanks to swizzin discord user @ThermPro [US] for helping me find where to run the filebrowser command to change root path and having to disable filebrowser first)
Login back in as root or elevate to root with proper login settings with either su - or sudo -i.
Create a new user using box adduser SECONDUSER. Login to swizzin web panel as SECONDUSER, access the torrent client, and check the download path if its different from /home/SECONDUSER/torrents/TORRENTCLIENT.
SECONDUSER will not have a link to filebrowser in the web panel yet. That will be later in the guide.
Allowing MAINUSER to access SECONDUSER files AND future files
While logged in as root on your server, Add the MAINUSER to the SECONDUSER group by using usermod -a -G SECONDUSER MAINUSER. MAINUSER primary group will still be MAINUSER but will also now be in a secondary group of SECONDUSER. The SECONDUSER is not added to the MAINUSER group.
We are adding to the group so that only MAINUSER as permissions to other user files and no other users.
Set the group permissions of your SECONDUSER torrent client download folder by chmod g+rwx /home/SECONDUSER/torrents/TORRENTCLIENT. If the folder isn't empty from any testing, use the -R recursive flag.
You can use ls -l /home/SECONDUSER/torrents to see the TORRENTCLIENT directory permissions
Note on permissions:
When using qbittorrent the permissions where rwxr-xr-x (user rwx, group rx, other rx) so the chmod should just be adding write permissions but from testing, filebrowser process running under MAINUSER needed execute permissions to just view the SECONDUSER home path (would get a 403 error). I don't have enough linux knowledge to understand why a process running under a user would need execute permissions to view a path since I would assume the process would have the read, write permissions inherited by the running user would do.
Since MAINUSER is in the SECONDUSER group, they now have permissions to access CURRENT files in the SECONDUSER home directory where their torrent client saves to.
Future files
For FUTURE files (like ones that SECONDUSER will download), use setfacl -PRdm u::rwx,g::rwx,o::rx /home/SECONDUSER/torrents/TORRENTCLIENT, great guide explaining setfacl I did not have to enable ACL on the filesystem, used a fresh install of Debian 11.
Now any files or directories created by SECONDUSER created within /home/SECONDUSER/torrents/TORRENTCLIENT will inherit the (user rwx, group rwx, other rx) permissions that are by default from using qbittorrent as a example to base from.
Setting up filebrowser second user and scope
Log into filebrowser using your MAINUSER account, go to Settings -> User Management -> New (to make a new user). Create a new user with the same login details as SECONDUSER. Set the scope to be /SECONDUSER/torrents/TORRENTCLIENT (You don't need /home since the current directory that filebrowser is in is /home.
OPTIONAL: Set the MAINUSER scope to /MAINUSER so that the MAINUSER doesn't have to click into their folder when accessing filebrowser each time. But then you would have to reset the scope to / if you wanted to view/edit SECONDUSER files.
TESTING
In SECONDUSER torrent client download something with a folder structure OR set up a cateogory that saves to a subdirectory (ie in qbittorrent make a category called "TV" and save location "TV" which will save to /home/SECONDUSER/torrents/TORRENTCLIENT/TV, the main thing we are testing as well is new files and directories made by SECONDUSER.
Then log into filebrowser as the SECONDUSER filebrowser user you made. To access you need to go to https://IP/filebrowser/ as there is no link to filebrowser from the swizzin web panel yet. Confirm if you can view, edit, delete, download from file AND folders from the main download path (ie, like files with the "TV" directory that the TORRENTCLIENT created).
Filebrowser link in Swizzin web panel for SECONDUSER
Use nano /opt/swizzin/core/custom/profiles.py and edit it to the following under from core.profiles import * changing the MAINUSER name:
class filebrowser_meta:
name = "filebrowser"
pretty_name = "Filebrowser"
baseurl = "/filebrowser"
runas = "MAINUSER"
multiuser = True
Refer to custom panel app setting guide but name,pretty_name, and baseurl are all from the default /opt/swizzin/core/profile.py that you don't want to edit.
runas sets which user to look for the process under to show the status light in panel page. multiuser doesn't have documentation but I assumed that it allows the app to be shown on other user panel web page since looking at other panel settings its about showing the app in the panel not effecting the app itself.
Use sudo systemctl restart panel to restart the web panel, wait a minute, login as SECONDUSER and confirm that there is a link to filebrowser.
Remember there is only one instance / process of filebrowser that is running under MAINUSER.
Summary of what we did
Change the path of filebrowser uses for files to /home
Added a new swizzin user
Added the main user to the new user group
Set current and future group file permissions for new user download location
Setup another user in filebrowser and defined their scope
Edited the panel to add a link for filebrowser for other users.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
The following is a guide to allow other swizzin users to use the non-multi-user filebrowser app.
Disclaimer:
While figuring this out, it was only my 2nd day of using Swizzin and also learning about linux file permissions. I apologize if I do anything incorrectly, have a exploit, or a typo in the guide. Please give me any advice / feedback.
When following this guide, there is only one instance / process of filebrowser. This means that:
Goal
The idea is to have the filebrowser (that is not swizzin multi-user, and runs under the main swizzin user) app file path to be at
/home
, and then add users within the filebrowser app with the scope of their own home directory. There is some setup needed though since while a another filebrowser user logs into filebrowser, since the filebrowser process is running under the main swizzin user, it doesn't have access to other user's home current and future files. We also want the other user to have a link to filebrowser in the panel webpage for easy access.Getting Started
/home/USERNAME/torrents/TORRENTCLIENT
), and confirm it workstouch /etc/swizzin/.dev.lock
to disable swizzin updates until your ready to update (just incase a future update modifies / breaks something in the guide.) You can just delete the .dev.lock file to enable swizzin updates.Terminology
MAINUSER
is the name of the main / first user that you create at swizzin install scriptSECONDUSER
is the name of another user (will create later in the guide)TORRENTCLIET
is the name of your preferred torrent client. You can use a different download app you just need to know the swizzin default save path / location / directory of that app.Actual Guide
Changing the default filebrowser path to
/home
First, on the swizzin web panel disable the filebrowser app (or use a service management command listed on the guide).
While ssh or other terminal access, log in as MAINUSER or
su - MAINUSER
to change your currently logged in user.Change your directory
cd $HOME/.config/Filebrowser
and usefilebrowser config set --root /home
. There might be a lot of terminal output relating to filebrowser which is okay.If you get a
timeout
error then you did not disable filebrower.Then re-enable and restart filebrowser in the swizzin web panel.
(thanks to swizzin discord user @ThermPro [US] for helping me find where to run the filebrowser command to change root path and having to disable filebrowser first)
Note: The default path for filebrowser is set in the swizzin install script for filebrowser
and I didn't want to direct edit the installer scripts as I wasn't trying to make my own branch of swizzin.
Making another user
Login back in as root or elevate to root with proper login settings with either
su -
orsudo -i
.Create a new user using
box adduser SECONDUSER
. Login to swizzin web panel as SECONDUSER, access the torrent client, and check the download path if its different from/home/SECONDUSER/torrents/TORRENTCLIENT
.SECONDUSER will not have a link to filebrowser in the web panel yet. That will be later in the guide.
Allowing MAINUSER to access SECONDUSER files AND future files
While logged in as root on your server, Add the MAINUSER to the SECONDUSER group by using
usermod -a -G SECONDUSER MAINUSER
. MAINUSER primary group will still be MAINUSER but will also now be in a secondary group of SECONDUSER. The SECONDUSER is not added to the MAINUSER group.We are adding to the group so that only MAINUSER as permissions to other user files and no other users.
Set the group permissions of your SECONDUSER torrent client download folder by
chmod g+rwx /home/SECONDUSER/torrents/TORRENTCLIENT
. If the folder isn't empty from any testing, use the-R
recursive flag.You can use
ls -l /home/SECONDUSER/torrents
to see the TORRENTCLIENT directory permissionsNote on permissions:
When using qbittorrent the permissions where rwxr-xr-x (user rwx, group rx, other rx) so the chmod should just be adding write permissions but from testing, filebrowser process running under MAINUSER needed execute permissions to just view the SECONDUSER home path (would get a 403 error). I don't have enough linux knowledge to understand why a process running under a user would need execute permissions to view a path since I would assume the process would have the read, write permissions inherited by the running user would do.
Since MAINUSER is in the SECONDUSER group, they now have permissions to access CURRENT files in the SECONDUSER home directory where their torrent client saves to.
Future files
For FUTURE files (like ones that SECONDUSER will download), use
setfacl -PRdm u::rwx,g::rwx,o::rx /home/SECONDUSER/torrents/TORRENTCLIENT
, great guide explaining setfacl I did not have to enable ACL on the filesystem, used a fresh install of Debian 11.Now any files or directories created by SECONDUSER created within
/home/SECONDUSER/torrents/TORRENTCLIENT
will inherit the (user rwx, group rwx, other rx) permissions that are by default from using qbittorrent as a example to base from.Setting up filebrowser second user and scope
Log into filebrowser using your MAINUSER account, go to Settings -> User Management -> New (to make a new user). Create a new user with the same login details as SECONDUSER. Set the scope to be
/SECONDUSER/torrents/TORRENTCLIENT
(You don't need /home since the current directory that filebrowser is in is /home.OPTIONAL: Set the MAINUSER scope to
/MAINUSER
so that the MAINUSER doesn't have to click into their folder when accessing filebrowser each time. But then you would have to reset the scope to/
if you wanted to view/edit SECONDUSER files.TESTING
In SECONDUSER torrent client download something with a folder structure OR set up a cateogory that saves to a subdirectory (ie in qbittorrent make a category called "TV" and save location "TV" which will save to
/home/SECONDUSER/torrents/TORRENTCLIENT/TV
, the main thing we are testing as well is new files and directories made by SECONDUSER.Then log into filebrowser as the SECONDUSER filebrowser user you made. To access you need to go to
https://IP/filebrowser/
as there is no link to filebrowser from the swizzin web panel yet. Confirm if you can view, edit, delete, download from file AND folders from the main download path (ie, like files with the "TV" directory that the TORRENTCLIENT created).Filebrowser link in Swizzin web panel for SECONDUSER
Use
nano /opt/swizzin/core/custom/profiles.py
and edit it to the following underfrom core.profiles import *
changing the MAINUSER name:Refer to custom panel app setting guide but
name
,pretty_name
, andbaseurl
are all from the default /opt/swizzin/core/profile.py that you don't want to edit.runas
sets which user to look for the process under to show the status light in panel page.multiuser
doesn't have documentation but I assumed that it allows the app to be shown on other user panel web page since looking at other panel settings its about showing the app in the panel not effecting the app itself.Use
sudo systemctl restart panel
to restart the web panel, wait a minute, login as SECONDUSER and confirm that there is a link to filebrowser.Remember there is only one instance / process of filebrowser that is running under MAINUSER.
Summary of what we did
/home
Beta Was this translation helpful? Give feedback.
All reactions