NzbDrone falsely claiming a lack of permissions when permission is given to group rather than user

I’m trying to switch an existing system over from Sickbeard and I’m running in to claimed issues with permissions that as far as I can tell are bogus.

I’m on an Ubuntu 12.04 LTS system, fully up-to-date with Mono from the PPA as instructed in the install docs.

I currently have a group “media” which owns my everything in my media folder, /mnt/media. The subfolders are all set with 775 permissions (r/w to user and group that own, r/o to others). Files contained within are likewise set to 664 (same effective thing, folders require the execute bit to be listable but no media files should ever be executable as far as the server’s concerned). SABnzbd, Sickbeard, CouchPotato, NzbDrone, etc. are all given their own user which is a member of the group “media”.

Unfortunately NzbDrone doesn’t seem to be happy with this configuration. When trying a test download just now, I get the following every minute now that SAB has completed the transfer:

Couldn't import episode /mnt/media/Unsorted/TV/Breaking.Bad.S04E12.1080p.BluRay.x264-HD4U/breaking.bad.s04e12.080p.bluray.x264-hd4u.mkv: Access to the path is denied.

System.UnauthorizedAccessException: Access to the path is denied.
  at System.IO.File.Move (System.String sourceFileName, System.String destFileName) [0x00000] in <filename unknown>:0 
  at NzbDrone.Common.Disk.DiskProviderBase.MoveFile (System.String source, System.String destination) [0x00000] in <filename unknown>:0 
  at NzbDrone.Core.MediaFiles.EpisodeFileMovingService.MoveFile (NzbDrone.Core.MediaFiles.EpisodeFile episodeFile, NzbDrone.Core.Tv.Series series, System.Collections.Generic.List`1 episodes, System.String destinationFilename) [0x00000] in <filename unknown>:0 
  at NzbDrone.Core.MediaFiles.EpisodeFileMovingService.MoveEpisodeFile (NzbDrone.Core.MediaFiles.EpisodeFile episodeFile, NzbDrone.Core.Parser.Model.LocalEpisode localEpisode) [0x00000] in <filename unknown>:0 
  at NzbDrone.Core.MediaFiles.UpgradeMediaFileService.UpgradeEpisodeFile (NzbDrone.Core.MediaFiles.EpisodeFile episodeFile, NzbDrone.Core.Parser.Model.LocalEpisode localEpisode) [0x00000] in <filename unknown>:0 
  at NzbDrone.Core.MediaFiles.EpisodeImport.ImportApprovedEpisodes.Import (System.Collections.Generic.List`1 decisions, Boolean newDownload) [0x00000] in <filename unknown>:0

And to prove the permissions are sane, here’s the relevant user->group assignments:

wolrah@GLaDOS:/mnt/media/Videos/TV Shows$ getent passwd | grep nzbdrone
nzbdrone:x:133:116::/opt/NzbDrone/:/bin/false
wolrah@GLaDOS:/mnt/media/Videos/TV Shows$ getent group | grep nzbdrone
media:x:116:wolrah,laz,nullvalue,www-data,nzbdrone

As you can see nzbdrone is in the media group as its primary group and also explicitly.

here’s the source (SAB download directory):

wolrah@GLaDOS:/mnt/media/Unsorted/TV$ ls -ltr
total 8076496
<snip...>
drwxrwxr-x 1 sabnzbd  media        380 Mar 30 13:42 Breaking.Bad.S04E12.1080p.BluRay.x264-HD4U
wolrah@GLaDOS:/mnt/media/Unsorted/TV$ cd Breaking.Bad.S04E12.1080p.BluRay.x264-HD4U/
wolrah@GLaDOS:/mnt/media/Unsorted/TV/Breaking.Bad.S04E12.1080p.BluRay.x264-HD4U$ ls -ltr
total 3499676
-rw-rw-r-- 1 sabnzbd media 3518184098 May 21  2012 breaking.bad.s04e12.080p.bluray.x264-hd4u.mkv
-rw-rw-r-- 1 sabnzbd media       4717 Mar 30 13:42 breaking.bad.s04e12.1080p.bluray.x264-hd4u.nfo
-rw-rw-r-- 1 sabnzbd media   65466785 Mar 30 13:42 breaking.bad.s04e12.1080p.bluray.x264-hd4u.sample.mkv
-rw-rw-r-- 1 sabnzbd media       4047 Mar 30 13:42 breaking.bad.s04e12.1080p.bluray.x264-hd4u.sfv

and the destination:

wolrah@GLaDOS:/mnt/media/Videos/TV Shows$ ls -l | grep Breaking
drwxrwxr-x 1 nzbdrone media  1692 Mar 30 13:43 Breaking Bad

The destination is even owned by nzbdrone because I was messing with things and it’s still not happy with this.

It has full permissions as far as Linux is concerned to operate on these files, but it doesn’t want to because they’re not owned by its user.

If I change ownership on the folder to the nzbdrone user, it immediately processes the files as desired. This isn’t useful, however, as files downloaded through SABnzbd will always be owned by SAB’s user.

It’s getting all the way to the move within mono and then failing there, so it’s either failing during a check there (not sure if there even is one), or the move itself is failing.

I don’t have the experience to troubleshoot the permissions, but there are several users here that are running everything in a similar fashion.

Welp, I feel dumb.

The Upstart script had a “setgid nogroup” call a few lines below the “setuid” line which I didn’t notice, and that overrode the default group and my explicit “setgid media” placed directly below the “setuid” line.

Remove the extraneous setgid line and all seems well.