Sam Stelfox

Thoughts from a software engineer, systems hacker and Linux gubernāre.

Transmission Daemon

Configuration

First install the transmission-daemon like so:

[[email protected] ~]# yum install transmission-daemon -y

The init script that comes with transmission-daemon uses the utility which which is not in the minimal install. As such you'll need to edit the init file to point at the binary as it should be doing in the first place. Find the following line:

DAEMON=$(which $NAME)

Replace it with:

DAEMON=/usr/bin/transmission-daemon

Open up /etc/sysconfig/transmission-daemon. We're going to make a few changes here. First off the defaults listed in this file are not actually the defaults that the transmission-daemon will start up with. I don't like ambiguity so we're going to replace them with the real values.

The tranmission-daemon runs as user "tranmission" and it's home directory is /var/lib/transmission. We want to prefer encryption whenever it is available.

I don't like defining configuration information through the service startup unless they don't have an equivalent setting (encryption preferred - you can turn encryption support on in the config but not the 'prefer' part) so we get rid of the blacklist setting.

With those changes the file should look like the following:

TRANSMISSION_HOME=/var/lib/transmission
DAEMON_USER="transmission"
DAEMON_ARGS="-ep -g $TRANSMISSION_HOME/.config/transmission-daemon"

The install doesn't set up a default configuration, so we need to quickly start and stop the daemon so one is generated for us to edit like so:

[[email protected] ~]# service transmission-daemon start
Starting transmission-daemon (via systemctl):              [  OK  ]
[[email protected] ~]# service transmission-daemon stop
Stopping transmission-daemon (via systemctl):              [  OK  ]

Alright now that we have a config lets open it up and make some changes, it can be found at /var/lib/transmission/.config/transmission-daemon/settings.json.

Provided below is my configuration file AFTER I've made changes to the defaults.

Note to self: This isn't cleaned up and is not fit for public consumption. The only change that has been made is the removal of the contents of rpc-password hash.

After entering a password into the rpc-password field, start and stop the service again to have it in hashed form. Also note that I've picked a random but static port in this case 37288. Make sure that it is allowed through the firewall and forwarded.

{
  "alt-speed-down": 200, 
  "alt-speed-enabled": false, 
  "alt-speed-time-begin": 540, 
  "alt-speed-time-day": 127, 
  "alt-speed-time-enabled": false, 
  "alt-speed-time-end": 1020, 
  "alt-speed-up": 200, 
  "bind-address-ipv4": "0.0.0.0",
  "bind-address-ipv6": "::", 
  "blocklist-enabled": true, 
  "blocklist-url": "http://list.iblocklist.com/?list=bt_level1&fileformat=p2p&archiveformat=gz", 
  "cache-size-mb": 10, 
  "dht-enabled": true, 
  "download-dir": "/media/storage/Torrents/Downloads/", 
  "encryption": 1, 
  "idle-seeding-limit": 30, 
  "idle-seeding-limit-enabled": false, 
  "incomplete-dir": "/media/storage/Torrents/Incomplete", 
  "incomplete-dir-enabled": true, 
  "lazy-bitfield-enabled": true, 
  "lpd-enabled": false, 
  "message-level": 2, 
  "open-file-limit": 32, 
  "peer-congestion-algorithm": "", 
  "peer-limit-global": 240, 
  "peer-limit-per-torrent": 60, 
  "peer-port": 37288, 
  "peer-port-random-high": 65535, 
  "peer-port-random-low": 49152, 
  "peer-port-random-on-start": false, 
  "peer-socket-tos": "default", 
  "pex-enabled": true, 
  "port-forwarding-enabled": true, 
  "preallocation": 0, 
  "prefetch-enabled": 1, 
  "ratio-limit": 15, 
  "ratio-limit-enabled": false, 
  "rename-partial-files": true, 
  "rpc-authentication-required": true, 
  "rpc-bind-address": "10.13.37.52", 
  "rpc-enabled": true, 
  "rpc-password": "", 
  "rpc-port": 9091, 
  "rpc-url": "/transmission/", 
  "rpc-username": "torrentadmin", 
  "rpc-whitelist": "127.0.0.1,10.13.37.*", 
  "rpc-whitelist-enabled": true, 
  "script-torrent-done-enabled": true,
  "script-torrent-done-filename": "/var/lib/transmission/.config/transmission-daemon/torrent-completed.sh",
  "speed-limit-down": 100, 
  "speed-limit-down-enabled": false, 
  "speed-limit-up": 100, 
  "speed-limit-up-enabled": false, 
  "start-added-torrents": true, 
  "trash-original-torrent-files": true, 
  "umask": 18, 
  "upload-slots-per-torrent": 14,
  "watch-dir": "/media/storage/Dropbox/TorrentDrop",
  "watch-dir-enabled": true
}

With the config above I've configured it too run a script /var/lib/transmission/.config/transmission-daemon/torrent-completed.sh whenever a torrent finishes downloading. This file needs to at least exist and be executable if you don't turn it off above. You can do this with the following commands:

[[email protected] ~]# touch /var/lib/transmission/.config/transmission-daemon/torrent-completed.sh
[[email protected] ~]# chmod +x /var/lib/transmission/.config/transmission-daemon/torrent-completed.sh

I've personally set it up to email me whenever a torrent completes by putting the following script in that file:

#!/bin/bash

# Transmission populates the following variables for use in the script:
# TR_APP_VERSION
# TR_TIME_LOCALTIME
# TR_TORRENT_DIR
# TR_TORRENT_HASH
# TR_TORRENT_ID
# TR_TORRENT_NAME

# Setup the message to be sent
[email protected]
SUBJECT="Torrent Completed"
FROM_ADDR="[email protected]"
BODY="Transmission finished downloading \"$TR_TORRENT_NAME\" on $TR_TIME_LOCALTIME"

# Send the email
echo $BODY | mailx -s "$SUBJECT" -r "$FROM_ADDR" $TO_ADDR

Alright now this part is strange. If for some reason transmission doesn't close properly or some other funniness happens, it DELETES it's config file and resets it back to the defaults. To prevent this we're going to remove tranmissions ability to change it's config file. The catch with this is that it starts up with root privileges and will just rewrite the config file with read/write permissions so you need to make the file immutable like so:

[[email protected] ~]# chattr +i /var/lib/transmission/.config/transmission-daemon/settings.json

Ensure that transmission's group has write privileges over it's Download, Incomplete, and TorrentDrop directory.

Now lets start it up for real and make sure it starts up correctly on boot:

[[email protected] ~]# chkconfig transmission-daemon on
[[email protected] ~]# service transmission-daemon start

You can then use the utility transmission-remote to check on the status of transmission like so:

[[email protected] ~]# transmission-remote transmission-server.example.com -l
ID     Done       Have  ETA           Up    Down  Ratio  Status       Name
Sum:           Unknown               0.0     0.0

Making Torrents from the Command Line

First you need to install the utility "mktorrent" like so:

[[email protected] ~]# yum install mktorrent -y

I use a private tracker so these instructions are going to be specific for them.

First things first we're going to figure out the best size for the pieces in the torrent. Generally I default to 512Kb (219), if the torrent is around the size of a DVD I'll increase the size of the pieces to 1Mb (220). Anything larger than that probably doesn't belong in a single torrent. We need to know this as the exponent is one of the flags passed (specifically -l) so for my default I'll use the flag "-l 19".

Since I use a private tracker I need to set the private flag (-p). You should really give the torrent a meaningful name with the "-n" flag. Additionally a comment on the torrent is usually welcome with "-c".

With my current private tracker when creating a torrent you get a unique tracker link that looks something like http://tracker.<site>.org:34000/<Your private 32 character ID string>/announce, so you need to get that before you can finish setting up the torrent. Pass it as an option to the "-a" flag

Make sure all the files you want in the torrent are in the same directory (we're going to use /media/example/MySpecialTorrent/) in this example:

[[email protected] ~]# mktorrent -l 19 -p -n "My Special Torrent" -c "A very special torrent that I'm using as an example" \
> -a "<tracker address>" \
> /media/example/MySpecialTorrent/*
mktorrent 1.0 (c) 2007, 2009 Emil Renner Berthing

Hashed 40 of 40 pieces.
Writing metainfo file... done.

You will then have a .torrent file in your current directory named after what you gave mktorrent with the -n flag.

Security Notes

Firewall Adjustments

# Allow other torrenter's to connect to us
-A SERVICE -m tcp -p tcp --dport 37288 -j ACCEPT
# Allow local access to the web interface
-A SERVICE -s 10.13.37.0/24 -m tcp -p tcp --dport 9091 -j ACCEPT