How to set Plex permissions on linux or NAS devices

9
8793
How to set Plex permissions on Linux / NAS devices
How to set Plex permissions on Linux / NAS devices

Problem / Outcome Summary

  • This how to guide will show you how to properly set up Linux file permissions for Plex Media Server
  • Please see the ‘Summary Overview’ tab below for a high level view of the objectives this ‘how to’ will achieve.

This guide applies to:

  • Any Linux distribution that stores files, which are connected to by Plex.  This may include:
    • Ubuntu, Sabayon, Redhat, SuSe Linux, Mint
    • QNAP NAS, Synology NAS, ReadyNAS

Why might I want to do this?

  • Because you get errors or missing items when scanning or updating your Plex Library
  • Because your files end up with different permissions than you intended
  • Because you’re security conscious and do not want your personal media to be deleted, read or copied by any unauthorised person
  • Because you have a NAS and have no idea how the permissions work on Linux
  • Because you are used to Windows and other ‘linux, unix or general *nix’ permissions are confusing

Foreword

To be clear, what are permissions and why do I care about them? 

You may not realise it, but all modern operating systems (such as Windows, Mac OS X and Linux) plus operating systems that run on NAS devices and even smartphones such as Android, Apple iPhone / iPad and Windows all have a permissions structure in order to protect data from unwanted access, errors and problems.  These problems can be as simple as accidental user file deletion of critical system files, a hacking attempt or indeed protecting your media from the fat fingers of family members causing you to have to work hard to restore from backups.  Plex is no different in that it accesses your data and therefore needs specific permissions from the operating system to do so.

A common problem I see around various forums on the internet is that many Plex customers don’t know how to set up their Linux based file permissions.  Often this comes about only because they notice their Plex media server Library can’t ‘see’ media on their storage.  Most commonly this happens with NAS devices, but can also come about when someone has custom built a Linux storage system such as FreeNAS or even on on of the many Linux Operating systems. Max OSX also uses very very similar file system attributes due to it’s roots coming from BSD.

What are the core items I need to know about?

*Nix based operating systems have a few core elements that work together with permissions that come into play in different scenarios.  For example, the mask command below set’s the default permissions for new files being copied into a share whereas the chmod command set’s the permissions for files that already exist in a share.  This is a common attribute often overlooked by those of us that came predominantly from the Windows camp.

Masks (the umask command)

On Unix ‘like’ operating systems (which include NAS devices), new files or directories are created with a default set of permissions.  A mask is a way of setting the permissions that would be applied by default (automatically) when new files are created in the applied locations.

Owner (the chown command)

The owner of the file describes to whom the relevant ‘mode’ (below) will apply.  The chown command set’s three ownership attributes which are Owner, Group and Everyone.

Mode (the chmod command)

The mode of a file or directory describes the type of access the system will allow the applicable owner (above) to have, for example read only.

How these attributes work together

Over on the implementation page, I’ll show you how to set and forget this, so that it works for Plex.  Before we do though, there’s one more point to note.  Some of these NAS appliances do have graphical tools that aim to do this in a simpler way.  You may be able to use those tools, but typically they do not have all the features and flexibility of the command line.  Also, sometimes the GUI on these NAS devices will not update to reflect the changes made through the command line.  This is not neccessarily something to worry about, but it is something to bare in mind.  The command line changes will still work and it is those I will predominantly focus on here.

How Plex requires permissions to be set

For official Plex servers, the server is set to run with the user ‘plex’ and the group ‘plex’.  This would include Ubuntu, Fedora, CentOS, FreeBSD and Mac OS X.  If you’re running a NAS your user may be different, but generally (such as with QNAP) these will still be assigned the user ‘plex’.  The one example I have heard of where it’s different is unraid.

Obviously in addition to this, you will require this ‘plex’ user account to have read/write/execute access to all of the files in your media locations as well.  Where this get’s complicated is when you realise that not only does plex have to write to these places, but also your windows / mac or linux computer that typically puts them there.  Furthermore, if you are not running Plex on your NAS directly there is yet another set of considerations.  Fear not, this guide explains them all.

Pre-Requisites

Software Dependencies

  • Any Linux / *nix based operating system which your files would be stored on
  • A linux based file system such as EXT4 or ReiserFS

Hardware Dependencies

Tools Required

  • SSH if you have a headless based Linux system such as a NAS

Other Dependencies

  • A working ethernet network

High Level Summary Steps

The below lists the high level summary of steps we’re about to take during this howto.

  • Apply correct permissions to your media files / set up basic accounts
  • Apply correct ‘default’ permissions to your media
  • Apply correct permissions to your share
  • Additional steps if your plex server is running on a different computer to your media storage

Implementation

Apply correct permissions to your media files / set up basic accounts

**Note follow these steps for where your media storage is located, if your server is separate, that is covered under the additional steps at the end)

Log in or SSH into your NAS / Linux system

ssh username@192.168.1.10

enter your password

Navigate to your folder / directory where you have stored your media to begin

Obtain your currently set Plex permissions

ls -lah (you’ll get something similar to the below)

drwxrwxrwx    2 username everyone      4.0k Dec 22 18:47 Pictures/
-rw-rw-rw-    1 admin    administ      5.0k Dec 18  2012 s100img001.jpg
-rw-rw-rw-    1 admin    administ      4.5k Dec 18  2012 s100img002.jpg
-rw-rw-rw-    1 admin    administ      4.9k Dec 18  2012 s100img003.jpg
-rw-rw-rw-    1 admin    administ      3.9k Dec 18  2012 s100img004.jpg
-rw-rw-rw-    1 admin    administ      5.5k Dec 18  2012 s100img005.jpg
-rw-rw-rw-    1 admin    administ    115.5k Dec 18  2012 s800img001.jpg
-rw-rw-rw-    1 admin    administ     96.9k Dec 18  2012 s800img002.jpg
-rw-rw-rw-    1 admin    administ    138.5k Dec 18  2012 s800img003.jpg
-rw-rw-rw-    1 admin    administ    116.1k Dec 18  2012 s800img004.jpg
-rw-rw-rw-    1 admin    administ    133.4k Dec 18  2012 s800img005.jpg

Note that the directory owner permission is different from the file permission owner.

Create multimedia group

$ sudo addgroup –gid 2000 multimedia

Some NAS devices, notably QNAP do not have the concept of sudo, in that case just log in as root).

(I have specified a group id in this command which is optional, however if you are running your Plex media server on Ubuntu Linux this will make life a lot easier due to differences in numbering between NAS and linux platforms).

Apply correct ownership to your media files

$ sudo chown -R admin.multimedia Pictures

Here I have left the owner attribute as ‘admin’, but added the group ‘multimedia’.  This way, we can put specific user accounts such as plex and your main desktop user, into that group in order to provide access.  This command translates to, “Make the owner ‘admin’, the group owner ‘multimedia’ and apply that to the folder ‘Pictures’.

Apply correct modes to your media files

$ sudo chmod -R 775 Pictures

$ sudo find Pictures -type f -exec chmod 770 ‘{}’ +

So firstly that means for all folders and files, ‘give read, write and execute  permission (mode) to the owner ‘admin’ and the group ‘multimedia’, but give no access to everyone else’ and apply to the folder ‘Pictures’

Secondly, reset just the files (not the directories) to 770.  This is done because directories need the execute bit set so that you can list their contents, especially when connecting with afp or smb.  Note that if you mess anything up with new files or otherwise, these are the commands that will get you back to safety.

Modify your user accounts to be members of the multimedia group

$ sudo usermod -a -G multimedia plex (see below additional steps if you don’t have a plex account)

$ sudo usermod -a -G multimedia yourusername

Apply correct ‘default’ permissions to your media

A number of options come in here, depending on how you’re connecting.  Personally, I recommend using Samba (smb) for desktop to storage protocol as it has more options than afp for setting this type of thing.

Edit your smb.conf file (located in /etc/smb.conf) on your storage device

Find the share that applies to your data which will be contained within square brackets e.g. below:

[Pictures]
comment =
path = /share/CACHEDEV1_DATA/Pictures
browsable = yes
oplocks = yes
ftp write only = no
recycle bin = yes
recycle bin administrators only = no
public = yes
invalid users = “guest”
read list =
write list = “root”,”admin”,”username”,@”Multimedia”
valid users = “root”,”admin”,”username”,@”Multimedia”
inherit permissions = no
smb encrypt = disabled
mangled names = yes
hosts allow =
force user = “admin”
force group = “Multimedia”
force create mode = 0770
force directory mode = 0775
create mask = 0770
directory mask = 0775

Apply correct permissions to your share

This guide doesn’t go over this specifically, yet it is essentially listed in the section directly above.  Simply adjust the write list and valid users lists to reflect your share.  Without this, the permissions will effectively be reduced to the limitation of those in the share as everything has to pass through the share.  So set the share to read/write and ensure your users have access (preferably through a group).

Note a group is denoted be prefixing that @ symbol as in the example above.

Additional steps if Plex is not running on the same machine as your media

One of the challenges if you’re connecting to your storage from other systems is that you must match the names and ID’s of groups and users accounts across those systems.  This can be quite a challenge when default user accounts and groups are created without matching ID’s.  Thankfully, linux has been around a long time and has the capability to change the group ID (gid) and the user id (uid).

Create matching multimedia group on your Plex server

On the storage / NAS computer, use the group number you set above (2000), or find the allocated group id number for ‘multimedia’.  Note this number.

$ cat /etc/group

multimedia:x:2000:admin,plex,yourusername

On the Plex server, create the matching group with a matching gid

$ sudo addgroup -g 2000 multimedia

Create missing plex account and add to multimedia group on the storage computer / NAS

If you’re not running plex on your storage machine or NAS, the storage / NAS won’t have a plex account by default.

On the other machine (the one running your Plex server), log in and find the plex user ID.

$ sudo id plex (in the response, note the uid number)

uid=118(plex) gid=100(everyone) groups=100(everyone)

On the media storage / NAS machine:

$ sudo useradd -G multimedia -u 118 plex (replace 118 with the number you found from the command ‘id’ above.

$ sudo usermod -a -G multimedia plex

Final Word

After stepping through all of this, you ‘should’ have a working set of permissions.  It’s a little bit tricky to get your head around it at first, however with a bit of patience you should get there with success.

If you have any issues or questions, hit me up in the comment section below, or in the forums.

Marshalleq