Server Version#: 1.18.6.2368-97add474d
Player Version#:
Hi!
My Plex Server on a Ds918+ was not responding anymore, so I turned to plex.tv for advice. It said I should check for the newest version, so I downloaded the above version from plex.tv and installed it manually, without deinstalling the previous. Did not help, so I restarted the DS918 and voila, the server was back. BUT it didn’t find my movies, only showed them in the library. It also found my /video share, but not /video/movies where my movies are actually stored. I found out this is a permissions issue, and checked the permissions in the GUI for the plex user (they were r/w for /video). Additionally I went to the file station and set the owner of /video/movies to admin and the group to users (the plex user is in the groups video and users), and set the permissions to rwxrwxrwx including the subfolders.
I checked the permissions via ssh, they are just as I set them via the GUI.
none of this helped. Only when I put the plex user in the admin group I can use my library as usual!
I tried to change the owner of /video, but thats not possible in file station, only /video/movies lets me do that. Why is that and might that be the Problem? Is it because /video is a Folder that was created by synology?
I understand that plex changed the requirement for the plex user to be an admin a while ago, which is why you had to change permissions for plex. I did all that, why isn’t it working…?
The only thing I maintain is the Plex share itself. It is for exclusive use with PMS data. Media doesn’t go in there.
What do you mean by “Only works as ‘admin’” ? If you had to put it back as it was because you didn’t apply the share permission changes then I suggest you revert to non-privileged and allow the DSM mechanisms to work as intended.
I mean I have to make the plex user an admin to make it work, which is basically the old way plex did it before the changes in the article you mentioned. But now, with the new version, I should be able to make plex a standard user und give it r/w permissions (or even just read permission) for the media folder and r/w permission for the plex folder. But it just won‘t work, even if i make plex the owner of the media folder.
What did I miss?
You don’t need to. If you do then something else is wrong.
May I have the Log files which capture it not working?
May I also see screenshots of the share Permissions (Control Panel - Shared Folders - Permissions tab)
And may I see any custom permissions you’ve applied through File Station?
I also need to ask if you have applied custom permissions to your media using File Station or if you used the Synology Control Panel -> Shared Folders to control access?
Under normal Linux, and depending on the distribution, extra manual permissions are required.
On Synology, however, they are not. In all cases, once folders are manually set, a never ending need to manually set them is created. The only remedy is to revert all permission management back to Synology’s control which they are quite ‘insistent’ on as you’re finding out.
I will post again in a few moments after I verify the procedure to revert permissions still works with current DSM
Add all the appropriate users and user plex to the allowed users list.
Check the “Apply to this folder, sub-folders, and files” box.
DSM has special ACL kernel code to handle 000. This is indicated by the + in the directory listing out.
sh-4.3# ls -la
total 36
d---------+ 8 root root 4096 Feb 11 14:48 .
drwxr-xr-x 37 root root 4096 Jan 21 19:21 ..
d---------+ 2 root root 4096 Dec 12 19:56 Abominable (2019)
d---------+ 2 root root 4096 Feb 8 2018 Aladdin (1992)
d---------+ 2 root root 4096 Dec 12 17:43 Alvin and the Chipmunks (2007)
d---------+ 2 root root 4096 Sep 16 2017 Atlantis The Lost Empire (2001)
drwxrwxrwx+ 3 root root 4096 Dec 31 13:27 @eaDir
d---------+ 2 root root 4096 Jun 1 2019 #recycle
sh-4.3#
Now “Scan Files” to verify PMS still sees everything correctly.
Every other Synology local user (apps / containers) listed in the permissions tab will also have the designated access.
My Plex Media is in a subfolder of the „Video“ share, maybe that is the problem. „Video“, „Audio“ and „Photo“ shares are „preinstalled“ by Synology, and have a different permissions tab than the other shares, missing the „apply to subfolders“ box. All the other shares look exactly like your screenshot.
Should I move all my media to a different share?
Despite getring errors after executing the command, plex now does no longer play any file, even when it is in the admin group.
I know why the command did not work, had to use the sudo -1 command to get root rights first. I tried again and now I got no error messages. But when I open the permissions tab it shows the same permissions as before.
Ah, now I tried chmod 755, now it works, even if plex is not admin. But that is not how you wrote it. could it be you meant chmod 777 instead of 000? And then all the permissions are set in the synology system?
I have just seen that the + is missing at some of my shares, for instance the /video share. So the acl does not work. Is there a possibility to get the + back?
First, the predefined /video share from Synology has been problematic since Plex was first ported . Their Video Station product always has conflicted.
I’m also seeing problems with ACLs on other packages (like transmission).
Something has changed with these last few updates of DSM regarding security.
I’m working today & tomorrow (now that TMDB is resolved) on seeing if I can create a script which will restore valid ACLs on those files & directories which were put into “Linux mode” (as reported by synoacltool)
Ok, so I should just not use the /video share. Btw, by setting it to 775, it does not matter anymore what i set in DSM permissions, Plex plays anything even if it doesn‘t have any rights in DSM. Only the file station respects the settings in DSM if the permissions are not 000 with the +
Setting to 755 / 644 is “linux mode” and does completely bypass ACLs.
The only problem with this is that most don’t want to work in the shell all the time to maintain them.
I have two options, both of which I’m working on now using my test system.
To restore those ACLs to your username and allow Plex
To setup inheritance (setgid bit) maintenance which will bypass ACLs permanently.
If I can make both of these easily implementable then everyone will be able to choose whichever method works best for them.
Ready to try this out on one of your media shares? It looks ok for me.
I, as the owner, will have “Custom” permissions after this is done which is expected.
Everyone will have ACL-granted R-O.
Please change and quote the shared folder paths in the main for loop.
sh-4.3# cat /volume2/ResetACLs
#
# This script will reset and assert permissions in the each of the listed directories
# in this "for" loop. DO NOT assert permissions on any Synology/system-reserved folders. This could render your data inaccessible.
# Which shares are we going to work on
for D in "/volume1/Animated" #"/volume2/movies"
do
# Revoke all previous permissions to a sane value
find "$D" -type d -exec chmod 755 {} \;
find "$D" -type f -exec chmod 644 {} \;
# Now assert Synology ACLs so the current file owner has control
find "$D" -type d -exec synoacltool -add {} 'owner:*:allow:rwxpdDaAaRWcCo:fd--' \;
# Grant Read-only to everyone else
find "$D" -type d -exec synoacltool -add {} 'everyone:*:allow:r-x------R-c-o:fd--' \;
done
sh-4.3#
