I am running Plex in a Docker container, and have a media library with access granted to the group “share”. Any service that needs to access the media library runs under a user that has “share” as a supplementary group. This includes the user for the plex service.
The directories needed by Plex on the host system are located in /home/plex and I would like to have them owned by plex:plex, 770 unless absolutely necessary. I’ve mapped the container user to plex using PLEX_UID and PLEX_GID, and this worked fine until I went to set up the libraries and got permission denied.
I had mistakenly assumed that the plex user would have access since they are added to the “share” group on my host, but of course it’s the INTERNAL user who’s permission matter, and I don’t have a way to map the additional groups as far as I can tell.
So my workaround for now is to set PLEX_GID to the gid of share, and have everything in the ~/.config/plex directory owned by plex:share. It’s not a big issue but I don’t love the idea that anyone in the share group (which includes a few other users) can now access the Plex config directory. The host plex user already has all the permissions they need, I just can’t map ALL of them to the container user.
Docker supports this via the group_add directive, but it needs to be supported in the image as well to come into effect.
