Hi everyone,
I’ve installed the Plex Media Server 1.12.0.4829 on my Asustor NAS. I realized that if i want to add media, the app has full access to the root folder, which also includes user home shares. Not only does that include reading, but also writing/deleting files.
I’ve read that on other NAS systems, there is a User “Plex” created, that can be granted permissions for specific shares. Even if i create a new share that is set to “deny access” for all users, Plex can still read and write in that share.
Am I doing something wrong or missing something? Anyone else got this problen? For security reasons I’m very concerned about an app with full R/W access on all shares…
So my main question is: why is there no user “plex” created on the Asustor NAS but on Synology?
I cannot speak to Asustor but can speak to QNAP, which also does not have a plex user.
On QNAP, there is no ability to launch an application as another username (plex). In Linux syntax, no su - plex command equivalent exists. Therefore, Plex must run as the root user. The Linux kernel always gives full access to all resources to root. This is how it’s written. If you perform a directory listing you can see the user ID of root is 0. Linux is written in C. The test to see if a user has permission becomes clean to implement. Please consider this pseudo code
This C function returns TRUE (1) if the user (UID specified) has permission, FALSE (0) otherwise
int HasPermission(Pathname,UID)
{
// Quick and early return if root (always results in true/allowed)
if ( ! UID) return TRUE; // The userid = 0 (root) access granted
// now perform all other user-access permission checks here
..
..
..
return FALSE; // default to no permission
}
On Synology, in order to protect your files as much as possible, we’ve taken advantage of the su - plex capability. This allows you to protect your files from accidental deletion or modification by PMS. Conversely, it’s why you must remember to grant Plex permission to write to specific areas (like a DVR capture area).
Thank you for your answer.
I figured out that there is su on Asustor and created a user plex. If i run the start-stop.sh shell script of the Plex Media Server over SSH with the su - plex command, the server is started as user plex.
So far so good, but the server only starts when the user plex is a member of the administrator group. For testing, I set up a new group plex and granted the user full access to all shares, but I assume the problem is about system folder access. I’m not very familiar with Linux based systems so I’m not really sure what or where to look for. The FAQs I found so far are mostly about Plex folder permissions for media shares.
Basically I think it would be possible to run Plex on Asustor the same way it is running on Synology…,?
Here’s what Synology’s start looks like:
- It comes in as
root (full privilege)
- It has already collected/found where everything is
- It passes the required environment variables to user
plex as it launches
start_plex ()
{
PLEX_PATH=$(/usr/syno/sbin/synoshare --get Plex | grep Path | awk -F[ '{print $2}' | awk -F] '{print $1}')
su plex -s /bin/sh -c "export LC_ALL=en_US.utf8;export LANG=en_US.utf8;export LD_LIBRARY_PATH='$PLEX_DIR';export PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS=$PROCS; export PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR='$PLEX_LIBRARY_PATH';export TMPDIR=$PLEX_PATH/tmp_transcoding;ulimit -s 3000;sleep 3;/var/packages/Plex\ Media\ Server/target/Plex\ Media\ Server &"
On your ASUSTOR, you have this:
do_start() {
check_asdir()
ulimit -s $PLEX_MEDIA_SERVER_MAX_STACK_SIZE
(cd $PLEX_MEDIA_SERVER_ROOT ; sleep 3 ; ./Plex\ Media\ Server &)
return 0
}
PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR and other variables are set in the check_asdir() function.
If you feel up to working through that, it would be a great project.
That said, If there is enough interest, with working solution in hand, I’ll write it up and submit. It won’t be the first time the community has presented a request to engineering with the working code already in hand!
