Community Announcement - Synology users - Security update.
Server Version#: Plex Media Server 1.15.4.994 and above
By popular customer request and to improve the safety of your media, we’ve made a small but visible change to what PMS can do on your NAS by itself.
We have removed user plex from the administrators group. This was a holdover from DSM 5.2 when it was required for PMS to run properly on the NAS.
Now, with DSM 6 and above, this is no longer required.
By doing so we’ve lowered Plex’s privilege level back to that of any normal username on your Synology. You, as administrator (admin user), are in full control over those share(s) PMS can access and, consequently, must grant all access permissions to your media via the Control Panel (Shared Folders) app.
The benefits are:
- User plex is a normal user, just like any other user account you create in DSM. No special privileges of any kind with exception of being a member of the video group so it can still access Hardware Accelerated Transcoding on those Synology models which support it.
- Your media now has an extra layer of protection from accidental deletion / modification.
The repercussions of this change are:
- Plex will no longer be an administrator. While it never actively used that capability, it had the privilege.
- Any share which previously had access through the admin/administrators connection, need to have correct permissions assigned. Your media in those shares is Unavailable until you grant permission again.
- Those customers who unwittingly did make use of this privilege level, now find themselves with “Permission Denied” errors or see Unavailable as well as the inability to access their media shares in Plex (DVR, etc)
What you need to do:
-
Open Control Panel
-
Click Shared Folders
-
Do the following for each of your media shares
- Highlight one media share
- Click Edit
- Click the Permissions tab
- Check the box for Plex and give it access to the share at whatever level you like.
- Save the changes.
- Now repeat the above sequence for each of your media shares in use by Plex.
- Upon completion, restarting Plex makes certain it sees everything correctly and no secondary issues exist.
- After upgrading PMS to this version, Restart your Synology NAS when complete. This allows DSM to reset user Plex where it belongs. Before restarting, you can edit the permissions (as shown above) so Plex starts cleanly at reboot.
To explain the permissions needed depending on how you use Plex:
R/W (read/write) lets PMS (DVR and media optimisation) write into your media folders.
R/O (read only), only lets Plex read your media. This is the safest and best practice.
When you install PMS 1.15.4.994, you should see this image for each of your media shares. Plex has no permission to the share.
Setting Read-Only is the safest practice.
PS: I apologize for the update having been released before this announcement and any inconveniences it may have caused.