@ChuckPa you mentioned in your Linux tips and tricks guide that you need to create the plex username on the Syno. Are you assuming that we are using Kerberos idmapd here? For my use case, I have my Syno NFS export set to squah map all users to admin and even though I have the plex account on my Syno it practically does nothing because it has a different UID than the plex user on my Linux machine (NFS client).
I recently installed Plex Media Server on a PC running Ubuntu 20.04. Media resides on a Synology DS918+ running DSM 7.0.1.
I ended up doing two things: a) configuring the DS918+ to use NFS v3; and b) changing the Plex uid/gid on Ubuntu to match that on the Synology.
Note: While searching for info online, I ran across many posts where people simply squashed all users to admin. The basic reasoning was “I’d never do this at work, but this is my system at home, so it is OK.” I also ran across several posts where people used SMB instead of NFS.
NFS v3 vs v4 on Synology
From what I could find, NFS v4 on Synology uses Kerberos for permissions, so you do not need to align UIDs/GIDs. However, I never did find where anyone successfully deployed such a configuration. I never tried it myself. It seemed like overkill for a home installation and as mentioned, I could not find a working example.
NFS v3 uses UID/GID. I configured the Synology for NFS v3 (Control Panel → File Services → NFS). Changing the mount options in /etc/fstab on the Ubuntu system to use NFS v3 might work as well, but I did not try it.
Matching UIDs/GIDs
Modify appropriately for the UID/GID on your systems.
Note: I run Plex on my DS918+. I mapped the UID/GID for plex on the Ubuntu system to match that for PlexMediaServer on the Synology since PlexMediaServer already had the necessary permissions.
- SSH to the Synology. Find the UID/GID for Plex.
$ id PlexMediaServer
uid=297536(PlexMediaServer) gid=297536(PlexMediaServer) groups=297536(PlexMediaServer),937(videodriver)
- Find plex UID/GID on Ubuntu system
$ id plex
uid=998(plex) gid=998(plex) groups=998(plex),44(video),109(render)
-
Stop Plex Media Server if running
sudo systemctl stop plexmediaserver -
Change UID/GID.
sudo usermod --uid 297536 plex
sudo groupmod -g 297536 plex
-
Update Plex data library
sudo chown -R plex:plex /var/lib/plexmediaserver -
Proceed with rest of installation/configuration.
Note regarding /etc/fstab
I ran into a problem where on startup, the system would try to mount the NFS filesystem before the network was ready, and the mounts would fail. Adding _netdev tells the system to wait until the network is ready before attempting to mount the filesystem.
192.168.1.50:/volume1/media /nas/syno/media nfs _netdev,auto,defaults,nofail 0 0
I suggest adding the regular user plex on the syno for one purpose:
- You have control over what is seen by Plex from your shared folders, as well as what privilege it has, in the event you make a mistake.
You can grant user plex (lower case) , group users, permission to Read-only the media.
Now you can mount the media from the Syno (nfs) without worrying or changing the native installation on Linux
How this works:
From Linux, user plex makes the NFS request. NFS on the Syno sees user plex requesting the media. It checks the shared folder permissions and you’re golden.
I’ve chatted with FordGuy.
Now that I understand his technique, both will work but his is actually a little slicker in that Ubuntu is made to match UID/GID the PMS on the Syno so you end up with one set of permissions for both servers… I had forgotten that trick.
Your research results are pretty similar to mine. As long as the UID/GID of the users in question on both the PMS and Syno are the same, then everything will work as expected.
And yes, I do have _netdev in my NFS mount too.
Thanks for the detailed instructions, btw
Yes, that’s exactly what the purpose of this thread is. Without the matching ID’s, you end up with mismatching permissions.
I understand the whole purpose of your guide, to limit the access of the plex user to read-only on the Syno but without the matching id’s, you would need to enable squash (map all users to admin) which is what I do but is really not best practice. I know this is just for home use, but I still wanted to do it the right way.
For reference:
Folks,
UID/GID mapping is one technique.
name matching is the default but a bit slower (microseconds slower for the conversion from name → UID)
When you use nfs mount option sec=sys and have matching UID/GID, you get the added benefit of the same text “Username” being shown on both hosts.
This works really well when you’re writing to the NAS with a UID/GID and that UID/GID matches on the NAS. All the names come out nice / match.
I see. But what happens if the UID/GID doesn’t match? And can you confirm that the things we’re discussing are only applicable when squash is not used (disabled)?
If you don’t have matching UID/GID –
-
Reading - you grant permission by name and have the NFS server pay the extra cost of name conversion.
-
Writing - You could have a mix of unknown UID/GIDs written to the server OR permission denied unless
sec=sysis applied.
I see what you’re saying.
I think in Debian the default is sec=sys. Can the Syno also do name matching when the client is writing to the NFS mount?
I checked under DSM 7 . It no longer does local preservation because the default now is SEC=SYS
This is confirmed by the Syno UID = 1026 and my Ubuntu UID = 1000
[chuck@lizum tv.2052]$ touch /mnt/syno/chuck-test
[chuck@lizum tv.2053]$ ls -la /mnt/syno/chuck-test
-rw-r--r-- 1 chuck chuck 0 Apr 11 21:00 /mnt/syno/chuck-test
[chuck@lizum tv.2054]$ ls -la /mnt/syno
total 20
drwxrwxrwx 5 1026 users 4096 Apr 11 21:00 ./
drwxr-xr-x 4 root root 28 Apr 11 20:57 ../
-rw-r--r-- 1 chuck chuck 0 Apr 11 21:00 chuck-test
drwxrwxrwx 2 1026 users 4096 Apr 10 15:49 NAS/
-rw-rw-rw- 1 1026 users 1935 May 15 2021 Panasonic Viera 3D TV.xml
-rwxr-xr-x 1 1026 users 1759 Jun 28 2021 repairdb.sh*
drwxrwxrwx 10 1026 users 4096 Jan 4 05:21 synoscheduler/
[chuck@lizum tv.2055]$ ll -n /mnt/syno
total 20
drwxrwxrwx 5 1026 100 4096 Apr 11 21:00 ./
drwxr-xr-x 4 0 0 28 Apr 11 20:57 ../
-rw-r--r-- 1 1000 1000 0 Apr 11 21:00 chuck-test
drwxrwxrwx 2 1026 100 4096 Apr 10 15:49 NAS/
-rw-rw-rw- 1 1026 100 1935 May 15 2021 Panasonic Viera 3D TV.xml
-rwxr-xr-x 1 1026 100 1759 Jun 28 2021 repairdb.sh*
drwxrwxrwx 10 1026 100 4096 Jan 4 05:21 synoscheduler/
[chuck@lizum tv.2056]$
You have the choice: Edit /etc/passwd in the Syno or Ubuntu/Debian.
(which is an old hack but guaranteed to work)
Right, so name matching is no longer working, that sucks. I thought the sec=sys option is only significant on the NFS client when mounting the NFS share. Did this use to work before DSM 7? I guess there’s no way to enable name matching again, right?
It used to work on Syno but not any more.
I have a QNAP too. I don’t need to UID-match for that to work.
What this is showing is how limited the NFS server in DSM has become.
Ok, I just did the id’s matching and it worked as expected!
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
