Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Worried about permissions after setting everything up as root user + general best practices

Featured Replies

Hey there!

 

I'm rather new to unRAID, got started about 2 months ago and just realized I've potentially made a mistake.

Unfortunately I'm a complete noob on networking stuff so please go easy on me. :)

 

So, well, right from the get go, I set everything up using the root user account - now I'm unsure whether this is good practice and if it potentially caused the ownership of some files/folders to be root, when it isn't necessary.

At this point I'm pretty deep into my setup so I hope in case there's unwanted permissions or anything similar, it's not too much of a pain to fix.

To start off, I've got TELNET and FTP disabled, with only SSH left enabled.
All my shares SMB status shows "-", but they are set to public (with export disabled).
I only use Tailscale to connect from the outside. Friends/family should only have access to the ports of Homarr/Jellyfin/Jellyseerr/Open WebUI using Tailscale's ACLs.
There's no forwarded ports on my router - the only forwarding I use is qBit's automated port forwarding through ProtonVPN, using the container by hotio.

I've checked if any of my containers run as privileged and disabled the setting on those (Notifiarr and vm_custom_icons).

Now what I did notice however, is that the ownership of various files & folders is set to root all over my system, and I'm wondering if this could somehow be a threat. I am also wondering if setting my containers/shares/folders up while using the root user gave them some sort of permissions they shouldn't have which could potentially be abused.

At this point I'm a bit spooked to change permissions, since I don't want to break any of the containers functionality - and frankly I don't even know if anything is wrong in the first place. :x 

Running htop and seeing random container names as root doesn't exactly spark confidence.


Shares:
appdata
data (containing separate media and torrents folders - structure following TRaSH guides)
domains
immich (share dedicated to immich)
isos
system

Containers:
autobrr
bazarr
cross-seed
homarr
immich
Jellyfin
jellyseerr (3x instances)
MySpeed
Notifiarr
open-webui
PostgreSQL_Immich
prowlarr
qbittorrent
qbit_manage
radarr (2x instances)
sonarr (3x instances)
thelounge
umlautadaptarr
unpackerr
vm_custom_icons

Not sure if this information is useful, but I'd appreciate any guidance I can get!

Edited by Limit385

Only root has access to the webUI and command line. Other users only have network access to shares. root is effectively a 'guest' user when accessing network shares.

 

Unless you are working at the command line, shares should already have the correct owner and permissions.

 

Take a look at Tools - New Perms. That will show you how things should be and will let you fix everything to allow normal network access to shares. Don't do New Perms on appdata, let the containers manage their own permissions.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.