October 7, 20178 yr OK, I tried searching for the last hour or so and can't get the answers... Are there cons to running PMS, radarr, sonarr, nzbget, etc. all with nobody user? Also, every dir within /mnt/ has nobody as the user. I guess I'm talking security risks here. I want to try to prevent malicious tampering with anything on my server, but I also want to allow me to modify some dirs via W10 from my main desktop machine. I would also like to block PMS from being able to write to media folders. Is it safer to make a group for all the apps that I want to have write access, and create users for each of them within that group? Then I could change group for all those folders and make only my superuser the actual owner. Is this just silly? EDIT: I'm running everything in Dockers. Edited October 7, 20178 yr by jonesy8485
October 7, 20178 yr 17 minutes ago, jonesy8485 said: Are there cons to running PMS, radarr, sonarr, nzbget, etc. all with nobody user? Sounds like you're running those as plugins, which isn't particularly recommended anyways. 19 minutes ago, jonesy8485 said: I would also like to block PMS from being able to write to media folders You definitely want to run docker applications. You only allow read/write or read to whatever folders you allow the app access to. IE: If you don't want Plex to have access to your financial information share, then it is completely unable (and doesn't even know that it exists) to read from that share.
October 7, 20178 yr As already mentioned, you should be using Dockers and then you can control what areas and the various applications have access to as well as what permissions they have (read only or read-and-write).
October 7, 20178 yr Author Everything is running in docker containers. Edited October 7, 20178 yr by jonesy8485
October 7, 20178 yr Then you have no problems. Only assign each app access to whatever share you want them access to with either read only or read write permission
October 7, 20178 yr Author 10 minutes ago, Squid said: Then you have no problems. Only assign each app access to whatever share you want them access to with either read only or read write permission Thank you. I hadn't been using the read/write permissions which I have now utilized to stop PMS from having write access to media folders. Is it advisable to disable root SSH login? I do not have web-facing webgui and use VPN.
Archived
This topic is now archived and is closed to further replies.