jonesy8485 Posted October 7, 2017 Share Posted October 7, 2017 (edited) OK, I tried searching for the last hour or so and can't get the answers... Are there cons to running PMS, radarr, sonarr, nzbget, etc. all with nobody user? Also, every dir within /mnt/ has nobody as the user. I guess I'm talking security risks here. I want to try to prevent malicious tampering with anything on my server, but I also want to allow me to modify some dirs via W10 from my main desktop machine. I would also like to block PMS from being able to write to media folders. Is it safer to make a group for all the apps that I want to have write access, and create users for each of them within that group? Then I could change group for all those folders and make only my superuser the actual owner. Is this just silly? EDIT: I'm running everything in Dockers. Edited October 7, 2017 by jonesy8485 Quote Link to comment
Squid Posted October 7, 2017 Share Posted October 7, 2017 17 minutes ago, jonesy8485 said: Are there cons to running PMS, radarr, sonarr, nzbget, etc. all with nobody user? Sounds like you're running those as plugins, which isn't particularly recommended anyways. 19 minutes ago, jonesy8485 said: I would also like to block PMS from being able to write to media folders You definitely want to run docker applications. You only allow read/write or read to whatever folders you allow the app access to. IE: If you don't want Plex to have access to your financial information share, then it is completely unable (and doesn't even know that it exists) to read from that share. 1 Quote Link to comment
BRiT Posted October 7, 2017 Share Posted October 7, 2017 As already mentioned, you should be using Dockers and then you can control what areas and the various applications have access to as well as what permissions they have (read only or read-and-write). Quote Link to comment
jonesy8485 Posted October 7, 2017 Author Share Posted October 7, 2017 (edited) Everything is running in docker containers. Edited October 7, 2017 by jonesy8485 Quote Link to comment
Squid Posted October 7, 2017 Share Posted October 7, 2017 Then you have no problems. Only assign each app access to whatever share you want them access to with either read only or read write permission Quote Link to comment
jonesy8485 Posted October 7, 2017 Author Share Posted October 7, 2017 10 minutes ago, Squid said: Then you have no problems. Only assign each app access to whatever share you want them access to with either read only or read write permission Thank you. I hadn't been using the read/write permissions which I have now utilized to stop PMS from having write access to media folders. Is it advisable to disable root SSH login? I do not have web-facing webgui and use VPN. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.