TODDLT Posted July 30, 2019 Share Posted July 30, 2019 (edited) I asked this of one of the Plex Docker forums and no one has been able to come up with an answer so hoping it will make sense to someone in the greater community here. I use the DVR function in Plex, and it creates video files on unRaid. If I try to delete one of those files from my PC, it denies me access claiming I need permission from the user "nobody" to delete the files. (see image below) If I run the "new permissions" utility I can delete/move those files, but seems crazy to have to do that every time. I just migrated my Plex installation to the Linuxserver.io docker. Previously I did not have this issue under the other docker and could freely move or delete these files. I do seem to remember having a similar issue a few years ago when I set up the DVR and have no recollection of how it was resolved and I can't find any thread on here for the issue. Any ideas on how to resolve or chase this one down? Edited August 10, 2019 by TODDLT Quote Link to comment
Frank1940 Posted July 30, 2019 Share Posted July 30, 2019 (edited) You are going to have to provide a bit more information to us. First, open the GUI terminal (right side of top toolbar) and type the following command: ls -al /mnt/user0 Now, hit the 'up-arrow' key and append the name of the User Share to this command as the following example shows: ls -al /mnt/user0/Media Continue down the tree/path until you get to a file that has the problem. Then copy and paste the line for that file in the listing that has the problem. (Please format it as 'Code' -- </> icon at the top of the reply box.) It will look like this: -rw-rw-rw- 1 nobody users 178259492 Oct 20 2016 Nxxxxxxxxxxxxx-Axxxx-Wedding.pdf Edited July 30, 2019 by Frank1940 Quote Link to comment
Frank1940 Posted July 30, 2019 Share Posted July 30, 2019 One more thing. Edit your first post to change the title of this thread to indicate which Plex Docker you're using. That will the attention of the users of that Docker as one of them will eventually have to tell how to address this issue. Quote Link to comment
TODDLT Posted July 30, 2019 Author Share Posted July 30, 2019 (edited) 7 hours ago, Frank1940 said: You are going to have to provide a bit more information to us. First, open the GUI terminal (right side of top toolbar) and type the following command: ls -al /mnt/user0 Now, hit the 'up-arrow' key and append the name of the User Share to this command as the following example shows: ls -al /mnt/user0/Media Continue down the tree/path until you get to a file that has the problem. Then copy and paste the line for that file in the listing that has the problem. (Please format it as 'Code' -- </> icon at the top of the reply box.) It will look like this: -rw-rw-rw- 1 nobody users 178259492 Oct 20 2016 Nxxxxxxxxxxxxx-Axxxx-Wedding.pdf Thread title amended. The rest of this I'll have to do when I get home in about 4 hours. New ground for me but looks pretty straight forward. You just need one example line for a file I know is restricting access? Thanks! Edited July 30, 2019 by TODDLT Quote Link to comment
Frank1940 Posted July 30, 2019 Share Posted July 30, 2019 31 minutes ago, TODDLT said: You just need one example line for a file I know is restricting access? Just one if all of the others are the same except for file size, file date and file name. (You can automonize the filename if you want) Quote Link to comment
TODDLT Posted July 31, 2019 Author Share Posted July 31, 2019 5 hours ago, Frank1940 said: Just one if all of the others are the same except for file size, file date and file name. (You can automonize the filename if you want) So I recorded a few minutes of a random TV show just to do this test. The only trouble I ran into, is the DVR titles the folder and file name with the year in parenthesis, and apparently the above syntax doesn't like the existence of the parenthesis (2019). However, just seeing the DVR TV directory the line for the newly created folder had two key differences. 1, the older folder names were highlighted in green, while the new folder was not highlighted. 2, the "rw" coding was different. This folder was created using the new plex install drwxr-xr-x 1 nobody users 33 Jul 30 20:05 Bxxxxxg\ (2019)/ a similar folder that was created from the old plex installation reads like this drwxrwxrwx 1 nobody users 52 Mayt 15 22:31 Bxxxxxxx\ (2017)/ Obviously I see the "write" permissions missing but not sure what the full sequence means or how to adjust. Hope that is enough, thanks for the help! Quote Link to comment
Frank1940 Posted July 31, 2019 Share Posted July 31, 2019 (edited) 1 hour ago, TODDLT said: Obviously I see the "write" permissions missing but not sure what the full sequence means or how to adjust. OK, it means that no one (except for root) has permission to do anything but read the files inside. While 'nobody' is the owner, in Unraid that means that there is no owner, The group--- users in this case --- 'permissions' would be that logged-in user is assigned to the 'group' for that share (The Private and Secure Share security settings will have users assign to allow controlled access to the share), the 'other' permissions are for the anonymous user. What the problem is that the Plex Docker that you are using has settings somewhere that instructs it how to assign permissions the directories and files that it creates. And those settings are wrong for Unraid! This problem is not that usual. Someone should know where that setting in this Docker. (Hopefully, someone who uses this Docker will see this thread and jump in to help out.) EDIT By the way, google is your friend if you want detailed information on permissions, 'owner', 'group' and 'other'. Edited July 31, 2019 by Frank1940 Quote Link to comment
TODDLT Posted July 31, 2019 Author Share Posted July 31, 2019 1 hour ago, Frank1940 said: OK, it means that no one (except for root) has permission to do anything but read the files inside. While 'nobody' is the owner, in Unraid that means that there is no owner, The group--- users in this case --- 'permissions' would be that logged-in user is assigned to the 'group' for that share (The Private and Secure Share security settings will have users assign to allow controlled access to the share), the 'other' permissions are for the anonymous user. What the problem is that the Plex Docker that you are using has settings somewhere that instructs it how to assign permissions the directories and files that it creates. And those settings are wrong for Unraid! This problem is not that usual. Someone should know where that setting in this Docker. (Hopefully, someone who uses this Docker will see this thread and jump in to help out.) EDIT By the way, google is your friend if you want detailed information on permissions, 'owner', 'group' and 'other'. Thanks, so this did trigger I thought. There are values in the docker settings for PGID and PUID. I think this stands for Plex UserID and Plex GroupID. (P=Plex is an assumption on my part but I think GID and UID is correct). They have numerical values: PUID = 99 and PGID = 100. I looked back and the older Plex Docker did not have any settings for these values. Should I just remove the values? or should they be changed? No idea what those values actually mean. Quote Link to comment
Frank1940 Posted July 31, 2019 Share Posted July 31, 2019 7 hours ago, TODDLT said: They have numerical values: PUID = 99 and PGID = 100. I am getting out of my comfort zone here. I did google and find this thread. https://forums.unraid.net/topic/39289-adapting-container-user-and-group-ids-to-the-host/ I suspect that your problem is with the UMASK variable... Quote Link to comment
TODDLT Posted July 31, 2019 Author Share Posted July 31, 2019 8 hours ago, Frank1940 said: I am getting out of my comfort zone here. I did google and find this thread. https://forums.unraid.net/topic/39289-adapting-container-user-and-group-ids-to-the-host/ I suspect that your problem is with the UMASK variable... I just took a quick scan of this..... not exactly light reading so looks like project for tonight. Thanks for the info and the time to dig it up. Quote Link to comment
Xaero Posted August 1, 2019 Share Posted August 1, 2019 (edited) 22 hours ago, TODDLT said: I just took a quick scan of this..... not exactly light reading so looks like project for tonight. Thanks for the info and the time to dig it up. You could also use the UMASK variable to do what I suggest in the other thread; the first bit (normally untouched) is the SET mode for the file - this can be 0 (normal file or directory), sticky, GID, UID, etc. control. By setting, for example 2000 it would change the first bit to "2" and then the "000" mask would translate to "666" or RW for Owner, RW for Group, and RW for anyone else. https://wintelguy.com/umask-calc.pl Here's a good calculator that will calculate permissions for you as well. I'm not sure what permissions its setting wrong - but the normal unraid permission of "0000" should work fine for SMB users to Read and Write. The SetGID bit can be useful when you wish to specify access to users in the group rather than the owner directly. Another useful setting for the UMASK: 0003 - this would make it so that the Owner (nobody) and users in the group (users) could read and write the file - but others (anonymous SMB users, for example) would be able to view the content, but not edit or remove it. EDIT: If you wish you can run "stat filename" on a file that is broken, and then run it on a file that is working to identify what permissions differ, which will better help identify what needs to be corrected. EDIT2: I see you already posted permissions set on two files above; Owner Group | Other Owner(UID) Group (GID) d rwx | r-x | r-x 1 nobody users d rwx | rwx | rwx 1 nobody users As you can see above - only the owner is set to have write permissions on the file created by the new installation that is "broken" Note that the execute bit (x) is required for directories to be browsable on Linux - the "d" to the left designates this is a directory, for files this is a "-" Changing the UMASK to 0000 should fix your problem, as it will enable write permissions for the group and other columns. For information on "why" this would be different; UMASK 0022 (no change to SET bit, owner read/write, group read only, other read only) is the typical default on Linux, and would result in directories being created with the permissions you are seeing above (remember - directories must have the execute bit, and it is automatically added when the directory is created.) Edited August 1, 2019 by Xaero Quote Link to comment
TODDLT Posted August 4, 2019 Author Share Posted August 4, 2019 (edited) On 8/1/2019 at 1:15 PM, Xaero said: EDIT2: I see you already posted permissions set on two files above; Owner Group | Other Owner(UID) Group (GID) d rwx | r-x | r-x 1 nobody users d rwx | rwx | rwx 1 nobody users As you can see above - only the owner is set to have write permissions on the file created by the new installation that is "broken" Note that the execute bit (x) is required for directories to be browsable on Linux - the "d" to the left designates this is a directory, for files this is a "-" Changing the UMASK to 0000 should fix your problem, as it will enable write permissions for the group and other columns. For information on "why" this would be different; UMASK 0022 (no change to SET bit, owner read/write, group read only, other read only) is the typical default on Linux, and would result in directories being created with the permissions you are seeing above (remember - directories must have the execute bit, and it is automatically added when the directory is created.) Sorry, it's taken me a few days to get back into trouble shooting this issue, just been a little busy here. Thanks for taking the time to explain all this and I think I'm following this correctly. I've learned a little bit about what's going on in the background on this one. So where do I put this UMASK command? Is this a variable I should set in the docker or a command line that needs to be run every time the docker is started? Thanks again Edited August 4, 2019 by TODDLT Quote Link to comment
Xaero Posted August 4, 2019 Share Posted August 4, 2019 The umask 0000 needs to be called in the docker after the filesystems are created - in whatever entrypoint script is being used. I'd file this as a bug with the LS.IO guys on github or in their support thread. You can readily prove that the UMASK isn't being set properly; Run stat on one directory that works, and one that does not, this will show that while the UID and GID are correct the UMASK of 0000 isn't being set which makes the container inherently incompatible with unraid's share system by default, although they may push back in that this is technically "more secure" and "proper" in the world of Linux. If that's the case, you could easily set up a userscript to add "umask 0000" to the second line of their entrypoint script, and have it run every day so that if the container updates it adds the command back in, and restarts the docker. Quote Link to comment
TODDLT Posted August 4, 2019 Author Share Posted August 4, 2019 3 hours ago, Xaero said: If that's the case, you could easily set up a userscript to add "umask 0000" to the second line of their entrypoint script, and have it run every day so that if the container updates it adds the command back in, and restarts the docker. Not everyone on Plex uses the DVR, and so for most users, they probably would never see files "created by Plex" that they accessed or wanted to modify outside of Plex itself. I'm not sure what they will say about the request because maybe it is more secure for the app data files that may be created by the docker, and not sure they can differentiate between those and the DVR created files. So all that being said, I would probably use this short term, or long if they don't make the change. Creating a userscript that simply says "unmask 0000" would be pretty straight forward and I use a couple user-scripts. However, I'm not sure what this script would look like to "add the line to their entrypoint script and restart the docker." Is there a way to write a script that would run in the proper sequence at the startup of unRaid to get this setup, and why would it revert or need to be run every day or so? Quote Link to comment
Xaero Posted August 5, 2019 Share Posted August 5, 2019 (edited) 4 hours ago, TODDLT said: Not everyone on Plex uses the DVR, and so for most users, they probably would never see files "created by Plex" that they accessed or wanted to modify outside of Plex itself. I'm not sure what they will say about the request because maybe it is more secure for the app data files that may be created by the docker, and not sure they can differentiate between those and the DVR created files. So all that being said, I would probably use this short term, or long if they don't make the change. Creating a userscript that simply says "unmask 0000" would be pretty straight forward and I use a couple user-scripts. However, I'm not sure what this script would look like to "add the line to their entrypoint script and restart the docker." Is there a way to write a script that would run in the proper sequence at the startup of unRaid to get this setup, and why would it revert or need to be run every day or so? This is still worth reporting to LinuxServer.io - as they may be unaware that the DVR functionality of Plex is creating files without a proper umask for shares. To answer your questions regarding the UserScript - it needs to run to add the "umask" line to the docker, the docker must be running in order to execute the commands to modify the container. After which the container must be restarted to apply the actual command at startup. Running at Array start only works for the version of the docker that is installed when the array is started. If the docker is updated (either by you manually, or automatically) the change made by the UserScript will be gone. This is why it's desirable to have these sorts of things fixed upstream. There is no event that happens when dockers are updated, so there isn't really a way to just "run the script when the docker is updated" so we have to run it once per day. This is kind of kludgy and undesirable. As far as what a UserScript "could" look like to do this: #!/bin/bash con="$(docker ps --format "{{.Names}}" | grep -i plex)" run="/etc/services.d/plex/run" exists=$(docker exec -i "$con" grep -q umask "$run" >/dev/null 2>&1; echo $?) if [ "$exists" -eq 0 ]; then echo "umask line already present, exiting." exit else docker exec -i "$con" sed -i '3a umask 0000' "$run" echo "Added umask line - Restarting Plex docker..." docker restart "$con" >/dev/null fi To explain this script line-by-line so you know what we are doing: Shebang - this just defines what shell should execute this script - in this case "/bin/bash" Next we define the name of the docker container (we could hardcode this as "plex" since we know this is only usable for the ls.io plex docker) We then define the location of the run file used as the entrypoint. Next, we check if the file already contains "umask" or not. If it does, we simply exit the script, so we don't restart the docker unless we need to. If it doesn't, we add it after the 3rd line, and then restart the script. The result is that the "run" file ends up looking like this: #!/usr/bin/with-contenv bash echo "Starting Plex Media Server." umask 0000 export PLEX_MEDIA_SERVER_INFO_MODEL=$(uname -m) export PLEX_MEDIA_SERVER_INFO_PLATFORM_VERSION=$(uname -r) exec \ s6-setuidgid abc /bin/bash -c \ 'LD_LIBRARY_PATH=/usr/lib/plexmediaserver:/usr/lib/plexmediaserver/lib /usr/lib/plexmediaserver/Plex\ Media\ Server' Meaning that the next time the docker starts, "umask 0000" will be run before plex is started. This script can then be safely set to run once per day, preferably a few minutes after your automated updates, if you have the enabled. It will only make the change if it's required. P.S. Let me know if this works - as I have no way to test it. Edited August 5, 2019 by Xaero Quote Link to comment
TODDLT Posted August 5, 2019 Author Share Posted August 5, 2019 11 hours ago, Xaero said: Run stat on one directory that works, and one that does not, this will show that while the UID and GID are correct the UMASK of 0000 isn't being set which makes the container inherently incompatible with unraid's share system by default, although they may push back in that this is technically "more secure" and "proper" in the world of Linux. thanks for all the effort above. I will try to do the script in the next couple days and test it, hopefully tomorrow. I did post a note in the support forum here for LS.IO. I used the stats on the folder you saw above, but I also tried to use the "stat" command you mentioned. The real issue I had is I can't seem to call out the full directory name in the terminal because it shows a syntax error with the "(" character. All the folders and files created for media contain the year made in "(yyyy)" syntax. I get errors when tryring to type that. Is there a way around this? Quote Link to comment
Xaero Posted August 5, 2019 Share Posted August 5, 2019 3 minutes ago, TODDLT said: thanks for all the effort above. I will try to do the script in the next couple days and test it, hopefully tomorrow. I did post a note in the support forum here for LS.IO. I used the stats on the folder you saw above, but I also tried to use the "stat" command you mentioned. The real issue I had is I can't seem to call out the full directory name in the terminal because it shows a syntax error with the "(" character. All the folders and files created for media contain the year made in "(yyyy)" syntax. I get errors when tryring to type that. Is there a way around this? There are a few ways to work around this. The first, and the one you should become most familiar with when using a Linux box of any kind is to type only part of the name you need and then press "Tab" The shell will automatically fill in the remaining characters, and add quotes when needed. The second, is to manually place quotes around anything that uses spaces, or special characters: "(This) will work" (This) won't work The final common way is to "escape" characters the shell will try to use: \(This\)\ will\ work\ too The first method is the easiest, and most common way to use the Linux terminal when working with special characters and spaces. Tab completion is your friend. It remembers commands when you don't. It remembers folder names and the location of capital letters and special characters when you don't, too. It also never forgets to double quote things that need to be, or to escape letters that should be. Quote Link to comment
TODDLT Posted August 5, 2019 Author Share Posted August 5, 2019 32 minutes ago, Xaero said: There are a few ways to work around this. The first, and the one you should become most familiar with when using a Linux box of any kind is to type only part of the name you need and then press "Tab" The shell will automatically fill in the remaining characters, and add quotes when needed. The second, is to manually place quotes around anything that uses spaces, or special characters: "(This) will work" (This) won't work The final common way is to "escape" characters the shell will try to use: \(This\)\ will\ work\ too Thanks!! Quote Link to comment
TODDLT Posted August 10, 2019 Author Share Posted August 10, 2019 This is now solved. LinusServer.IO provided info on setting the variable for UMSASK Quote Link to comment
Frank1940 Posted August 10, 2019 Share Posted August 10, 2019 (edited) 7 hours ago, TODDLT said: This is now solved. LinusServer.IO provided info on setting the variable for UMSASK Did you post this info (and any how-to instructions necessary) in the support forum for this Docker? If not, please do so. It could help the next person who has the same problem. And edit first post to mark it [SOLVED]. Edited August 10, 2019 by Frank1940 Quote Link to comment
TODDLT Posted August 10, 2019 Author Share Posted August 10, 2019 11 hours ago, Frank1940 said: Did you post this info (and any how-to instructions necessary) in the support forum for this Docker? If not, please do so. It could help the next person who has the same problem. And edit first post to mark it [SOLVED]. so marked (and I was looking for a "solved" button). The answer came inside the LinuxServer.IO - PlexServer forum. I did reply that it solved the issue, and the fix was simple. In the end they do have a variable setting for UMASK available, its just not in the default list, so you have to add it manually. If there is somewhere I should post a summary write up I'd be happy to contribute. Quote Link to comment
Frank1940 Posted August 10, 2019 Share Posted August 10, 2019 9 minutes ago, TODDLT said: If there is somewhere I should post a summary write up I'd be happy to contribute. I would like to suggest this thread: https://forums.unraid.net/topic/46803-faq-feedback-for-faq-for-unraid-v6/ Make it specfic enough so that a novice can find where-to-make and how-to-do with the exact syntax for it. Quote Link to comment
TODDLT Posted August 17, 2019 Author Share Posted August 17, 2019 On 8/10/2019 at 6:34 PM, Frank1940 said: I would like to suggest this thread: https://forums.unraid.net/topic/46803-faq-feedback-for-faq-for-unraid-v6/ Make it specfic enough so that a novice can find where-to-make and how-to-do with the exact syntax for it. busy week, sorry it took so long. Done Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.