sdamaged Posted February 18, 2020 Share Posted February 18, 2020 Just wondering if there is a best practice guide for setting up containers? I was concerned that the standard share that seems to be mapped for almost every installed container /mnt/user gives the container full access to the entire unraid server (which i get makes things easy) So i removed this from Plex as a test, and added a specific path for every single share and then amended each library and rescanned. It was a lot more work of course, and is it really worth it? Is giving a container full access to the entire share ever necessary, and is it better practice to lock it down to what it only actually needs? Quote Link to comment
primeval_god Posted February 18, 2020 Share Posted February 18, 2020 51 minutes ago, sdamaged said: is it better practice to lock it down to what it only actually needs? This. Best practice is to give docker containers access to only the things that they need. For instance my plex container has a read/write mount for its config /mnt/user/appdata/plex and read only mounts for my media shares /mnt/user/tv/ and /mnt/user/movies/ Quote Link to comment
sdamaged Posted February 18, 2020 Author Share Posted February 18, 2020 Hmm so really i could have just amended the main mnt/user share to read only and saved a load of work! Lol Quote Link to comment
Squid Posted February 18, 2020 Share Posted February 18, 2020 9 minutes ago, sdamaged said: Hmm so really i could have just amended the main mnt/user share to read only and saved a load of work! Lol While that is the easy path mapping to make, it's not what I would call best practice from a security point of view. Plex really doesn't need access to your banking info, or your documents, or those "special" pictures everyone hides from their wife. 3 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.