aletomic 2 Posted September 27, 2023 Share Posted September 27, 2023 Hi - I'm moving my server from a Windows desktop to a dedicated Linux Server. I have Proxmox setup and a LXC installed with Emby. I managed the mappings to passthrough the iGPU for the UID/GID. I scanned all the files from a ZFS storage. I manage to update an entire library poster arts. Today, when I was going to continue udpate the media poster I started having what I think to be permissions issues, which is odd in my opinion that it started after I was able to update content before. This is the host lx -l results for the path that contains the medias: root@pve01:/# ls -l media-storage01 total 76 drwxr-xr-x 30 nobody nogroup 30 Sep 23 19:38 'Animations - Movies' drwxr-xr-x 47 nobody nogroup 47 Sep 12 22:09 'Animes - Movies' drwxr-xr-x 42 nobody nogroup 42 Sep 9 19:11 'Animes - TV Shows' drwxr-xr-x 6 nobody nogroup 6 Sep 16 14:07 'Emby Backups' drwxr-xr-x 147 nobody nogroup 147 Sep 24 20:55 Movies drwxr-xr-x 6 nobody nogroup 6 Sep 9 18:04 Musics drwxr-xr-x 2 nobody nogroup 2 Sep 16 07:52 Playlists The user and group was before root and root, I updated it to nobody and nogroup. I added the "emby" user to the nogroup. Nevertheless I continue to receive the error below: *** Error Report *** Version: 4.7.14.0 Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffdetect /opt/emby-server/bin/ffdetect -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_amd64.deb Operating system: Linux version 6.2.16-14-pve (build@proxmox) (gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC PMX 6.2.16-1 Framework: .NET 6.0.20 OS/Process: x64/x64 Runtime: opt/emby-server/system/System.Private.CoreLib.dll Processor count: 3 Data path: /var/lib/emby Application path: /opt/emby-server/system System.UnauthorizedAccessException: System.UnauthorizedAccessException: Access to the path '/media-storage01/Movies/Palm Springs (2020)/poster.jpg' is denied. ---> System.IO.IOException: Permission denied --- End of inner exception stack trace --- at System.IO.FileSystem.DeleteFile(String fullPath) at System.IO.File.Delete(String path) at Emby.Server.Implementations.IO.ManagedFileSystem.DeleteFileInternal(String path, Boolean sendToRecycleBin) at Emby.Server.Implementations.IO.ManagedFileSystem.DeleteFile(String path, Boolean sendToRecycleBin) at Emby.Server.Implementations.IO.ManagedFileSystem.DeleteFile(String path) at Emby.Providers.Manager.ImageSaver.SaveImage(BaseItem item, LibraryOptions libraryOptions, IImageSource source, ReadOnlyMemory`1 mimeType, ImageType type, Nullable`1 imageIndex, Nullable`1 saveLocallyWithMedia, Boolean isFallbackImage, CancellationToken cancellationToken) at Emby.Api.Images.ImageService.PostImage(BaseItem entity, Stream inputStream, ImageType imageType, String mimeType) at Emby.Server.Implementations.Services.ServiceController.GetTaskResult(Task task) at Emby.Server.Implementations.Services.ServiceHandler.ProcessRequestAsync(HttpListenerHost httpHost, IServerApplicationHost appHost, IRequest httpReq, IResponse httpRes, RestPath restPath, String responseContentType, CancellationToken cancellationToken) at Emby.Server.Implementations.HttpServer.HttpListenerHost.RequestHandler(IRequest httpReq, ReadOnlyMemory`1 urlString, ReadOnlyMemory`1 localPath, CancellationToken cancellationToken) Source: System.Private.CoreLib TargetSite: Void DeleteFile(System.String) InnerException: System.IO.IOException: Permission denied Source: TargetSite: 2023-09-26 23:54:03.190 Info Server: http/1.1 Response 500 to host1. Time: 23ms. http://192.168.86.28:8096/emby/Items/102/Images/Primary?X-Emby-Client=Emby Web&X-Emby-Device-Name=Chrome Windows&X-Emby-Device-Id=28c511d5-7c5b-4f1f-9762-d6e89bb54666&X-Emby-Client-Version=4.7.14.0&X-Emby-Language=en-us Can somone please help? This is my first time doing anything on Linux and this is anoying. I was able to setup Plex in another LXC in this same server but I prefer Emby and want to migrate it as well to this Linux server that I'm building. Please consider this when addressing the potential resolutions because both containers are consuming the same media folder. Thank you for any inputs embyserver.txt Link to comment Share on other sites More sharing options...
aletomic 2 Posted September 27, 2023 Author Share Posted September 27, 2023 (edited) Here is some additional content. The LXC conf: ## Emby LXC #http%3A//192.168.86.28%3A8096 arch: amd64 cores: 3 features: keyctl=1,nesting=1 hostname: emby-ct memory: 2048 mp0: /media-storage01,mp=/media-storage01 net0: name=eth0,bridge=vmbr0,hwaddr=4A:39:2B:73:D1:1A,ip=dhcp,type=veth onboot: 1 ostype: debian parent: All_Working rootfs: local-lvm:vm-403-disk-0,size=32G swap: 1024 tags: emby-container unprivileged: 1 lxc.cgroup2.devices.allow: a lxc.cap.drop: lxc.cgroup2.devices.allow: c 188:* rwm lxc.cgroup2.devices.allow: c 189:* rwm lxc.mount.entry: /dev/serial/by-id dev/serial/by-id none bind,optional,create=dir lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file lxc.mount.entry: /dev/ttyUSB1 dev/ttyUSB1 none bind,optional,create=file lxc.mount.entry: /dev/ttyACM0 dev/ttyACM0 none bind,optional,create=file lxc.mount.entry: /dev/ttyACM1 dev/ttyACM1 none bind,optional,create=file lxc.cgroup2.devices.allow: c 226:0 rwm lxc.cgroup2.devices.allow: c 226:128 rwm lxc.cgroup2.devices.allow: c 29:0 rwm lxc.mount.entry: /dev/fb0 dev/fb0 none bind,optional,create=file lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir lxc.mount.entry: /dev/dri dev/dri/card0 none bind,optional,create=file,mode=0666 lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file lxc.idmap: u 0 100000 65536 lxc.idmap: g 0 100000 44 lxc.idmap: g 44 44 1 lxc.idmap: g 45 100045 61 lxc.idmap: g 106 104 1 lxc.idmap: g 107 100107 65429 Here is the Group file root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24: floppy:x:25: tape:x:26: sudo:x:27: audio:x:29: dip:x:30: www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: shadow:x:42: utmp:x:43: video:x:44:root sasl:x:45: plugdev:x:46: staff:x:50: games:x:60: users:x:100:emby nogroup:x:65534:emby input:x:101: sgx:x:102: kvm:x:103: render:x:104:root _ssh:x:105: _chrony:x:106: messagebus:x:107: crontab:x:108: systemd-journal:x:999: systemd-network:x:998: ssl-cert:x:109: postfix:x:110: postdrop:x:111: tcpdump:x:112: rdma:x:113: gluster:x:114: tss:x:115: ceph:x:64045: emby:x:1001: Here is the Passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin _apt:x:42:65534::/nonexistent:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin _chrony:x:100:106:Chrony daemon,,,:/var/lib/chrony:/usr/sbin/nologin messagebus:x:101:107::/nonexistent:/usr/sbin/nologin sshd:x:102:65534::/run/sshd:/usr/sbin/nologin _rpc:x:103:65534::/run/rpcbind:/usr/sbin/nologin systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin postfix:x:104:110::/var/spool/postfix:/usr/sbin/nologin tcpdump:x:105:112::/nonexistent:/usr/sbin/nologin statd:x:106:65534::/var/lib/nfs:/usr/sbin/nologin gluster:x:107:114::/var/lib/glusterd:/usr/sbin/nologin tss:x:108:115:TPM software stack,,,:/var/lib/tpm:/bin/false ceph:x:64045:64045:Ceph storage service:/var/lib/ceph:/usr/sbin/nologin emby:x:1001:1001:,,,:/home/emby:/bin/bash Here is the access results of ls -l inside the Emby Container: root@emby-ct:/# ls -l media-storage01 total 76 drwxr-xr-x 30 nobody nogroup 30 Sep 23 19:38 'Animations - Movies' drwxr-xr-x 47 nobody nogroup 47 Sep 12 22:09 'Animes - Movies' drwxr-xr-x 42 nobody nogroup 42 Sep 9 19:11 'Animes - TV Shows' drwxr-xr-x 6 nobody nogroup 6 Sep 16 14:07 'Emby Backups' drwxr-xr-x 147 nobody nogroup 147 Sep 24 20:55 Movies drwxr-xr-x 6 nobody nogroup 6 Sep 9 18:04 Musics drwxr-xr-x 2 nobody nogroup 2 Sep 16 07:52 Playlists Here is the group inside the Emby Container root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24: floppy:x:25: tape:x:26: sudo:x:27: audio:x:29: dip:x:30: www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: shadow:x:42: utmp:x:43: video:x:44:emby sasl:x:45: plugdev:x:46: staff:x:50: games:x:60: users:x:100: nogroup:x:65534: crontab:x:101: ssl-cert:x:102: input:x:103: sgx:x:104: kvm:x:105: render:x:106:emby _ssh:x:107: netdev:x:108: postfix:x:109: postdrop:x:110: systemd-journal:x:999: systemd-network:x:998: systemd-timesync:x:997: messagebus:x:111: emby:x:996: Here is the passwd inside the Emby Container root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin _apt:x:42:65534::/nonexistent:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin postfix:x:100:109::/var/spool/postfix:/usr/sbin/nologin sshd:x:101:65534::/run/sshd:/usr/sbin/nologin systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin systemd-timesync:x:997:997:systemd Time Synchronization:/:/usr/sbin/nologin messagebus:x:102:111::/nonexistent:/usr/sbin/nologin emby:x:999:996:Emby Server:/var/lib/emby:/usr/sbin/nologin I hope this helps to diagnose some error that I have done. Thank you for any help Edited September 27, 2023 by aletomic Removed my name from the Group file Link to comment Share on other sites More sharing options...
Q-Droid 654 Posted September 27, 2023 Share Posted September 27, 2023 You have to account for a number of things. Which user is running the emby-server, is it emby? If so then good. Next, this user needs access to the full path to the media, every directory along the way needs to look like your example above for media-storage01. You've gotten close by making emby a member of nogroup but for the specific media directories where emby needs write access you will either need to add "w" for the group level or make emby the owner. This isn't needed for all directories along the path but is for the ones where the media files exist if emby is to create nfo and other metadata files in the media location. There are other ways to get the same or similar results but you'll have to decide based on how you create and manage your media files. Read through this thread for more info and details. Link to comment Share on other sites More sharing options...
aletomic 2 Posted September 27, 2023 Author Share Posted September 27, 2023 (edited) 2 hours ago, Q-Droid said: Which user is running the emby-server, is it emby? If so then good I thought emby was a generic user. Do I need to edit in the host server a new entry with the user that I'm using to edit the server? Maybe I should create a emby user on the Emby server. It may be the easiest/quickest way to perform the updates. 2 hours ago, Q-Droid said: emby needs write access you will either need to add "w" for the group level or make emby the owner. I can test, I guess, when I'm back home today changing the ownership of the folder doing a: chown -R emby:emby /media-storage01 Would this affect other LXC permission to this folder? I have Plex running in another LXC. I have the art work save locally nfo option turned on. Thank you Edited September 27, 2023 by aletomic Link to comment Share on other sites More sharing options...
Q-Droid 654 Posted September 27, 2023 Share Posted September 27, 2023 I don't use Proxmox/LXC so I'm not familiar with the options available for handling cases like yours. Having Plex share the media will take more work but I don't see why it couldn't be done. An emby installation of .deb or .rpm will also create an emby user and group to run the server. I can't remember what Plex does for server runtime, you'll have to identify the runtime user and group for this. You want to make sure the ownership and permissions of the media files/directories are the same for both containers which also means you should make sure the UID/GIDs are in sync between LXC containers and the Proxmox host. In your case an example is that emby is different between the two. Again, I don't use Proxmox so there might be a way for mapping these that I'm not aware of. Since you plan to share media between containers then I think ACLs with default access defined could be the simplest way forward so that files and directories created in one container have the right permissions in the other. Changing the ownership to emby:emby could make it inaccessible to Plex. There might be container privilege levels which overrule all of the above but could also open security risks. Link to comment Share on other sites More sharing options...
aletomic 2 Posted September 29, 2023 Author Share Posted September 29, 2023 (edited) Hey thank you for your inputs but no matter what I try I can't manage to make the LXC (Emby container) able to get the permissions to write to the ZFS host storage folder. I'm going to paste here for future reference in case someone may able to help but for now I think I'm giving up on Emby and going to use only Plex since I can't get it working. Error: System.UnauthorizedAccessException: System.UnauthorizedAccessException: Access to the path '/media-storage01/Movies/Palm Springs (2020)/poster.jpg' is denied. ---> System.IO.IOException: Permission denied Mount: /media-storage01 on /media-storage01 type zfs (rw,xattr,posixacl) Host Container Conf ## Emby LXC #http%3A//192.168.86.28%3A8096 arch: amd64 cores: 3 features: keyctl=1,nesting=1 hostname: emby-ct memory: 2048 mp0: /media-storage01,mp=/media-storage01 net0: name=eth0,bridge=vmbr0,hwaddr=4A:39:2B:73:D1:1A,ip=dhcp,type=veth onboot: 1 ostype: debian rootfs: local-lvm:vm-403-disk-0,size=32G swap: 1024 tags: emby-container lxc.cgroup2.devices.allow: a lxc.cap.drop: lxc.cgroup2.devices.allow: c 188:* rwm lxc.cgroup2.devices.allow: c 189:* rwm lxc.mount.entry: /media-storage01 media-storage01 none bind,rw 0 0 lxc.mount.entry: /dev/serial/by-id dev/serial/by-id none bind,optional,create=dir lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file lxc.mount.entry: /dev/ttyUSB1 dev/ttyUSB1 none bind,optional,create=file lxc.mount.entry: /dev/ttyACM0 dev/ttyACM0 none bind,optional,create=file lxc.mount.entry: /dev/ttyACM1 dev/ttyACM1 none bind,optional,create=file lxc.cgroup2.devices.allow: c 226:0 rwm lxc.cgroup2.devices.allow: c 226:128 rwm lxc.cgroup2.devices.allow: c 29:0 rwm lxc.mount.entry: /dev/fb0 dev/fb0 none bind,optional,create=file lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir lxc.mount.entry: /dev/dri dev/dri/card0 none bind,optional,create=file,mode=0666 lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file lxc.idmap: u 0 100000 65536 lxc.idmap: g 0 100000 44 lxc.idmap: g 44 44 1 lxc.idmap: g 45 100045 61 lxc.idmap: g 106 104 1 lxc.idmap: g 107 100107 65429 Host Group root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24: floppy:x:25: tape:x:26: sudo:x:27:alexandre audio:x:29: dip:x:30: www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: shadow:x:42: utmp:x:43: video:x:44:root sasl:x:45: plugdev:x:46: staff:x:50: games:x:60: users:x:100:alexandre,emby nogroup:x:65534:emby input:x:101: sgx:x:102: kvm:x:103: render:x:104:root _ssh:x:105: _chrony:x:106: messagebus:x:107: crontab:x:108: systemd-journal:x:999: systemd-network:x:998: ssl-cert:x:109: postfix:x:110: postdrop:x:111: tcpdump:x:112: rdma:x:113: gluster:x:114: tss:x:115: ceph:x:64045: alexandre:x:1000: emby:x:1001: Host Passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin _apt:x:42:65534::/nonexistent:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin _chrony:x:100:106:Chrony daemon,,,:/var/lib/chrony:/usr/sbin/nologin messagebus:x:101:107::/nonexistent:/usr/sbin/nologin sshd:x:102:65534::/run/sshd:/usr/sbin/nologin _rpc:x:103:65534::/run/rpcbind:/usr/sbin/nologin systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin postfix:x:104:110::/var/spool/postfix:/usr/sbin/nologin tcpdump:x:105:112::/nonexistent:/usr/sbin/nologin statd:x:106:65534::/var/lib/nfs:/usr/sbin/nologin gluster:x:107:114::/var/lib/glusterd:/usr/sbin/nologin tss:x:108:115:TPM software stack,,,:/var/lib/tpm:/bin/false ceph:x:64045:64045:Ceph storage service:/var/lib/ceph:/usr/sbin/nologin alexandre:x:1000:1000:,,,:/home/alexandre:/bin/bash emby:x:1001:1001:,,,:/home/emby:/bin/bash Host SUBUID root:44:1 root:104:1 root:1005:1 root:100000:65536 alexandre:165536:65536 emby:231072:65536 Host SUBGID root:44:1 root:104:1 root:100000:65536 alexandre:165536:65536 emby:231072:65536 Host Storage Permission to UID / GID 1005 (already tried emby and it didn't work) root@pve01:/# ls -l media-storage01 total 76 drwxr-xr-x 30 1005 1005 30 Sep 23 19:38 'Animations - Movies' drwxr-xr-x 47 1005 1005 47 Sep 12 22:09 'Animes - Movies' drwxr-xr-x 42 1005 1005 42 Sep 9 19:11 'Animes - TV Shows' drwxr-xr-x 6 1005 1005 6 Sep 16 14:07 'Emby Backups' drwxr-xr-x 147 1005 1005 147 Sep 24 20:55 Movies drwxr-xr-x 6 1005 1005 6 Sep 9 18:04 Musics drwxr-xr-x 2 1005 1005 2 Sep 16 07:52 Playlists CT Storage Permission to UID /GID root@emby-ct:/# ls -l media-storage01 total 76 drwxr-xr-x 30 nobody nogroup 30 Sep 23 19:38 'Animations - Movies' drwxr-xr-x 47 nobody nogroup 47 Sep 12 22:09 'Animes - Movies' drwxr-xr-x 42 nobody nogroup 42 Sep 9 19:11 'Animes - TV Shows' drwxr-xr-x 6 nobody nogroup 6 Sep 16 14:07 'Emby Backups' drwxr-xr-x 147 nobody nogroup 147 Sep 24 20:55 Movies drwxr-xr-x 6 nobody nogroup 6 Sep 9 18:04 Musics drwxr-xr-x 2 nobody nogroup 2 Sep 16 07:52 Playlists CT Group root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24: floppy:x:25: tape:x:26: sudo:x:27: audio:x:29: dip:x:30: www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: video:x:44:root,emby sasl:x:45: plugdev:x:46: staff:x:50: games:x:60: users:x:100: nogroup:x:65534:root,emby crontab:x:101: messagebus:x:102: syslog:x:103: ssl-cert:x:104:emby input:x:105: sgx:x:106: kvm:x:107: render:x:108:root,emby _ssh:x:111: netdev:x:108: postfix:x:109: postdrop:x:110: systemd-journal:x:112: systemd-network:x:113: systemd-resolve:x:114: systemd-timesync:x:115: uuid:x:116: tcpdump:x:117: emby:x:999: CT Passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin messagebus:x:100:102::/nonexistent:/usr/sbin/nologin syslog:x:101:103::/home/syslog:/usr/sbin/nologin postfix:x:102:109::/var/spool/postfix:/usr/sbin/nologin _apt:x:103:65534::/nonexistent:/usr/sbin/nologin sshd:x:104:65534::/run/sshd:/usr/sbin/nologin systemd-network:x:105:113:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin systemd-resolve:x:106:114:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin systemd-timesync:x:107:115:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin uuidd:x:108:116::/run/uuidd:/usr/sbin/nologin tcpdump:x:109:117::/nonexistent:/usr/sbin/nologin emby:x:999:999::/var/lib/plexmediaserver:/usr/sbin/nologin I feel bad that I'm not smat enough to figure out why this doesn't work. Edited September 29, 2023 by aletomic Link to comment Share on other sites More sharing options...
Q-Droid 654 Posted September 29, 2023 Share Posted September 29, 2023 (edited) On 9/27/2023 at 11:09 AM, Q-Droid said: Next, this user needs access to the full path to the media, every directory along the way needs to look like your example above for media-storage01. Did you check this part starting from / (root)? Using your example error the emby-server runtime user (emby?) needs to be able to access/navigate: /media-storage01 /media-storage01/Movies /media-storage01/Movies/Palm Springs (2020) /media-storage01/Movies/Palm Springs (2020)/poster.jpg Edited September 29, 2023 by Q-Droid Link to comment Share on other sites More sharing options...
Q-Droid 654 Posted September 29, 2023 Share Posted September 29, 2023 20 minutes ago, aletomic said: emby:x:999:999::/var/lib/plexmediaserver:/usr/sbin/nologin Also, why would the emby user home be /var/lib/plexmediaserver? Link to comment Share on other sites More sharing options...
aletomic 2 Posted September 29, 2023 Author Share Posted September 29, 2023 (edited) 1 hour ago, Q-Droid said: Did you check this part starting from / (root)? I think this is what you are refering to. I checked: root@pve01:/# ls -l media-storage01 total 76 drwxr-xr-x 30 1005 1005 30 Sep 23 19:38 'Animations - Movies' drwxr-xr-x 47 1005 1005 47 Sep 12 22:09 'Animes - Movies' drwxr-xr-x 42 1005 1005 42 Sep 9 19:11 'Animes - TV Shows' drwxr-xr-x 6 1005 1005 6 Sep 16 14:07 'Emby Backups' drwxr-xr-x 147 1005 1005 147 Sep 24 20:55 Movies drwxr-xr-x 6 1005 1005 6 Sep 9 18:04 Musics drwxr-xr-x 2 1005 1005 2 Sep 16 07:52 Playlists root@pve01:/# ls -l media-storage01/Movies total 1209 (//removed the movie list but all was with 1005) drwxr-xr-x 2 1005 1005 9 Sep 9 13:53 'Palm Springs (2020)' root@pve01:/# ls -l media-storage01/Movies/'Palm Springs (2020)' total 3436408 -rwxr-xr-x 1 1005 1005 203509 Sep 9 13:53 banner.jpg -rwxr-xr-x 1 1005 1005 816218 Sep 9 13:53 clearart.png -rwxr-xr-x 1 1005 1005 122767 Sep 9 13:53 clearlogo.png -rwxr-xr-x 1 1005 1005 1297382 Sep 9 13:53 fanart1.jpg -rwxr-xr-x 1 1005 1005 669905 Sep 9 13:53 landscape.jpg -rwxr-xr-x 1 1005 1005 3512709077 Sep 9 13:53 'Palm Springs (2020).mkv' -rwxr-xr-x 1 1005 1005 1020017 Sep 9 13:53 poster.jpg root@pve01:/# ls -l media-storage01/Movies/'Palm Springs (2020)'/poster.jpg -rwxr-xr-x 1 1005 1005 1020017 Sep 9 13:53 'media-storage01/Movies/Palm Springs (2020)/poster.jpg' All have the same access when I change it to whatever it should be (emby, 1000, 1005, Emby, nobody). 1 hour ago, Q-Droid said: Also, why would the emby user home be /var/lib/plexmediaserver? Yes, this was wrong. I tried so many things to one point I decided to just copy it from the Plex container everything to see if it would work. I updated it to: emby:x:999:999::/var/lib/emby/config/users:/usr/sbin/nologin Not sure if is right at this point anymore. It still doesn't work. Thank you for the additional look Edited September 29, 2023 by aletomic Link to comment Share on other sites More sharing options...
Q-Droid 654 Posted September 29, 2023 Share Posted September 29, 2023 It sounds like many things have changed along the way. Going forward (or when redoing) focus on getting one them working. Then try to get the second to work without changing the first. Starting over might be an option and possibly the best one. Link to comment Share on other sites More sharing options...
aletomic 2 Posted September 30, 2023 Author Share Posted September 30, 2023 I think I found the problem. It is really seems a limitation. This is in the Proxmox documentation about the LXC storage types: Bind Mount Points Bind mounts allow you to access arbitrary directories from your Proxmox VE host inside a container. Some potential use cases are: Accessing your home directory in the guest Accessing an USB device directory in the guest Accessing an NFS mount from the host in the guest Bind mounts are considered to not be managed by the storage subsystem, so you cannot make snapshots or deal with quotas from inside the container. With unprivileged containers you might run into permission problems caused by the user mapping and cannot use ACLs. https://192.168.86.76:8006/pve-docs/chapter-pct.html#pct_container_images This pose a challenge. It seems that to overcome this I need to run a privileged LXC (Container). Which brings security problems. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now