cTurtle98 1 Posted September 4, 2017 Share Posted September 4, 2017 what settings do my media library forlders need to be set to for permissions? I am making a script I can run whenever I add stuff to make sure everything is correct #!/bin/bash echo -e "\033[32m#####################################" echo "## Fixing MediaLibrary Permissions ##" echo "## v1.5 ##" echo "## By Ciaran Farley ##" echo "## 98SeaTurtles.net ##" echo -e "#####################################\033[39m" sleep 0.5 echo "Deleting files added by macOS" sudo rm -rf ._* echo "Fixing Read, Write, Execute" sudo chmod -R 755 * echo "Fixing Ownership" sudo chown -R emby:emby * echo "Giving sudo Group Permission" sudo setfacl -R -d -m g:sudo:rwx * > /dev/null sudo setfacl -R -m g:sudo:rwx * > /dev/null echo -e "\033[32mDone!\033[39m" is this correct or are there any changes I need to make? Link to comment Share on other sites More sharing options...
Luke 37061 Posted September 5, 2017 Share Posted September 5, 2017 Depends on your settings in Emby. If you're not saving metadata to media folders, and if you don't care about being able to delete from emby, then read-only will be enough. Link to comment Share on other sites More sharing options...
cTurtle98 1 Posted September 5, 2017 Author Share Posted September 5, 2017 (edited) Depends on your settings in Emby. If you're not saving metadata to media folders, and if you don't care about being able to delete from emby, then read-only will be enough. what do I change in the script to make it not read only? do I make it 775 instead of 755 ? Edited September 5, 2017 by cTurtle98 Link to comment Share on other sites More sharing options...
dcrdev 251 Posted September 5, 2017 Share Posted September 5, 2017 (edited) Those aren't very good habits to be getting into - you shouldn't add other users to a users primary group. Nor should you be making ordinary files executable, only directories should be executable - unless the file is actually meant to be executed. Add a new group, for this example lets call it movies: groupadd movies usermod -aG movies <myusername> Change ownership of the directory: chown -R <myusername>:movies /storage/Movies Change permissions on files - note the capital "X" here, this means directories only. This will give you 664 permissions on files and 775 on directories i.e. read/write for user and group, read only for everyone else. Directories need that extra executable bit, for you to list their contents. Start by removing any executable bits: chmod -R a-x /storage/Movies Set permissions for group, user and other: chmod -R u+rwX /storage/Movies chmod -R g+rwX /storage/Movies chmod -R o+r-X /storage/Movies Set the gid bit accross directories - this ensures that any new files created under /storage/Movies are owned by the group movies. chmod -R g+s /storage/Movies Using acls set the default permissions on new files created under /storage/Movies - again note the use of capital "X". Start by removing any acls previously set: setfacl -R -bn /storage/Movies setfacl -R -d -m u::rwX /storage/Movies setfacl -R -d -m g::rwX /storage/Movies setfacl -R -d -m o::r-X /storage/Movies Add the emby user to the group movies and restart emby, to make those permissions effective: usermod -aG movies emby systemctl restart emby-server Something like this (not tested): #!/bin/bash # -------------------------------------------------- # Usage: script.sh <username> <group> <path> # -------------------------------------------------- # You'll want to make sure that # a) The group exists - if it doesn't the # script will exit. # You and whomever needs access is part of # the group i.e. emby. This can be done via # $sudo usermod -aG group user. # c) The path exists - if it doesn't the script # will exit. # d) You are running this script as root - if # you are not the script will attempt to elevate # itself using sudo; root is required for setting # ownership. # -------------------------------------------------- declare -r USERNAME="$1" declare -r GROUP="$2" declare -r MEDIA_DIRECTORY="$3" declare -r REMOVE_HIDDEN_OS_FILES=true function tests { local thisScript=`basename "$0"` # Check for arguments if [ -z "$USERNAME" ] || [ -z "$GROUP" ] || [ -z "$MEDIA_DIRECTORY" ]; then echo "Usage: $thisScript <username> <group> <directory>" exit 1 fi # Does the user exist? if ! id "$USERNAME" >/dev/null 2>&1; then echo "The user $USERNAME does not exist!" exit 1 fi # Does the group exist? if [ ! `getent group "$GROUP"` ]; then echo "The group $GROUP does not exist!" exit 1 fi # Does the path exist? if [ ! -d "$MEDIA_DIRECTORY" ]; then echo "The path $MEDIA_DIRECTORY does not exist!" exit 1 fi # Am I root? if [ "$(id -u)" != "0" ]; then echo "This script must be run as root!" echo "Trying sudo..." sudo sh "$0" "$USERNAME" "$GROUP" "$MEDIA_DIRECTORY" exit $? fi } function cleanup { # Cleanup any leftover acls / execute bits chmod -R a-x "$MEDIA_DIRECTORY" setfacl -R -bn "$MEDIA_DIRECTORY" # Recursively find/destroy hidden files # leftover from external operating systems if [ "$REMOVE_HIDDEN_OS_FILES" = true ] ; then find "$MEDIA_DIRECTORY" -name "._*" -type f -delete fi } function ownership { # Set ownership and set gid chown -R "$USERNAME":"$GROUP" "$MEDIA_DIRECTORY" chmod -R g+s "$MEDIA_DIRECTORY" } function permissions { # Set conservative permissions chmod -R u+rwX "$MEDIA_DIRECTORY" chmod -R g+rwX "$MEDIA_DIRECTORY" chmod -R o+rX "$MEDIA_DIRECTORY" } function acls { # Enforce default permissions via acls setfacl -R -d -m u::rwX "$MEDIA_DIRECTORY" setfacl -R -d -m g::rwX "$MEDIA_DIRECTORY" setfacl -R -d -m o::r-X "$MEDIA_DIRECTORY" } tests && \ sleep 0.5 && \ cleanup >/dev/null 2>&1 && \ sleep 0.5 && \ ownership >/dev/null 2>&1 && \ sleep 0.5 && \ permissions >/dev/null 2>&1 && \ sleep 0.5 && \ acls >/dev/null 2>&1 && \ echo "Done." Edited September 5, 2017 by dcrdev Link to comment Share on other sites More sharing options...
Luke 37061 Posted September 5, 2017 Share Posted September 5, 2017 Thanks @@dcrdev ! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now