sparkplug188 3 Posted June 5, 2018 Share Posted June 5, 2018 (edited) I would like to specify permissions on the metadata files Emby generates. It looks like this feature was implemented in November 2016, but is currently not working or has been removed. Docker, Emby Server Version 3.4.1.0 ____________________________________________ https://github.com/MediaBrowser/Emby.Build/issues/53 https://emby.media/community/index.php?/topic/9754-docker/?p=574817 In the older docker we had a UMASK parameter that could control the file permissions of metadata files, etc that Emby would create. It looks like that's now gone and all files are being created with 644 permission making it impossible for other users to delete the files. Could we bring back UMASK or have another way to control file permissions? Edited June 5, 2018 by sparkplug188 Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted June 5, 2018 Share Posted June 5, 2018 (edited) Why can't you set the mask yourself on the parent folder of your media and let it cascade? Unless you don't want your media files to be touched too, I suppose. Edited June 5, 2018 by mastrmind11 Link to comment Share on other sites More sharing options...
sparkplug188 3 Posted June 5, 2018 Author Share Posted June 5, 2018 That sounds exactly like what I want to do! However, I don't know how to do that. I did some digging, but every source says you cannot set umask per directory. Link to comment Share on other sites More sharing options...
sparkplug188 3 Posted June 6, 2018 Author Share Posted June 6, 2018 (edited) Follow up- I did a ton of research and was able to effectively set a mask on a directory by using ACLs. All in all, It really wasn't too difficult. However, it did take about 10 hours longer than simply setting UMASK=002 in docker-compose. These are the basic steps I took: Get NFSv4 working. ACLs do not work well (or at all really) on NFSv3. In FreeNAS there is a checkbox to enable NFSv4 in the services section. Verify you are connected via NFSv4: nfsstat -m Most of the folders were showing up as unknown username and an extremely high group ID number. This will fix that, assuming your NAS's domain is set to local: edit /etc/idmapd.conf and set Domain on server and client to the "local" [General] Domain = local [Translation] Method = nsswitch change the /etc/default/nfs-common file (on both your server and client): set NEED_IDMAPD= yes Install nfs4-acl-tools sudo apt install nfs4-acl-tools Watch this video and try to pay attention to the examples: Use this reference chart: https://www.osc.edu/book/export/html/4523 Edit the ACLs one at a time in a text editor: nfs4_setfacl -e /media/folder Or edit many ACLs once you're confident you know what you're doing: find /media/folder/ -type d -exec nfs4_setfacl -s A:d:OWNER@:RWXdo,A:dg:GROUP@:RWXdo,A:d:EVERYONE@:RX,A:fi:OWNER@:RWdo,A:fig:GROUP@:RWdo,A:fi:EVERYONE@:R {} \; find /media/folder/ -type f -exec nfs4_setfacl -s A::OWNER@:RWdo,A:g:GROUP@:RWdo,A::EVERYONE@:R {} \; Edited June 7, 2018 by sparkplug188 Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted June 6, 2018 Share Posted June 6, 2018 nice work. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now