rubenmf92 0 Posted September 21, 2019 Share Posted September 21, 2019 (edited) Hi @@mastrmind11, @@Q-Droid, I think a have a permissions problem with emby. I´m trying to see two different external hard drives, but I only manage to see one of them. The permissions and owner of the one I can properly see is: drw------- 4 root root 4096 sep 19 19:29 mnt drwxr-xr-x 3 root root 4096 jun 30 11:30 mntSubfolder1 drwxr-sr-x 4 root root 4096 sep 17 20:07 mntSubfolder2 drwxr-sr-x 4 userftp sftponly 4096 ago 25 19:50 Movies As you can see, I'm able to see the files even when emby does not belong to the group or owner. On the contrary, I´m not able to see the files insede the next path: drwxrwxrwx+ 3 user user 4096 sep 21 17:47 media drwxr-xrwx+ 3 user user 4096 sep 21 18:12 user drwxrwxrwx 1 user user 12288 jul 26 16:57 MyBook Any tips about how could I solve the problem? Edited September 21, 2019 by Luke Link to comment Share on other sites More sharing options...
Q-Droid 642 Posted September 21, 2019 Share Posted September 21, 2019 Hi, I'm trying to picture your directory structure. What is the full path to the media, starting from the / dir? Is it /mnt/mntSubfolder1/mntSubfolder2/Movies? Please share the full path to the directories with media, both with and without access. Your second set (without access) appears to have an ACL defined for the dirs which could be denying privs not visible with ls -l. What OS and platform are you using? Link to comment Share on other sites More sharing options...
rubenmf92 0 Posted September 21, 2019 Author Share Posted September 21, 2019 Hi, I'm trying to picture your directory structure. What is the full path to the media, starting from the / dir? Is it /mnt/mntSubfolder1/mntSubfolder2/Movies? Please share the full path to the directories with media, both with and without access. Your second set (without access) appears to have an ACL defined for the dirs which could be denying privs not visible with ls -l. What OS and platform are you using? Hi! I'm using ubuntu 18.04. The full paths are: -/media/user/MyBook (For the path that is not working) -/mnt/mntSubforlder1/mntSubfolder2/Movies (the path that is working) If its this ACL problem, how could I solve it? Link to comment Share on other sites More sharing options...
Q-Droid 642 Posted September 22, 2019 Share Posted September 22, 2019 That's a strange one. Under most circumstances I would tell you that /mnt/mntSubforlder1/mntSubfolder2/Movies should not be working at all and that /media/user/MyBook should have no problem working. Are you sure you have them right? getfacl /media and getfacl /media/user will show the ACLs on those two. Link to comment Share on other sites More sharing options...
rubenmf92 0 Posted September 22, 2019 Author Share Posted September 22, 2019 That's a strange one. Under most circumstances I would tell you that /mnt/mntSubforlder1/mntSubfolder2/Movies should not be working at all and that /media/user/MyBook should have no problem working. Are you sure you have them right? getfacl /media and getfacl /media/user will show the ACLs on those two. The outputs are, respectively: # file: media # owner: user # group: user user::rwx user:root:r-x group::rwx mask::rwx other::rwx And # file: media/user # owner: user # group: user user::rwx user:root:r-x user:user:r-x group::--- mask::r-x other::rwx Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted September 22, 2019 Share Posted September 22, 2019 Now might be the perfect time to get your permission scheme set correctly, they're a tangled mess as they are. in any case, are you able to cd and ls in the one emby is unable to access? what happens if you try as emby user? Link to comment Share on other sites More sharing options...
rubenmf92 0 Posted September 22, 2019 Author Share Posted September 22, 2019 Yes, I might have a bit of a mess regarding permissions. The path /mnt/mntSubforlder1/mntSubfolder2/Movies belongs to root, because. it is a part of a sftp jail. This path I can properly see it and acces with emby server (even reproduce the content) after modify the group that belongs the emby user (now it is set as emby:x:0:1000:Emby Server:/var/lib/emby:/usr/bin/nologin, where 0 is root and 1000 is the user "user"). But on the contrary I cannot acces the path /media/user/MyBook, that belongs to "user". What should be the proper permissions (and user owner) for this path (since it is a mounted external hard drive)? Link to comment Share on other sites More sharing options...
Q-Droid 642 Posted September 22, 2019 Share Posted September 22, 2019 Time to stop and step back. What you've done is effectively make emby the root user by giving it a uid of 0. I agree with Mastermind. You have the chance to fix the privs AND emby id's now before things get worse. Link to comment Share on other sites More sharing options...
Q-Droid 642 Posted September 22, 2019 Share Posted September 22, 2019 Let's start with fixing the emby user, hopefully the original uid and gid are in the home dir. Shutdown the emby server. Let's see what the original gid and uid were. ls -n ~emby usermod -u <orig uid> -g <orig gid> -G video,users emby <- if you want to keep users group There's a chance that files were created under /var/lib/emby with the bad uid and those need to fixed. chown -R emby:emby /var/lib/emby <- this is assuming the emby group was the original default. if it wasn't then change to the correct one. Reboot Link to comment Share on other sites More sharing options...
rubenmf92 0 Posted September 22, 2019 Author Share Posted September 22, 2019 Let's start with fixing the emby user, hopefully the original uid and gid are in the home dir. Shutdown the emby server. Let's see what the original gid and uid were. ls -n ~emby usermod -u <orig uid> -g <orig gid> -G video,users emby <- if you want to keep users group There's a chance that files were created under /var/lib/emby with the bad uid and those need to fixed. chown -R emby:emby /var/lib/emby <- this is assuming the emby group was the original default. if it wasn't then change to the correct one. Reboot The output for ls -n ~emby is: total 156 drwxr-xr-x 12 0 0 4096 sep 22 09:31 cache drwxr-xr-x 4 0 0 4096 sep 21 16:58 config drwxr-xr-x 5 0 0 4096 sep 21 17:15 data drwxr-xr-x 2 0 0 131072 sep 22 12:40 logs drwxr-xr-x 4 0 0 4096 sep 22 08:46 metadata drwxr-xr-x 2 0 0 4096 sep 21 16:58 plugins drwxr-xr-x 3 0 0 4096 sep 21 16:58 root drwxr-xr-x 2 0 0 4096 sep 22 09:33 transcoding-temp Does it mean it belongs to root user? And I dont know why if, I have given the emby user "root access" I still cannot see inside the path "/media/user/MyBook" Link to comment Share on other sites More sharing options...
Q-Droid 642 Posted September 22, 2019 Share Posted September 22, 2019 (edited) Yeah, it looks like the emby directories are owned by uid:gid 0, root. I would focus on fixing the emby uid:gid problem first, then worry about access later. Fixing the emby user would prevent other access and upgrade related problems in the future. Even root needs the right permissions for access. Is this a new emby install? If so it might be better to start over clean by uninstalling the emby server and removing the emby user from the OS. It's important to remove the emby user and home directory to keep the current account and config from being reused. If you don't want to reinstall then you'd have to find out what the original uid was for emby and fix it using my previous post. Edited September 22, 2019 by Q-Droid Link to comment Share on other sites More sharing options...
rubenmf92 0 Posted September 22, 2019 Author Share Posted September 22, 2019 Yeah, it looks like the emby directories are owned by uid:gid 0, root. I would focus on fixing the emby uid:gid problem first, then worry about access later. Fixing the emby user would prevent other access and upgrade related problems in the future. Even root needs the right permissions for access. Is this a new emby install? If so it might be better to start over clean by uninstalling the emby server and removing the emby user from the OS. It's important to remove the emby user and home directory to keep the current account and config from being reused. If you don't want to reinstall then you'd have to find out what the original uid was for emby and fix it using my previous post. I have unintalled, purged (and deleted emby user before reinstalling) and now installed again emby server. The ls-n command now looks like: total 24 drwxr-xr-x 5 999 999 4096 sep 22 15:43 cache drwxr-xr-x 4 999 999 4096 sep 22 15:43 config drwxr-xr-x 4 999 999 4096 sep 22 15:43 data drwxr-xr-x 2 999 999 4096 sep 22 15:43 logs drwxr-xr-x 2 999 999 4096 sep 22 15:43 plugins drwxr-xr-x 3 999 999 4096 sep 22 15:43 root Now I´m not able to see anything inside /media or /mnt. /media is owned by "user", and /mnt by "root" (because I have a sftp jail) Link to comment Share on other sites More sharing options...
Q-Droid 642 Posted September 22, 2019 Share Posted September 22, 2019 (edited) Ok. So if you run 'id emby' you should get something like the below, right? uid=999(emby) gid=999(emby) groups=999(emby) And 'ls -l ~emby' should list 'emby emby' ownership for those files. Now you can add other groups to emby. CORRECTION: Is the group 'user' or 'users'? Use the correct one in the command below. usermod -aG video,user emby Restart again and see if access has changed. Edited September 22, 2019 by Q-Droid Link to comment Share on other sites More sharing options...
rubenmf92 0 Posted September 22, 2019 Author Share Posted September 22, 2019 Ok. So if you run 'id emby' you should get something like the below, right? uid=999(emby) gid=999(emby) groups=999(emby) And 'ls -l ~emby' should list 'emby emby' ownership for those files. Now you can add other groups to emby. CORRECTION: Is the group 'user' or 'users'? Use the correct one in the command below. usermod -aG video,user emby Restart again and see if access has changed. If I do "id emby" I get: uid=999(emby) gid=999(emby) grupos=999(emby),44(video),1000(user) After doing usermod -aG video,user emby Now emby does not initialize automatically, and I'm strill not able to see the contests of the paths. Link to comment Share on other sites More sharing options...
Q-Droid 642 Posted September 22, 2019 Share Posted September 22, 2019 You have some odd things going on. I'm not sure how to get around the sftp lockdown which is intended to keep users locked in to that path. If you add the sftponly group to emby it could allow access to /mnt but prevent access elsewhere. It would have to be tested because I don't know. Adding the supplementary groups to emby should not have affected the startup. Try this: su emby -c "ls -l /media/user/MyBook" -s /bin/bash Also try: su - emby -s /bin/bash And try to cd to the media locations. Link to comment Share on other sites More sharing options...
rubenmf92 0 Posted September 22, 2019 Author Share Posted September 22, 2019 You have some odd things going on. I'm not sure how to get around the sftp lockdown which is intended to keep users locked in to that path. If you add the sftponly group to emby it could allow access to /mnt but prevent access elsewhere. It would have to be tested because I don't know. Adding the supplementary groups to emby should not have affected the startup. Try this: su emby -c "ls -l /media/user/MyBook" -s /bin/bash Also try: su - emby -s /bin/bash And try to cd to the media locations. The commands ask me for a pasword for emby, which I think i don't have Link to comment Share on other sites More sharing options...
Q-Droid 642 Posted September 22, 2019 Share Posted September 22, 2019 The commands ask me for a pasword for emby, which I think i don't have You're meant to run the 'su' commands as user root. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now