File Permissions Guide for New Linux Users

[pclausen 44]

It occurred to me maybe the fact that I log into the Windows server running Emby as administrator.  I tried logging in as peter and then starting Emby, but Emby is still not able to actually see the library that I remapped.   Back when I originally installed Emby, I did it as administrator, could that have something to to with it?

Perhaps the answer is the setup an Emby user on the TrueNAS side, but I would have no idea what password to use as I don't think it would have anything to do with the username/password I use to log into Emby as a user to view content.

This is very frustrating...

[pclausen 44]

Got it sort of working by creating the user "peter" on the windows server running Emby, which is turns started Emby under that same user.  Was able to import my library, but since Emby was originally installed as administrator, a lot of the Emby config files were not accessible to Emby running as a different user, so anything attempting to write to the library doesn't work.

Bit the bullet and installed the Emby plugin on TrueNAS and will be moving to that as time allows, but at least I'm able to watch my library again.

[Carlo 4560]

Hi,

What username were you using to login on windows as admin that Emby was installed using?

What happen if you setup that username in TrueNAS (with proper permissions to allow full access)?

[pclausen 44]

That username is administrator.  I actually tried that and weird things happened on my windows box with the share.  Maybe that's a reserved username or something.

Any any rate, I got the Emby app on TrueNAS to be able to see my media share.  What threw me off at first is that the "browse for media location" didn't work, but typing in the path manually did.

Currently scanning my TV Shows folder, which is taking a LONG time (370 shows, some with 20+ seasons).   Server is barely breaking a sweat, but I'm guessing Emby going out and fetching all the metadata is what's taken so long:

[tirdg 0]

Is there not just a document somewhere that says what user needs to own media directories and what permissions need to be set on which files? Putting this information in a 5-page forum discussion is maddening.

There is a document at https://emby.media/support/articles/Linux.html that talks about how incredibly important it is to get this set up correctly or "your experience maybe be sub-par" but it offers exactly zero information on what permissions need to be set for which files. It also references the server configuration file at /etc/emby-server.conf, but where is this config file documented? It says to read the comments contained in the file, but my file has no comments (I'm assuming the comments weren't there back when I installed the server originally, and I guess it doesn't get updated when you upgrade the server (I'm currently running that latest: 4.8.10.0).

I'm using sshfs as my typical way of adding media to my remote filesystem which doesn't honor default umask settings without a lot of tweaking. I would prefer not to do all that tweaking since the easiest solution would be to just have the server run under my username and then it would have r+w permissions of all the directories, but I can't even get that to work.

Here's the contents of my server configuration file (/etc/emby-server.conf):

# Path to your emby library (default: /var/lib/emby)
EMBY_DATA=

I searched around and found the default file at https://github.com/MediaBrowser/Emby.Build/blob/master/builders/emby-server/debfiles/emby-server.default but adding EMBY_USER="dave" hasn't actually caused the process to run under my username.

My current conf file looks like this after adding the relevant bits for the emby user:

# Path to your emby library (default: /var/lib/emby)
EMBY_DATA=

EMBY_USER="dave"
UMASK="002"

Once this was done, I rebooted but still, the emby server is running under the emby user. See the following:

dave@WHISTOR-SERVER:/etc$ ps -u emby
  PID TTY          TIME CMD
 1504 ?        00:00:07 EmbyServer
dave@WHISTOR-SERVER:/etc$ ps -u dave
  PID TTY          TIME CMD
 1742 ?        00:00:00 systemd
 1745 ?        00:00:00 (sd-pam)
 1891 ?        00:00:00 sshd
 1892 pts/0    00:00:00 bash
 1994 pts/0    00:00:00 ps

I can configure things pretty easily on a Linux machine, but I can't guess how it's supposed to be configured. I need something that actually documents how it works so that I can make the right changes. I'm sure there is some easy solution to this like I need to change some other piece of config information, but it seems like the only way to find things out is to ask instead of having comprehensive documentation.

So I'm asking: How do I get my emby server to run under my username (dave)?

 

Thanks,

dave

[Q-Droid 989]

You didn't post which distro you're using so I can only assume it's one from the download list. The link below is one way and you'll also have to make sure the ownership and permissions are correct for all relevant files before you start the server.

 

[tirdg 0]

I use Debian.

Is this the official way of doing this? Because it seems like the official way of doing it is to modify the config file, not the service file. I'm concerned that modifying service files will just leave it broken the next time the server gets updated. I was looking (hopefully) for a way to get the system functioning as it is intended to work. Hard-coding my username in a service file goes against convention as these things should inherit config info from a user-modifiable config file, leaving the service file available to upgrade.

[Q-Droid 989]

The service unit files should not be modified directly and why the edit command is preferred. The edit creates an override configuration that's preserved across updates. The option to enable and use the @[user] service does almost the same. If you want to add more options like runtime group or umask then an override would be the way to go for either service.

That link you found with the emby-server.conf example is for SysVinit startup and pretty old at that. EMBY_DATA appears to be the only variable examined now and systemd service unit config handles the rest.

 

[tirdg 0]

I appreciate the help. I should be able to take it from here. Thanks!

[tedfroop21 86]

For file permissions/ownership on my server I finally set up a simple way of checking and setting them daily.

I created a shell script named chown.sh that looks like:

chown -R user:group /mnt/emby

chmod 755 -R /mnt/emby

I put the script into a file called checkmount in the /mnt directory and gave root sole ownership and permissions for the script and directory.  I also made a copy of the script with sudo in front of both statements and put it in my home directory (with permissions for my user) so I can run it anytime manually.

Then added this to the crontab file:

00 7	* * *   root    /mnt/checkmount/chown.sh

So at 7 am every day the permissions and ownership is set for all my media files so files backup a little later in the day.

I did it because I have some working memory problems where I can tell myself "check and set permissions" and not do it 10 seconds later. 

 

The reason for the checkmount name was I set up backup scripts as well that look like:

df | grep -q /media/Nas3
if [ $? = 0 ]; then
        rsync -r -t --ignore-existing -s /mnt/emby /media/Nas3/Backup
else
        echo $ERR_MSG >> $LOG
fi

Then call the scripts from crontab to run backup.  It avoids some issues with file permissions with the abbreviated linux in the ALT-F OS on my ancient Nas devices and prevents backing up to the mount point if the drive is not mounted.  The Nas's are old and slow but since backups after the original backup are incremental - it works.

The only thing I would like and haven't figured out is how to get rsync to log.  System log or Cron log only shows it started the script.  Any suggestions would be appreciated.

[Lessaj 467]

39 minutes ago, tedfroop21 said:

The only thing I would like and haven't figured out is how to get rsync to log.  System log or Cron log only shows it started the script.  Any suggestions would be appreciated.

rsync stuff here | tee -a /path/to/rsync/log

Also I think running permission changes on all the files may trigger RTM to check them, even if the permissions don't actually change, not sure I'd recommend that approach here.

[Neminem 1518]

I think that would be like a touch and trigger it.

[Q-Droid 989]

Neither chmod or chown alter the mod time attribute of files or directories. It shouldn't trigger RTM. 

[Lessaj 467]

3 minutes ago, Q-Droid said:

Neither chmod or chown alter the mod time attribute of files or directories. It shouldn't trigger RTM. 

I had just found a bug with my ingestion script which did not correctly set the permissions for the first file of a season, I was too lazy to figure out which ones and issued a chown on the whole folder and RTM went nuts for each file so it does in my experience.

[Q-Droid 989]

Interesting. In that case the RTM is not strictly looking for file and directory changes but also capturing events like attribute and status changes. Attribute changes don't update the mtime of a file or dir since the contents haven't changed. 

 

[tedfroop21 86]

4 hours ago, Q-Droid said:

Neither chmod or chown alter the mod time attribute of files or directories. It shouldn't trigger RTM. 

Yup.....  While I was working out how to fix user issues with backing up to my nas (Alt-F truncates the uid/gid in users you create, so I had to "get under the hood' and not brick the box to get matching users) I was setting owner and perns, backing up, and changing it back.  Not elegant but it worked...

 

Once I had that sorted, I just left the script there so everyday - without touching the box, all the permissions and ownership was set and I never have the single most common linux problem we see posted here. "The file is there but emby won't play it".

That and learning to automate simple repetitive tasks - can make linux almost "install the updates and reboot once in a while"' simple, which is what people want for the most part......

 

Edited February 21, 2025 by tedfroop21

[0bac0n 0]

Im trying to change the cache path and temporary transcoding path to my external hard drive. I am use the directory /mnt/mydrive/transcoding-tmp

Emby says it does not have write privelages to the tmp directory.

emby:emby is the owner of the directory. The external drive is mounted in the fstab with uuid.

I have tried

setfacl -m user:emby:rxw /mnt/mydrive/transcoding-tmp

 

[Luke 42077]

1 hour ago, 0bac0n said:

Im trying to change the cache path and temporary transcoding path to my external hard drive. I am use the directory /mnt/mydrive/transcoding-tmp

Emby says it does not have write privelages to the tmp directory.

emby:emby is the owner of the directory. The external drive is mounted in the fstab with uuid.

I have tried

setfacl -m user:emby:rxw /mnt/mydrive/transcoding-tmp

 

HI, did you take a look at the suggestions in the first post of this topic?

[0bac0n 0]

I did, what am I not understanding?

[0bac0n 0]

21 hours ago, 0bac0n said:

I did, what am I not understanding?

I think that it may have something to do with my fstab options. Ill try a different forum, maybe someone out there can help me out

[Luke 42077]

3 hours ago, 0bac0n said:

I think that it may have something to do with my fstab options. Ill try a different forum, maybe someone out there can help me out

Hi, please let us know what you find. Thanks !

[azeos 8]

Hi,

I installed Emby server on a Raspberry Pi 5 using:

dpkg -i emby-server-deb_4.8.11.0_arm64.deb

Also I'm running OMV 7. I can play the media files with no problem, but I'm not being able to setup "Backup & Restore". I want the backup to be in my home folder (which is in my SD card, don't know if that's a good place):

/home/matias/emby

I created the folder and changed the path of "Backup & Restore" but it doesn't work.

Quote

2025-03-25 15:06:36.327 Error Backup & Restore: Error getting directory contents

*** Error Report ***

Version: 4.8.11.0

Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffdetect /opt/emby-server/bin/ffdetect -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_arm64.deb

Operating system: Linux version 6.6.74+rpt-rpi-2712 (serge@raspberrypi.com) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT Deb

Framework: .NET 6.0.36

OS/Process: arm64/arm64

Runtime: opt/emby-server/system/System.Private.CoreLib.dll

Processor count: 4

Data path: /var/lib/emby

Application path: /opt/emby-server/system

System.UnauthorizedAccessException: System.UnauthorizedAccessException: Access to the path '/home/matias/emby' is denied.

---> System.IO.IOException: Permission denied

--- End of inner exception stack trace ---

at System.IO.Enumeration.FileSystemEnumerator`1.CreateDirectoryHandle(String path, Boolean ignoreNotFound)

at System.IO.Enumeration.FileSystemEnumerator`1.Init()

at System.IO.Enumeration.FileSystemEnumerable`1..ctor(String directory, FindTransform transform, EnumerationOptions options, Boolean isNormalized)

at System.IO.Enumeration.FileSystemEnumerableFactory.FileSystemInfos(String directory, String expression, EnumerationOptions options, Boolean isNormalized)

at System.IO.DirectoryInfo.InternalEnumerateInfos(String path, String searchPattern, SearchTarget searchTarget, EnumerationOptions options)

at System.IO.DirectoryInfo.EnumerateFileSystemInfos()

at Emby.Server.Implementations.IO.ManagedFileSystem.EnumerateDirectories(DirectoryInfo dir, Boolean recursive)

at Emby.Server.Implementations.IO.ManagedFileSystem.GetDirectories(String path, Boolean recursive)

at MBBackup.ServerEntryPoint.GetAllBackups(PluginConfiguration configuration)

Source: System.Private.CoreLib

TargetSite: IntPtr CreateDirectoryHandle(System.String, Boolean)

InnerException: System.IO.IOException: Permission denied

Source:

TargetSite:

This is the output of "ls -l"

drwxrwxrwx 2 emby   emby    4096 Mar 25 14:07 emby

What can I try?

Thanks!

[TMCsw 246]

@azeos

What do you get with the following command?:

namei -mo /home/matias/emby

emby needs to have al least rx for access to each directory along the path and rwx to write to emby.

Most distros restrict access by default to /home

[azeos 8]

22 minutes ago, TMCsw said:

@azeos

What do you get with the following command?:

namei -mo /home/matias/emby

emby needs to have al least rx for access to each directory along the path and rwx to write to emby.

Most distros restrict access by default to /home

Thanks for the response:

matias@omv:~ $ namei -mo /home/matias/emby
f: /home/matias/emby
 drwxr-xr-x root   root  /
 drwxr-xr-x root   root  home
 drwx------ matias users matias
 drwxrwxrwx emby   emby  emby

 

[TMCsw 246]

9 minutes ago, azeos said:

drwx------ matias users matias

This means only 'matias' can see anything or change into (cd) this directory!

if you really want to let emby save to anything under this you will need to open up the permissions to all user to the 'matias' dir:

sudo chmod 755 /home/matias

or make emby part of users group then allow the 'users' group access:

sudo adduser emby matias
sudo chmod 750 /home/matias