• Home
  • Assertions
  • Poetry
  • Programming

Record and Reverie

General things I find interesting

Feed on
Posts
Comments
« Why I Cancelled Netflix
Plex Media Player Appliance Using Ubuntu »

Using ACLs to Solve Permissions Issues

Dec 21st, 2018 by Graham Booker

One of the more annoying issues that can impact novices on Linux systems is handling permissions across multiple users. One of the contexts where I see this the most is on the Plex forums where users have to deal with allowing the Plex Media Server to see their media when it runs as a different user. Years ago I solved this problem on my system with using ACLs and I’ve never had to deal with the permissions on my media since.

Enable ACLs

The common filesystems on Linux systems tend to support ACLs but they are often disabled. For many they can be turned on by adding acl to the mount options in the /etc/fstab.  Ubuntu’s documentation has better instructions than I can give here.  For those using ZFS, you can run zfs set acltype=posixacl filesystemName and it’ll enable the ACLs for you immediately (no need to re-mount the filesystem).

ACL Setup

The easiest solution is to setup the ACLs on the root directory and then use a command that copies the ACLs down the directory tree.  So first enter the root media directory and execute:

setfacl -m o:- .
setfacl -m d:o:- .
setfacl -m m:- .
setfacl -m d:m:- .
setfacl -m u:$USER:rwX .
setfacl -m d:u:$USER:rwX .
setfacl -m u:plex:rX .
setfacl -m d:u:plex:rX .

(fill in $USER with your desired username above)

The above does the following (each description corresponds to a pair of lines above):

  1. Remove the permissions for other users and their default permissions
  2. Clear out the permissions mask
  3. Add the your user with full permissions
  4. Add the plex user with read and execute permissions (execute needed to enter directories).

The default entries define the ACL entries that a new file or directory receives.  From the above, your user will automatically get full permissions to the file and the plex user will get read access.  Once the permissions for the root directory are as desired, you can copy them to all subdirectories and files (shamelessly stolen from this SO post):

find . -mindepth 1 -type d| xargs -n 50 setfacl -b --set-file=<(getfacl . | sed -e 's/x$/X/')
find . -mindepth 1 -type f| xargs -n 50 setfacl -b --set-file=<(getfacl . | grep -v '^default:' | sed -e 's/x$/X/')

The above takes all the ACL entries from the current directory, translates the lower-case x at the end to a capital X (this means only apply the execute permission to directories and executable files), and then use this result to overwrite the ACL entries on every sub-directory.  The second command is similar but it applies to files instead and removes all default entries (because files cannot have default entries as they only apply to directories).

The Result

The permissions for my media files are exactly as I desire regardless of how they are created.  I don’t have to worry about umasks, sticky bits on the group, group membership, or too permissive files.  I can have a umask of 077 where files are created without allowing any permissions to any other user, and with the ACL setup, the plex user will still be able to read the media files.  If I rsync the files over preserving permissions, the group name and permissions don’t matter; the plex user will still be able to read the media files.  Basically, everything I do, apart from modifying ACL entries, the plex user will still be able to read the media files.  This truly is a set it and forget it kind of setup.

Tags: permissions, plex

Posted in General

Comments are closed.

  • Recent Posts

    • Using ACLs to Solve Permissions Issues
    • Why I Cancelled Netflix
    • Are Apple’s Best Days Behind Us?
  • Archives

    2021
    2020
    March 2020 (1)
    2019
    November 2019 (1)
    2018
    June 2018 (1)July 2018 (1)December 2018 (1)
    2017
    January 2017 (2)June 2017 (1)August 2017 (1)
    2016
    June 2016 (1)August 2016 (1)
    2015
    January 2015 (1)February 2015 (1)December 2015 (1)
    2014
    June 2014 (1)July 2014 (1)August 2014 (2)
    2013
    February 2013 (2)March 2013 (1)April 2013 (1)June 2013 (1)November 2013 (1)
    2012
    April 2012 (2)May 2012 (1)June 2012 (1)November 2012 (1)
    2011
    January 2011 (1)October 2011 (1)November 2011 (1)December 2011 (1)
    2010
    February 2010 (2)April 2010 (1)June 2010 (1)July 2010 (1)August 2010 (1)September 2010 (1)October 2010 (2)December 2010 (3)
    2009
    January 2009 (1)February 2009 (1)March 2009 (2)May 2009 (1)July 2009 (3)September 2009 (1)
    2008
    January 2008 (1)February 2008 (4)March 2008 (1)April 2008 (6)May 2008 (1)June 2008 (3)August 2008 (1)September 2008 (2)October 2008 (2)December 2008 (1)
    2007
    January 2007 (1)February 2007 (4)March 2007 (5)April 2007 (4)May 2007 (1)June 2007 (6)August 2007 (3)September 2007 (3)November 2007 (3)December 2007 (4)
    2006
    January 2006 (4)February 2006 (10)March 2006 (4)April 2006 (6)May 2006 (2)June 2006 (4)July 2006 (1)August 2006 (1)September 2006 (4)October 2006 (6)November 2006 (3)December 2006 (3)
    2005
    October 2005 (6)November 2005 (13)December 2005 (1)
    2004
    February 2004 (2)March 2004 (1)April 2004 (1)May 2004 (6)June 2004 (6)July 2004 (3)August 2004 (2)September 2004 (1)November 2004 (5)
    2003
    September 2003 (1)October 2003 (3)November 2003 (1)December 2003 (1)
  • Categories

    • Breakaway (5)
    • Family (4)
    • Friends (2)
    • General (148)
    • Nature Pictures (8)
    • Politics (2)
    • Programming (41)
    • School (11)
    • SysAdmin (8)
    • Teaching (2)
  • Tags

    AC3 Ads Code Frontrow Java Objective-C Open Source Perian Perl permissions plex plugin RSS Sapphire School Servers ZFS

  • Pages

    • Assertions
      • Female Friends Who Won’t Date You
      • Not Dating Friends
    • Poetry
      • Curtis Staying Over
      • Girl Questions
      • Scaring Girls Off
      • Summer’s End
    • Programming
      • Fire Development
      • Kyocera Ringtone Converter for the Mac
      • Perian
      • Text Compression

Record and Reverie © 2021 All Rights Reserved.

WordPress Themes | Web Hosting Bluebook