Advice with user UID's, groups, & dataset permissions

[jonohunt]

I'm new to TrueNAS, trying to set things up, and have a question about users, groups, permissions, etc.

My own user account/group is called 'jono' and the UID is 1000. I set up a dataset within the ZFS pool called Storage and set 'jono' as the User and Group. I share this via SMB.

Looking at tutorials on YouTube I saw that jails need a user with the UID of 983. So I created a new user with 983 as the UID, created a new dataset, and set the new user and new user's group as the owners. That works fine, but I want to use Syncthing, Plex etc. on my original dataset (Storage).

I was thinking of creating a new group, adding my own user account (jono), and the new user (UID 983) to it in the hope I'll be able to continue using my own user account, sharing via SMB, and syncing to the dataset via Syncthing, Plex being to access movies from that dataset, etc.

Is that the correct way to do it, or is there something else I should do?

 

[sretalla]

I saw that jails need a user with the UID of 983

That may be the default for some plugins, but it's absolutely not fixed and you can make an account with whatever name and ID you want (and replace the user in the rc.d file in the jail to have the application use it)

Your approach of adding users to groups seems OK in principle, but I think relying on the plugin/Jail's choice of username and ID is generally messy.

 

[jonohunt]

Your approach of adding users to groups seems OK in principle, but I think relying on the plugin/Jail's choice of username and ID is generally messy.

Thanks for the info.

Do you know of a resource that states best practices when sharing data on a dataset with apps (Syncthing, Plex, etc.), and a 'regular user' so that there aren't permissions problems?

 

[sretalla]

Most of your apps want/need access to the same data, but the Plex app will have a user called plex, Emby will have emby, etc... that's a mess.

I create an account on my host with a known username and UID and then make that same account in all the jails and force the apps to use it.

Then you give that user (and a group that contains whatever users you want) access from the host.

Note: ideally you would also connect with that "app" user account to drop new files for use in those apps to keep file ownership as simple as possible... otherwise, become very comfortable with using chown and/or chmod.

I don't generally drop new files over SMB, so I'm in no way taking into account the get/setfacl commands and/or the ACL editor in regards to SMB in what I wrote above.

 

[jonohunt]

That's really helpful, thanks!