Issue With Share Permissions & Plex

[wutang200]

Guys,

I've recently got my FreeNAS all up and running sweet with a few CIFS shares but have a small permissions problem to keep things secure.

I have created a volume called RAIDZ_Volume, then created a Dataset called Media.

Within here, I've created a Dataset for each of my shares. (Documentaries, Movies, Photos)

Gave each one full UNIX permissions for Other. Created 3 CIFS shares with the same labels as the Datasets pointing to each one. (Documentaries CIFS share pointing to Documentaries dataset)

I then ticked Allow Guest Access for each CIFS share in order for Plex to pick it up.

Setup Plex and made sure it can see some media. (3 areas names same as CIFS shares and Datasets)

My problem is, for my main PC which has other accounts for family members, I want to lock down their permissions so they can read and execute within these 3 Shares I've created but not be able to change anything within Windows.

PC is running Windows 7 and it's running in a workgroup called WORKGROUP.

So far any deny permissions I give my Windows users, are ignored as Other has full access.

If I uncheck Allow Guest Access for the CIFS shares, then Plex can't see my media at all.

See my dilemma?

 

[wutang200]

Anyone??

 

[thedeadzone]

I assume you're not running Plex on the freenas it self but on a windows machine.
I that case plex media server should run as a user process, if I am not mistaken.
Don't know exactly as was it connects on other operating systems.

Just use a user on freenas as owner of the datasets and give anybody else read and execute rights. Either as ownergroup or using others.

Plex doesn't need write access unless you want to delete files via Plex. It should be able to access the shares with read access.
You connect to the share as the owning user and will have write access.

 

[alexg]

If you using ACLs, here is an example of how I solved Plex permissions

http://forums.freenas.org/index.php?threads/plex-media-and-file-permissions.20152/

 

[wutang200]

Sorry I'm running Plex in a jail on the FreeNAS server, not from a Windows PC.

Hope that makes sense.

Sent from my XT1052 using Tapatalk

 

[thedeadzone]

Sorry for my misunderstanding then, then alexg already mentioned the way to fix this with ACLs.

 

[wutang200]

If you using ACLs, here is an example of how I solved Plex permissions

http://forums.freenas.org/index.php?threads/plex-media-and-file-permissions.20152/

Thanks, this is what I was looking for. The ability to run a jail as a user.

 

[wutang200]

I get an error as soon as I type the cat /etc/password command.

Any ideas what this should be?

 

[SweetAndLow]

That's because it should be /etc/passwd

 

[alexg]

Sorry about typo. Let me try to fix it.

 

[wutang200]

Sorry I'm a little confused. Do I need to run them commands from within my Plex jail?

My FreeNAS server has a shell and my Plex jail has a shell too.

 

[wutang200]

Just followed through those instructions and have completely lost access to my Plex web portal.

I lost access after typing the command below in a FreeNAS PC shell.

1. cat /etc/passwd

 

[alexg]

Why don't you paste your exact commands. Sounds like you did something wrong. You locate your jail from FreeNAS shell. You type cat command inside plex jail. You add user "plex" to FreeNas (not plex jail). setfacl only should be done if you using Windows ACLs and while in FreeNAS shell. You must be in the "media" folder that contains all your sub-folders like "Music", "Photos", "Videos". I'm not familiar with your setup, so can't comment on it.

 

[wutang200]

I'm not using Windows ACL's as I don't have active directory or a domain. I'm using Unix permissions.

Is it possible to do using Unix permissions?

Sent from my XT1052 using Tapatalk

 

[alexg]

If you don't use ACLs, your choices to manage permissions are: owner, group, or world. You want to open it to the world and make it 755 that's up to you. It is clearly not acceptable for me and hence I decided to use ACLs to manage it.

 

[wutang200]

That's fine. I just thought there might be a way of running Plex under Owner and give different permissions to Group and Other.

Owner would have full permissions so Plex would work as expected but World would be Read and Execute so nobody can delete stuff from my CIFS shares.

Anyway it doesn't matter as I can't use ACL's due to no domain or active directory.

 

[alexg]

You don't need domain or AD to use ACLs, Perhaps you should do some more reading of documentation how CIFS and Samba works

 

[wutang200]

I've already read through the documentation but will read the ACL's part again as I'm clearly confused on how this feature is meant to work and haven't understood it properly.

 

[wutang200]

Guys, it's still not working!

I can't get Windows ACL's to work properly.

Steps:
Create volume and set it to Windows ACL mode
Create 4 datasets and selected Windows ACL mode
Create 4 CIFS Shares (one for each dataset)
Made sure Inherit Permissions and Inherit ACL's is ticked for each Share
Made sure Allow Guest Access is unchecked
Restarted the CIFS service
Go to my Windows 7 PC and browse to one of the shares
Browse to one of the Shares and get to Security tab (Right click share>Properties>Security)
Select Everyone from the 3 listed
Tick the Deny box next to Write and leave everything else unchecked
Click Apply button
Error: Access denied!

What the hell am I doing wrong??? I've gone over the documentation many many times now and it's not helped me at all.

The only option I now have if this can't be fixed is to just keep everything unsecured so it's easy to access stuff! Either that or sell my box and buy an off the shelf NAS server like a Synology.

I'm very frustrated and annoyed!!

 

[wutang200]

One of the main things I want to do is to deny Write access to the Everyone group using Windows ACL's.