this post was submitted on 26 Mar 2024
13 points (88.2% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54716 readers
241 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

Sorry if this is the wrong place, it's a Linux question but it's come about whilst trying to build my arr-Plex stack.

So, Linux (Debian) user accounts; What is best practice for running applications as their own UID? Why should I do that? and how can I avoid file permission errors.

I see advice such as "create a new system account called radar/sonarr/Plex". So I do that, and then find all my downloads are owned by qbittorrent user and it doesn't have permission to move them into my Plex library and Plex can't view them either.

All seems overcomplicated. Why can't I just run everything all with username 'Plex'?

top 8 comments
sorted by: hot top controversial new old
[–] GravitySpoiled@lemmy.ml 12 points 8 months ago* (last edited 8 months ago)

Nowadays you run such apps as containers with docker or podman. Did you already look into that?

In my case, selinux and podman (on fedora) take care of the user settings.

[–] Chewy7324@discuss.tchncs.de 8 points 8 months ago* (last edited 8 months ago) (2 children)

Running everything under a single user is possible, but it also means an issue with a single app could wipe everything. It's better practice to add each user to a media group, and set *arr and qbittorrent to use this group and allow write permissions for users in the same group (e.g. 775 instead of 755). This means all users (plex, qbit, *arr) in the group media can access and modify files owned by media (or use the GID).

[–] cerulean_blue@lemmy.ml 3 points 8 months ago

That makes sense. Thank you so much. That is a question that has caused me issues for a long time. Now I understand it.

[–] catloaf@lemm.ee 3 points 8 months ago (1 children)

That would still let one app wipe everything.

[–] Chewy7324@discuss.tchncs.de 2 points 8 months ago

You're right, media could still be wiped. Other data owned by users would be protected (e.g. configs).

[–] Sunny@slrpnk.net 2 points 8 months ago (1 children)

This is the all-in-one guide and setup for the arr stack, it's highly advisable to follow it; https://trash-guides.info/

[–] cerulean_blue@lemmy.ml 1 points 8 months ago (1 children)

Thanks. I did check Trash guides before posting but it doesn't cover installation, much less Linux user naming and groups, unless I missed it.

[–] Sunny@slrpnk.net 1 points 8 months ago

Must admit, I had not checked for other installations other than what I needed it for, which was Unraid. However, it does cover docker - which is what is definitely most recommended for running these apps, as pointed out by other comments here.