Plex Media Permissions for Linux Noobies

plex_media_permissions_4_noobies.md

Plex Media Permissions for Linux Noobies

There is no problem with being a noobie and I do not use the term to sligtht or disparage anyone.

This is a way to setup your permissions for running Plex in Linux. Different folks may use different methods.

The permissions concepts provided here apply to OSX, but the users and groups are controlled and modified differently, so much of this will not work properly. I think the command is dscl, but that could be out of date.

There are many ways to setup your permissions scheme in Linux, this methodology describes a way to do it, not everyone will like it, but it works for me, so whatever.

This is meant to be a super quick guide, please do some research on your own to help you with these terms, you're also welcome to reply with fix requests and/or suggestions.

DON'T!

• Set your user and group for your media files to root.
• Set your permissions to 777.

Permissions and Ownership Commands

1. chmod - change file modes or Access Control Lists
2. chown - change file owner and group
3. chgrp - change group ownership

If you want more information on these or most commands in Linux, use man:

man chmod
man chown
man chgrp

Permissions & Access Control Brief

This is a super simplified description of Linux user and permission sets, I implore you to read up on this subject yourself.

After installing Plex, it will create a plex user and a plex group for itself. This user and group will need to have at least read access to your media files for them to show up in your library, you can give it write access if you want to be able to delete stuff from the GUI.

There are several types of access controls we're going to be using with Plex.

User

Basically a user is either a login account or a system account. User accounts can login to the computer, system accounts do stuff on the computer but generally can't login.

To view your user do:

whoami

To view all users do:

cat /etc/passwd

Group

Basically a group is a set of one or more users, groups can allow multiple users to have permissions to a file or directory.

To view your groups do:

groups

To view all groups do:

cat /etc/group

World / Everyone / Other

The world or everyone may have certain permissions to certain files, you rarely should give this level write permissions to anything.

Permissions

Permissions are the levels of access users, groups, or world has, they are broken up into three sets:

• r - Read - The ability to read a file or a directory.
• w - Write - The ability to create or delete a file in a directory or write to a file.
• x - eXecute - The ability to execute a command in a file or directory.

You can see the permissions of something by doing:

ls -la

Here's an example from my server with the description of what the stuff is.

drwxr-xr-x    2 plex plex 20480 Sep 20 12:53 A
^^            ^ ^    ^    ^     ^            ^
||            | |    |    |     |            |
||            | |    |    |     |            +-> name of the path or file
||            | |    |    |     +--------------> modification date
||            | |    |    +--------------------> file size or size of the contents
||            | |    +-------------------------> owners group
||            | +------------------------------> owners name
||            +--------------------------------> number of links
|+---------------------------------------------> permissions of the path or file
+----------------------------------------------> directory / file / link / other

The permissions are setup in 3 groups:

rwxr-xr-x
^  ^  ^
|  |  |
|  |  +-> World Permissions - Read / eXecute
|  +----> Group Permissions - Read / eXecute
+-------> Owner Permissions - Read / Write / eXecute

So in the example above, we can tell the user is plex, the group is plex, and the permissions are rwxr-xr-x. This means:

• User plex can read, write, or execute stuff in the directory.
• Group plex can read or execute stuff in the directory.
• World can read or execute stuff in the directory.

Permissions can be set with 3 sets of numbers 0-7.

The sets define the user / group / world:

• First digit is for owner
• Second digit is for group
• Third digit is for world or everyone

The number defines the type of permission:

Num	Permission	Description
0	---	No permissions
1	--x	Executable Only
2	-w-	Write Only
3	-wx	Write & Execute
4	r--	Read Only
5	r-x	Read & Execute
6	rw-	Read & Write
7	rwx	Read & Write & Execute

Permissions can also be set with letters.

Pick what you want to give permissions to:

• u - user
• g - group
• o - other/world/everyone

Add or remove the permission:

• - - remove
• + - add

Add with what kind of permission:

• r - read
• w - write
• x - execute

Combine them:

chmod u+x filename
chmod g+x filename
chmod o+x filename

Plex Media Permissions

I keep all of my plex media in a path on my server, the path is a mount of a hardware RAID5. I don't recommend any particular file system or RAID setup, I do recommend using what you want to learn; for example my new system uses various drives in using btrfs.

My drives are mounted to the /dvr/mediastore path, mounting is outside of the scope of this document, you can search for How to mount a device in Linux? for more information.

I'll be referring to my personal directory structure from here on out, you will need to substitute your structure to get this stuff to work correctly.

In my setup I have Music, Movies, TV Shows as such:

/dvr/mediastore/Music
/dvr/mediastore/Movies
/dvr/mediastore/TV

The permission sets are:

• /dvr - Owner: root, Group: root, Permissions: 755
• /dvr/mediastore - Owner: plex, Group: plex, Permissions: 775

Everything in mediastore is owned by plex and has the group plex, all the files are set to xxx

Directory Structure

In movies I have a set of folders, my TV and Music are setup similarly.

/dvr/mediastore/Movies/#
/dvr/mediastore/Movies/A
/dvr/mediastore/Movies/B
/dvr/mediastore/Movies/C
### you can figure it out ###
/dvr/mediastore/Movies/X
/dvr/mediastore/Movies/Y
/dvr/mediastore/Movies/Z

In each folder I keep movies which have titles starting with the listed character, with the exception of movies which start with The which I use the first letter of the second word, thus The Matrix (1999) is stored in M. Movies which start with numbers are all stored in # as they are uncommon.

Set Up

Let's setup from scratch.

• Download and Install Plex - https://www.plex.tv/media-server-downloads/

• Add your user to the plex group, I'm guesssing your name is probably not pjobson.

    sudo usermod -a -G plex pjobson
  

• Setup your drives and mount them if they're not.

• Create some directories.

    sudo mkdir -p /dvr/mediastore/Movies/#
    sudo mkdir -p /dvr/mediastore/Movies/A
    sudo mkdir -p /dvr/mediastore/Movies/B
    sudo mkdir -p /dvr/mediastore/Movies/C
    sudo mkdir -p /dvr/mediastore/Movies/D
    sudo mkdir -p /dvr/mediastore/Movies/E
    # ...etc...
    # same convention for for TV & Music
  

• Setup the OWNERSHIP of the paths.

    sudo chown -R plex.plex /dvr/mediastore/Movies
    sudo chown -R plex.plex /dvr/mediastore/TV
    sudo chown -R plex.plex /dvr/mediastore/Music
  

• Setup the permissions of the paths.

    sudo find /dvr/mediastore/Movies -type d -exec chmod 775 {} \;
    sudo find /dvr/mediastore/TV -type d -exec chmod 775 {} \;
    sudo find /dvr/mediastore/Music -type d -exec chmod 775 {} \;
  

• Go to the plex webgui http://localhost:32400 and/or http://127.0.0.1:32400.

• Setup your Plex and tell it where the libraries are.

• ???

• PROFIT!

Seriously that is it. With this setup you can add media with either your plex user or your personal user account.

Maintence

When copying files and directories around be sure to keep your permissions up to date.

Directories should be 775 or rwxrwxrx- and files should be 664 or rw-rw-r--.

I have my process automated, but what it would look like if it were manual would be:

Copy the movie recursively to the correct path:

cp -r "Movie I Totally Own (1999)" /dvr/mediastore/Movies/M/

Change the permissions of the directory of the movie to rwxrwxrw-

chmod 775 "/dvr/mediastore/Movies/M/Movie I Totally Own (1999)"

Change the permissions of the files in the movie's path to rw-rw-r--

chmod 664 "/dvr/mediastore/Movies/M/Movie I Totally Own (1999)/*"

Change the ownership of the movie and all contents using recursively to plex and the group to plex.

sudo chown -R plex.plex "/dvr/mediastore/Movies/M/Movie I Totally Own (1999)"

I automate this process by creating a cron job which runs every fifteen minutes and checks the permissions and modifies them as needed.

Cron Script

You can save the script below as plexown.sh or whatever you want, then add a cronjob for root to run it automatically every 10 minutes or so. You'll also want to chmod the script to executable. I save my scripts in /home/pjobson/bin, so that's what I'm using in this example. You can of course put yours wherever you like.

chmod 755 plexown.sh
sudo crontab -e

Select nano or whatever editor you like, then add this where */10 means run every 10 minutes:

*/10 * * * * /home/pjobson/bin/plexown.sh >/dev/null 2>&1

To break it down:

*/10 * * * * /home/pjobson/bin/plexown.sh >/dev/null 2>&1
 ^   ^ ^ ^ ^ ^                            ^
 |   | | | | |                            |
 |   | | | | |                            +-> Send output to /dev/null
 |   | | | | +------> Path to your script, you'll want to change this. 
 |   | | | +--------> Run on every day of the week
 |   | | +----------> Run on every month of the year
 |   | +------------> RUn on every day of the month
 |   +--------------> Run on every hour of the day
 +------------------> Run every 10 minutes

Script

#!/bin/bash

# chmod files
find /dvr/media/Movies           -type f \! -perm 664 -exec chmod 664 {} \; -print
find /dvr/media/TV               -type f \! -perm 664 -exec chmod 664 {} \; -print
find /dvr/media/Music            -type f \! -perm 664 -exec chmod 664 {} \; -print

# chmod directories
find /dvr/media/Movies           -type d \! -perm 775 -exec chmod 775 {} \; -print
find /dvr/media/TV               -type d \! -perm 775 -exec chmod 775 {} \; -print
find /dvr/media/Music            -type d \! -perm 775 -exec chmod 775 {} \; -print

# chown everything
find /dvr/media/Movies           \! -user plex -exec chown plex.plex {} \; -print
find /dvr/media/TV               \! -user plex -exec chown plex.plex {} \; -print
find /dvr/media/Music            \! -user plex -exec chown plex.plex {} \; -print

Thanks so much for this guide, it helped me get Plex working. However, now I can't do anything in my media folders from the GUI, such as create new folders, etc. Also, my Deluge can't write to the downloads folder, which is in the same group of folders.

How do I regain access to my media folder?

@baghashams

I unfortunately don't really know much about doing stuff from the GUI. You might have to logout/login to refresh your user's groups in the GUI, though I'm not 100% sure.

Per deluge, I think it has its own user and group, make sure the downloads path where it should download to has the correct permissions. You can cat your passwd and group files and find deluge's username, like:

cat /etc/passwd |grep deluge
cat /etc/group |grep deluge

Then look at the user/group/permissions of the deluge downloads directory:

ls -la /path/to/deluge/downloads

It should show something like:

drw-r--r--  1 deluge deluge  597 Nov 27  2021 downloads

Different date stamp of course. I put my downloads in an entirely different path. I don't use deluge anymore because the latest update F'd my permissions altogether. My pathing for deluge was:

/dvr/deluge/torrents/active
/dvr/deluge/torrents/seeding
/dvr/deluge/torrents/complete

The /dvr/deluge path and sub paths were all owned/grouped to the deluge user, then I put my regular login user into the deluge group, so I could copy stuff around.

Stupid question but can this be applied to a NAS PMS, since the NAS is essentially a Linux box?

@stevefxp1

It isn't stupid, quite reasonable. You can setup whatever permissions you want on your NAS, if it uses a standard *nix permission set then I don't see why not. I haven't experimented with NAS stuff in a long time, so I don't have a good/complete answer for you.

Hi, I was following this guide and I find myself in a similar spot to where @brennanjk was.

I am trying to add files from a hard drive, I added it to the fstab and that doesn't cause any problems. The permissions look like this (keep in mind as of now I am only interested in adding the Audiobook library from this folder):

But when I go to plex and try to add that path to the library that is what it looks like:

And doesn't show any of the child directories. I also changed the ownership of the media directory to plex:plex after taking the screenshot.
Thanks in advance for any help!!

You put a lot of work into explaining this, thanks for the effort!

My current system is a test case for when I switch a different PC to linux.

For me, Plex is able to access and play the files just fine, but I no longer have permission to see the folders/files.
My USER is part of the plex group.
I need to elevate my user to root (sudo) to view the files/folders.
How do I fix this?

I am wondering how I would give certain programs/scripts to read and write to these folders?
The two I am currently wondering about are yt-dlp and syncthing.
For yt-dlp, I suppose i could run it with root in cron, but i'm a bit iffy on that.

@Quoddity

Your default user should have sudo privileges. You can check by doing something like sudo ls, this should prompt you for your password then run the ls command as root. If it gives you a permissions error, then you'll need to give your user higher privs, kind of outside of the scope of this document. Google: sudoers

I am wondering how I would give certain programs/scripts to read and write to these folders?

If your user is running the scripts, it'll just work with the permissions. I have syncthing setup as its own user, but if you have it running as your user it'll have access to stuff within your permission set.

thanks for this, been struggling to get my plex server permissions to be correct since i set it up.

anyway you could share how to set up a cron job?
i've never used cron before, didn't really need it for a long time.

@redkurn

Any tutorial will explain cron jobs better than I can. Generally I use this tool to generate the proper crontab line, there may even be a bit of tutorial there... https://crontab-generator.org/

@pjobson I found a site that helped make the crontab line, but having trouble with a script that executes properly. For some reason with Plex being owner and me in the group I still require sudo. 🤷‍♂️

@redkurn what permissions does your script have? If you run it without using cron, does it run properly or fail?

@pjobson
-rwxr-xr-x 1 plex plex 737 Sep 12 13:15 setperm.sh

I set it to run every minute and nothing changed, running manually i see

x@debian:/mnt/Media$ ./setperm.sh
chown: changing ownership of '/mnt/Media/test': Operation not permitted
chown: changing ownership of '/mnt/Media/test/test.txt': Operation not permitted

owner of the folder is plex, file is me.

Oh you need to run it as root, because you need elevated privs to modify all of the permissions. So do...

sudo su -
crontab -e

Then add the full path to the script wherever you have it.

@pjobson your script up at the top works perfectly, wish i'd noticed git hiding it sooner, could have saved myself 6 hours of frustration.

i've noticed running crontab on debian as */30 **** /path does not work, it has to be an asterisk for the minute. not sure why.
added another job and added sleep 30 per a guide i found and that worked so my cron looks like

* * * * * /path/to/script
* * * * * sleep 30; /path/to/script

and it works, i'm sure i could have it on the same line, but easier to read like this.

thanks for the help, the script and the guide.

"Directories should be 775 or rwxrwxrx- and files should be 664 or rw-rw-r--."

Is there a typo on the last three digits of the directory's other group, or can you write it that way too? I thought the second character was for marking write permissions-not execution permissions? New to all this. Sorry if this is dumb.

@zjDrummond no question you have to ask here is "dumb"!

It is a-okay to give directories executable permissions, this answer on superuser answers why exactly better than I can: https://superuser.com/a/169418

My practice for plex directories is to put my personal user into the plex group, I want to be able to do anything to the files and directories with my pjobson user without having to sudo. To accomplish this, I make all directories 775 and all files 664.

Permissions are 3 sets of numbers 0-7.

The sets define the user / group / world:

• First digit is for owner
• Second digit is for group
• Third digit is for world or everyone

The number defines the type of permission:

Num	Perm	Description
0	---	No permissions
1	--x	Executable Only
2	-w-	Write Only
3	-wx	Write & Execute
4	r--	Read Only
5	r-x	Read & Execute
6	rw-	Read & Write
7	rwx	Read & Write & Execute

Therefore 775 is:

• Owner read/write/execute
• Group read/write/execute
• Everyone read/execute

And 664 is:

• Owner read/write
• Group read/write
• Everyone read only

I hope that helps!

@zjDrummond no question you have to ask here is "dumb"!

...I hope that helps!

Thank you for explaining this further, and sharing that link. I'm a recent Windows refugee, and I'm still learning Linux.

@zjDrummond no problem! We're all learning Linux, some of us have just had a little more time in. I stopped using Windows when Vista came out. Your question was better than you thought, as a good question can usually elicit a long answer.