FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 09-30-2008, 02:05 AM
Stroller
 
Default Mediatomb media server - users & permissions for /media/videoX

Hi there,

I'm in the process of ripping my DVD collection to mp4 and have just
installed net-misc/mediatomb. I am EXTREMELY impressed with this
service, which has very quickly demonstrated a marvellous ability to
stream video to my PS3.


On my server I have two largish hard-drives which are used for
miscellaneous storage - backups, drivers & service packs for my work,
customer backups and all these video files which will soon be rapidly
increasing in quantity.


Because of the miscellaneous nature of this data, I have mounted these
two disks at /mnt/space and /mnt/morespace Following a discussion a
while back I will probably move them to /media/video[123] or /media/
spaceX when I get around to reorganising.


Permissions on these volumes are such that any user on the system (me,
hypothetically trusted friends or family in the future) should have
full access to all the miscellaneous junk on them. I need to play back
videos and delete the old versions when I decide a film needs to be
ripped in higher quality.


I'm a little unclear as to how these permissions have been applied -
shouldn't it be based either on the permissions of the mount-point
directory, or added as an "-o users,umask=000" in /etc/fstab ?


$ grep space /etc/fstab
LABEL=space /mnt/space xfs noatime 0 3
LABEL=MoreSpace /mnt/morespace xfs noatime 0 3
$ sudo umount /mnt/morespace/
$ ls -lh /mnt/
total 0
drwxrwx--- 2 root cdrom 72 May 28 2007 dvdrom
drwxrwx--- 2 root users 48 Sep 21 23:24 foo
drwxrwxrwx 2 root root 48 May 19 2007 morespace
drwxrwx--- 8 root users 116 Sep 11 11:53 space
$ sudo mount -a
$ ls -lh /mnt/
total 4.0K
drwxrwx--- 2 root cdrom 72 May 28 2007 dvdrom
drwxrwx--- 2 root users 48 Sep 21 23:24 foo
drwxrwx--- 5 root users 4.0K Sep 15 20:46 morespace
drwxrwx--- 8 root users 116 Sep 11 11:53 space
$


Anyway, the problem that I encountered was that Mediatomb was unable
to read these drives because Gentoo init.d script (very sensibly, IMO)
runs the server as its own user, which clearly did not have permission
to read these disks. I like this idea, because I tend to trust the
users on my system (this may be foolish!) yet fear a hijacked daemon
maliciously deleting my collection of Carry On films.


You can see here how I've worked around the problem for the moment:

$ grep -ie user -ie group /etc/conf.d/mediatomb
# Run MediaTomb as this user.
MEDIATOMB_USER="mediatomb"
# Run MediaTomb as this group.
#MEDIATOMB_GROUP="mediatomb"
MEDIATOMB_GROUP="users"
$

However I'm posting to solicit suggestions on the best permissions
practices for this purpose. mediatomb shouldn't need write access to
these files or folders at all - there's no option on the UPnP client,
for instance, to delete files from the server. Should I make the
drives owned by "users" and in the "mediatomb" group, with read-only
access for the latter? Any other suggestions?


Stroller.
 
Old 10-01-2008, 06:27 AM
Stroller
 
Default Mediatomb media server - users & permissions for /media/videoX

Hi Willie,

Many thanks for your informative reply.


On 30 Sep 2008, at 15:18, Willie Wong wrote:

On Tue, Sep 30, 2008 at 03:05:58AM +0100, Penguin Lover Stroller
squawked:

I'm a little unclear as to how these permissions have been applied -
shouldn't it be based either on the permissions of the mount-point
directory, or added as an "-o users,umask=000" in /etc/fstab ?


umask only applies to file systems with no intrinsic permission
settings, e.g. VFAT. The permissions for file systems with permission
bits are set in the file system itself ... chmod/chown/chgrp applied
to the mount point after

mounting will change the permissions of the actual file system.


Of course! It would not have occurred to me to ask this question were
I mounting a drive at a normal place in the Unix directory tree (by
which I mean /bin, /boot, /etc, /home, /lib, /sbin, /usr, /var and
directories below them).



However I'm posting to solicit suggestions on the best permissions
practices for this purpose. mediatomb shouldn't need write access
to these

files or folders at all - there's no option on the UPnP client, for
instance, to delete files from the server. Should I make the drives
owned
by "users" and in the "mediatomb" group, with read-only access for
the

latter? Any other suggestions?


What's so secret in your media folders that you can't just give read
access to mediatomb? Why don't you have it like you have now with
regards tot he owner and group and just give read permission to other?

owner root
group users
umask 002 (i.e. you will have rwxrwxr-x or rw-rw-r-- ?)


Of course! That's perfect. And I can easily keep customer data and
other stuff on the drive at umask 007.



To do any fancier (say, files owned by root, read-write access for all
users and read access only for mediatomb and no access for everyone
else) you will probably need a real ACL with which I can offer no
suggestions.


No, that's not necessary at all. I must've been having a brain-fart
even to have asked.


Stroller.
 

Thread Tools




All times are GMT. The time now is 04:03 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org