The previous settings should negate these, but you could configure them if you wanted. Sonarr also lets you configure the user, group as well as folder and file permissions. You configure the Docker image to run with -e PUID=123 -e PGID=321 -e UMASK=002. You run Sonarr using hotio/sonarr, you’ve created a sonarr user with uid 123 and a shared group media with gid 321 which the sonarr user is a member of. Perhaps let one system pick the UID/GIDs, then re-use those on the other system, assuming they don’t conflict. If you’re using storage from another system via NFS or CIFS, it will make your life easier if that system also has matching users and group. If you ever peek in, you’ll find that username is something like abc, nobody or hotio, but because it uses the UID/GID you pass in, on the outside it looks like the expected user. Many Docker images also take a -e PUID=123 and -e PGID=321 that lets you change the UID/GID used inside to that of an account on the outside. If you are using existing folders and files, you will need to fix their current ownership and permissions too, but going forward they will be correct because you set each software up right. This will ensure that files and folders created by one can be read and written by the others. Many Docker images accept -e UMASK=002 as an environment variable and some software can be configured with a user, group and umask (NZBGet) or folder/file permission (Sonarr/Radarr), inside the container. For a deeper explanation, try the Arch Linux wiki articles about file permissions and attributes and UMASK. You can restrict permissions even more by denying read from “other”, which would be a umask of 007 for a user per daemon or 077 for a single shared user. A sane alternative to this is a single shared user, which would use 755 and 644 which is a umask of 022. Ideally, each software runs as its own user and they are all part of a shared group with folder permissions set to 775 ( drwxrwxr-x) and files set to 664 ( -rw-rw-r-), which is a umask of 002. ¶ Multiple users and a shared group ¶ Permissions This guide is more conceptual in nature while TRaSH's tutorial walks you through the process. Reminder that many folks find TRaSH's Hardlink Tutorial helpful and easier to understand than this guide. This is easy to say, but not so easy to understand and explain. The idea is that you run each Docker container as its own user, with a shared group and consistent volumes so every container sees the same path layout. This article will not show you specifics about the best Docker setup, but it describes an overview that you can use to make your own setup the best that it can be. See this Docker Guide and TRaSH's Docker Tutorial instead for how to setup Docker Compose.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |