Understanding Plex permissions

[Alydis]

I am struggling to understand how permissions for Plex on my DSM work.

 

I have a freshly installed DSM 6.2.  I installed via a migration in which the DSM was installed fresh; but I kept my volumes.  I then installed Plex via the SPK downloaded directly from Plex.

 

Contrary to many topics, I find that plex is not in my administrators group (either in the UI, nor in /etc/group, nor int synogroup --get administrators).

 

root@nas1:~# synogroup --get administrators
Group Name: [administrators]
Group Type: [AUTH_LOCAL]
Group ID:   [101]
Group Members:
0:[admin]
1:[rslsync]
2:[someuser]

root@nas1:~# synogroup --get users
Group Name: [users]
Group Type: [AUTH_LOCAL]
Group ID:   [100]
Group Members:

root@nas1:~# synouser --get plex
User Name   : [plex]
User Type   : [AUTH_LOCAL]
User uid    : [1027]
Primary gid : [100]
Fullname    : [Plex User]
User Dir    : [/var/services/homes/plex]
User Shell  : [/sbin/nologin]
Expired     : [false]
User Mail   : []
Alloc Size  : [119]
Member Of   : [2]
(100) users
(65536) video

Its strange to me that synogroup --get users doesn't list any members; but from both the UI and from the synouser --get plex, it seem that plex is in fact in the users group.

 

I have several mixed permissions in my movies shared folder.  It's a bit of a mess, and I intend to clean up -- but I'm trying to understand how Plex has access to everything right now.

 

Here are some examples:

root@nas1:~# ls -l /volume1/movies

drwxrwxrwx  2      101   users    4096 Aug 21 23:02 Movie1
d---------+ 3 someuser   users    4096 Jan  3  2016 Movie2

root@nas1:~# synoacltool -get Movie2

ACL version: 1
Archive: is_inherit,is_support_ACL
Owner: [someuser(user)]
---------------------
	 [0] group:administrators:allow:rwxpdDaARWc--:fd--  (level:1)

root@nas1:~# synoacltool -get Movie2/movie.mkv

ACL version: 1
Archive: is_inherit,is_support_ACL
Owner: [someuser(user)]
---------------------
	 [0] group:administrators:allow:rwxpdDaARWc--:----  (level:1)

So, with Movie1 above, it doesn't use ACL and the directory (and file) is in the users group and has 777 permissions.  It makes sense the Plex can play that movie.

 

What doesn't make sense is that Plex can also play Movie2 (I can even delete the file from the UI).  From what I can tell, it only grants permissions to the named administrators group, and has no standard Linux permissions.

 

When I use the Permission Inspector in the UI, it doesn't appear that the plex user has any permissions over these files (image edited to remove filenames).

 

 

I have also tried using sudo to access the files from the command line:

 

root@nas1:~# sudo -u plex ls /volume1/movies/Movie2
ls: cannot open directory /volume1/movies/Movie2: Permission denied

root@nas1:~# sudo -u plex cat /volume1/movies/Movie2/movie.mkv
cat: /volume1/movies/Movie2/movie.mkv: Permission denied

So, I'm rather baffled at what is giving my Plex the permissions to view/play/delete these file?