Hi there,
I'm in the process of ripping my DVD collection to mp4 and have just
installed net-misc/mediatomb. I am EXTREMELY impressed with this
service, which has very quickly demonstrated a marvellous ability to
stream video to my PS3.
On my server I have two largish hard-drives which are used for
miscellaneous storage - backups, drivers & service packs for my work,
customer backups and all these video files which will soon be rapidly
increasing in quantity.
Because of the miscellaneous nature of this data, I have mounted these
two disks at /mnt/space and /mnt/morespace Following a discussion a
while back I will probably move them to /media/video[123] or /media/
spaceX when I get around to reorganising.
Permissions on these volumes are such that any user on the system (me,
hypothetically trusted friends or family in the future) should have
full access to all the miscellaneous junk on them. I need to play back
videos and delete the old versions when I decide a film needs to be
ripped in higher quality.
I'm a little unclear as to how these permissions have been applied -
shouldn't it be based either on the permissions of the mount-point
directory, or added as an "-o users,umask=000" in /etc/fstab ?
$ grep space /etc/fstab
LABEL=space /mnt/space xfs noatime
0 3
LABEL=MoreSpace /mnt/morespace xfs noatime
0 3
$ sudo umount /mnt/morespace/
$ ls -lh /mnt/
total 0
drwxrwx--- 2 root cdrom 72 May 28 2007 dvdrom
drwxrwx--- 2 root users 48 Sep 21 23:24 foo
drwxrwxrwx 2 root root 48 May 19 2007 morespace
drwxrwx--- 8 root users 116 Sep 11 11:53 space
$ sudo mount -a
$ ls -lh /mnt/
total 4.0K
drwxrwx--- 2 root cdrom 72 May 28 2007 dvdrom
drwxrwx--- 2 root users 48 Sep 21 23:24 foo
drwxrwx--- 5 root users 4.0K Sep 15 20:46 morespace
drwxrwx--- 8 root users 116 Sep 11 11:53 space
$
Anyway, the problem that I encountered was that Mediatomb was unable
to read these drives because Gentoo init.d script (very sensibly, IMO)
runs the server as its own user, which clearly did not have permission
to read these disks. I like this idea, because I tend to trust the
users on my system (this may be foolish!) yet fear a hijacked daemon
maliciously deleting my collection of Carry On films.
You can see here how I've worked around the problem for the moment:
$ grep -ie user -ie group /etc/conf.d/mediatomb
# Run MediaTomb as this user.
MEDIATOMB_USER="mediatomb"
# Run MediaTomb as this group.
#MEDIATOMB_GROUP="mediatomb"
MEDIATOMB_GROUP="users"
$
However I'm posting to solicit suggestions on the best permissions
practices for this purpose. mediatomb shouldn't need write access to
these files or folders at all - there's no option on the UPnP client,
for instance, to delete files from the server. Should I make the
drives owned by "users" and in the "mediatomb" group, with read-only
access for the latter? Any other suggestions?
Stroller.
