SOLVED Plex won't allow its data path to be SMB shared

M

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,694
TimB said:
I wonder if it would be possible in a future release to allow overriding the path validation per mount when configuring a container? This way most of the time the safety check will be done except for when it's the exception.
Click to expand...
It would have been preferable, but much harder to do.... and keep app deployment easy
 
truecharts

truecharts

Guru
Joined
Aug 19, 2021
Messages
788
morganL said:
It would have been preferable, but much harder to do.... and keep app deployment easy
Click to expand...

Sorry to say so, but: Not really possible, at least not for all the hostPath validation features...
hostPath validation is not *just* the shares thing, it also prevents access to system paths, which is crucial to safely use hostPath storage at all.

Not having this on the daemon level, aka: for all apps, (docker on Bluefin, containerd on cobia), means it won't protect users against container escapes using hostPath. Which is a known vulnerability for Kubernetes.
 
mgoulet65

mgoulet65

Explorer
Joined
Jun 15, 2021
Messages
95
truecharts said:
Sorry to say so, but: Not really possible, at least not for all the hostPath validation features...
hostPath validation is not *just* the shares thing, it also prevents access to system paths, which is crucial to safely use hostPath storage at all.

Not having this on the daemon level, aka: for all apps, (docker on Bluefin, containerd on cobia), means it won't protect users against container escapes using hostPath. Which is a known vulnerability for Kubernetes.
Click to expand...
Perhaps TWO validations...one system level and one App level for the SMB one? Better yet, how about being able to mount and SMB share in an App like we can for NFS Shares?
 
Sawtaytoes

Sawtaytoes

Patron
Joined
Jul 9, 2022
Messages
221
I'm still lost on this host path stuff.

How do I reconfigure my shares so it works without disabling safety checks?

Say I have family photos on Jellyfin. I also want those shared over SMB so my wife can organize them. What's the dataset or folder structure look like? Which is SMB and which is seen by Jellyfin?
 
NugentS

NugentS

MVP
Joined
Apr 16, 2020
Messages
2,947
As an alternative solution to consider. Windows has an NFS client - use that to access the Plex share (NFS). One set of permissions then
 
Sawtaytoes

Sawtaytoes

Patron
Joined
Jul 9, 2022
Messages
221
NugentS said:
As an alternative solution to consider. Windows has an NFS client - use that to access the Plex share (NFS). One set of permissions then
Click to expand...
I appreciate your response, but NFS doesn't suffice for my use case. Even though it's native in Windows, it's all command line as well and isn't something I can load up in Windows Explorer without installing Windows features.

I'd love to figure out how to setup ZFS datasets in the intended way, but this isn't documented anywhere.

To me, this whole thing is strange. A Windows backup server seems like a very common use case; extremely common. So then why is there no documentation on the right way to setup datasets for use with Applications?
  1. Do I make a dataset for each host share?
  2. Do I reference a subdirectory?
  3. If I want to share family photos but have them accessible over SMB, do I have to create a "container" dataset for the application with a "share" dataset underneath for SMB?
I have way too many unanswered questions for what seems like a simple use case.

The easiest fix for me is to remove host path safety checks, but I'd prefer to do things the intended way without hacks. In that case, I expect there to be a TrueNAS docs page somewhere that explains what I should be doing with general best practices.
 
crk1918

crk1918

Dabbler
Joined
Jan 12, 2023
Messages
29
cwagz said:
It will stop working in 22.12. Mine was working fine in Angelfish too.
Click to expand...
Same here, I did the update two days ago, but for some reason, one pool has the Plex app (created from Truenas core version, because SMB shares the dataset and that Plex app is under that dataset path) with SMB share work ok, all with the NFSv4 setting, so I have to stop SMB share from starting the APPs.
 
Last edited:
Sawtaytoes

Sawtaytoes

Patron
Joined
Jul 9, 2022
Messages
221
One solution is using the TrueCharts version and setting up local-only NFS shares. That fixes the issue.

Another option is sharing the folders inside the dataset, but that stopped worrying for me the other day, so I switched to TrueCharts instead as it uses the "apps" user at id 586 for all containers. I only have to add it once.
 
crk1918

crk1918

Dabbler
Joined
Jan 12, 2023
Messages
29
Sawtaytoes said:
One solution is using the TrueCharts version and setting up local-only NFS shares. That fixes the issue.

Another option is sharing the folders inside the dataset, but that stopped worrying for me the other day, so I switched to TrueCharts instead as it uses the "apps" user at id 586 for all containers. I only have to add it once.
Click to expand...
Thanks, I tried NFS for Windows 10 client today, and it does not mount for some reason. I don't care about window sharing, as long I can manage my APPs files, maybe I can use FileBrowser APP for managing my application media file:smile:.

User "apps"(id: 568) is used for Official APPs too. Today I do some searching, Daisuke's Recommended Guide may work too.
 
Sawtaytoes

Sawtaytoes

Patron
Joined
Jul 9, 2022
Messages
221
crk1918 said:
Thanks, I tried NFS for Windows 10 client today, and it does not mount for some reason. I don't care about window sharing, as long I can manage my APPs files, maybe I can use FileBrowser APP for managing my application media file:smile:.

User "apps"(id: 568) is used for Official APPs too. Today I do some searching, Daisuke's Recommended Guide may work too.
Click to expand...
I still use SMB. I used NFS only internally to share an SMB-shared folder to a TrueCharts image.

That way, you can still use SMB in Windows as-usual, but internally, the VM is pointed at a local NFS share instead of mounting the filesystem directly.
 
O

oncdoc

Dabbler
Joined
Dec 19, 2022
Messages
46
Sawtaytoes said:
One solution is using the TrueCharts version and setting up local-only NFS shares. That fixes the issue.

Another option is sharing the folders inside the dataset, but that stopped worrying for me the other day, so I switched to TrueCharts instead as it uses the "apps" user at id 586 for all containers. I only have to add it once.
Click to expand...
What do you mean by setup local only NFS shares? So my data will not be shared via SMB put via NFS? Doesn't this still violate the host path problem?
 
Sawtaytoes

Sawtaytoes

Patron
Joined
Jul 9, 2022
Messages
221
oncdoc said:
What do you mean by setup local only NFS shares? So my data will not be shared via SMB put via NFS? Doesn't this still violate the host path problem?
Click to expand...
Make an SMB share and use it for Windows.

Then also make an NFS share on the same dataset. With TrueCharts Apps (instead of TrueNAS Official Apps) Now you can associate that app with an NFS share rather than the "Host Path" (filesystem) itself.

Instead of NFS shares, you can do what I did, but this is probably less reliable:
1. Make SMB share for parent dataset.
2. Make child datasets and associate those datasets with apps.

This works too, but it requires a parent dataset and has the problem of permission issues. If someone knows more about permissions, please explain because I sometimes run into SMB permissions issues on datasets used by apps.
 
O

oncdoc

Dabbler
Joined
Dec 19, 2022
Messages
46
Sawtaytoes said:
Make an SMB share and use it for Windows.

Then also make an NFS share on the same dataset. With TrueCharts Apps (instead of TrueNAS Official Apps) Now you can associate that app with an NFS share rather than the "Host Path" (filesystem) itself.

Instead of NFS shares, you can do what I did, but this is probably less reliable:
1. Make SMB share for parent dataset.
2. Make child datasets and associate those datasets with apps.

This works too, but it requires a parent dataset and has the problem of permission issues. If someone knows more about permissions, please explain because I sometimes run into SMB permissions issues on datasets used by apps.
Click to expand...
Hello Sawtaytoes,

I did as you said but dont know what to put here. NFS server ? should I put my ip address?

1674842176785.png
 
aasikki

aasikki

Dabbler
Joined
Jan 30, 2023
Messages
12
While this is probably good for security, it does kinda defeat the purpose of having an easy to use media server if you have to fiddle around just to put some media in the folder... I think there needs to be a proper solution for enabling share for this purpose. Disabled host path checks for now as a workaround.
 
truecharts

truecharts

Guru
Joined
Aug 19, 2021
Messages
788
aasikki said:
While this is probably good for security, it does kinda defeat the purpose of having an easy to use media server if you have to fiddle around just to put some media in the folder... I think there needs to be a proper solution for enabling share for this purpose. Disabled host path checks for now as a workaround.
Click to expand...

it's actually supper easy, checkout iX's recent TrueCharts jellyfin guide ;-)

How to get started with Jellyfin on TrueNAS SCALE

Here at iX, we’re big fans of open-source alternatives to commercial software - so when we heard that LinusTechTips was featuring the open-source media library manager Jellyfin on their YouTube channel, we were excited to check it out. Unfortunately, there’s one piece missing from the puzzle -...
www.truenas.com www.truenas.com
 
aasikki

aasikki

Dabbler
Joined
Jan 30, 2023
Messages
12
truecharts said:
it's actually supper easy, checkout iX's recent TrueCharts jellyfin guide ;-)

How to get started with Jellyfin on TrueNAS SCALE

Here at iX, we’re big fans of open-source alternatives to commercial software - so when we heard that LinusTechTips was featuring the open-source media library manager Jellyfin on their YouTube channel, we were excited to check it out. Unfortunately, there’s one piece missing from the puzzle -...
www.truenas.com www.truenas.com
Click to expand...
That looks super easy indeed! I must be doing something wrong though, as I Jellyfin will just complain that the path is not valid, when I add the folder to a library. Did everything according to the guide, set the permissions for app user, made the etc. but no dice. I even tried creating a brand new dataset where I added just couple movies for testing, but even then it didn't work. Tested Plex earlier today and for it the host path way worked just fine, after disabling the check, for Jellyfin even that doesn't work for me. I'll open a support ticket in the discord so hopefully someone can help me figure this out :)

EDIT: Well, found a solution, removed ACL for the sataset and made apps user and group the owner of the dataset.
 
Last edited:
Sawtaytoes

Sawtaytoes

Patron
Joined
Jul 9, 2022
Messages
221
Mine's working with an ACL. I added `apps` both as a user and a group to the ACL with the default `modify` privilege.
 
6

60plus

Cadet
Joined
Feb 15, 2023
Messages
1
Thank you.
morganL said:
This will be better documented at release, but to access an App dataset via SMB or NFS you need to disable host path validation in Kubernetes settings. This is a new "safety" feature in Bluefin. Some Apps are not very compatible with SMB sharing...

TrueNAS SCALE 22.12-RC.1 has been released!

We are pleased to announce the release of TrueNAS SCALE 22.12-RC1 (Bluefin). This release candidate has several bug fixes and improvements and a few new features. See the Release Notes below for more details. Release Notes: https://www.truenas.com/docs/scale/scale22.12/#2212-rc1 Download...
www.truenas.com www.truenas.com

image.png
View attachment 60438
Click to expand...
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Plex won't allow its data path to be SMB shared"

Similar threads

L
Cannot upgrade plex docker image due to new path restriction
Replies
10
Views
3K
scarey
scarey
S
The path '/mnt/xxxxxxxxxx/media' is already attached to service(s): SMB Share, Snapshot Task.
Replies
10
Views
9K
DowJones
DowJones
C
Cannot upgrade app due to conflicting mounts
Replies
8
Views
2K
WarnesJ
WarnesJ
P
Apps Host Path access problem with SMB
2 3
Replies
57
Views
30K
sfatula
S
D
Plex on Scale - error with set-up due to SMB
Replies
2
Views
3K
donkmeister
D
Top