NFS Share: Permission Denied Error

I won’t go into the full details unless it seems relevant for this forum, but I’m using Plex Media Server. Plex, for some reason, keeps running into a very specific transcoding error with some of my media. This same media can be played fine directly. Further, if I move the media directly onto the local drive of my Plex host, it also plays fine.

Allowing mangled characters on the SMB share fixed this issue for a while, but it comes back erratically.

This leads me to believe there is something wrong with my SMB share.

Here is my fstab:

// /media-vault cifs rw,credentials=/home/rvby/.credentials,file_mode=0770,dir_mode=0770,uid=1000,gid=1000,nobrl

My SMB configuration is here:

I think everything is kosher there (though I’d be happy to hear that it isn’t!), so my next step is trying an NFS share instead.

My Plex is running in a container on an Ubuntu VM. The VM has a user of rvby with a PUID and GUID of 1000.

The TrueNAS machine has a local user, rvby, with a PUID of 3000, and a main group, media-vault-access, with a GUID of 3000. rvby is part of the media-vault-access group.

Here’s the NFS config:

When I mount the NFS share to a directory on my Ubuntu machine, the directory has an owner of 3000 for the group and user. I think they’re being marked as owned by 3000 because of my SMB share, which recursively applies permissions. On the SMB share, I have the ACL set up to allow full access to the local user rvby and the local group media-vault-access, which would give CHOWN them to 3000:3000… I think, at least.

The ACL config for the SMB share:

In any case, when I try to access the mounted directory, even as root, I get a permission denied error. This makes sense given the ownership.

Does anyone have any advice on the best path forward here for gaining access? Should I create a separate user on Ubuntu VM who just provides NFS access with a PUID and GUID of 3000? If so, how would I manage that? My Plex container needs access to folders CHOWNed by its local user, rvby1, so I can’t just have it use the NFS-account wholesale.

Would the Manage Groups Server-side option help in this case?

Apologies if this is a stupid question, but any advice would be helpful!

Alright, after some more reading and experimentation, I think I’ve got this fixed.

I created a new group, nfs, with the ID 3000 on my Ubuntu VM. I then added my primary user, rvby, to that group. This allowed me to access the NFS share. I could also write to it, and the permissions seemed to be properly set to 3000:3000.

I can understand why the latter is being created correctly–it’s only via the Group that I can get access to the NFS share, after all–but I’m not totally grasping why files are being created with the UID of 3000… I’m guessing that the ACL is being applied automatically to all files created in the datastore, even if they’re created outside of an SMB connection, but that could be totally off.

Anyway, time will tell if this ended up resolving my issue. Next step after this is to move back to having this data sit next to my PMS container like it used to, but I hopefully won’t need to take that step.

1 Like