this post was submitted on 20 Jan 2026
50 points (96.3% liked)

Selfhosted

54792 readers
385 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
50
Using Immich in combination with NAS permissions (sopuli.xyz)
submitted 1 day ago* (last edited 1 day ago) by teawrecks@sopuli.xyz to c/selfhosted@lemmy.world
18 comments fedilink hide all child comments
 

Hi all, I'll cut to the point: is anyone out there running a NAS with multiple users, and each user has their own media folders and files that belong to them, with share access to those files (samba), and separately is also running an instance of Immich (as its own user) that in some way has access to these files and folders, AND is able to upload new files, while maintaining the NAS user ownership/permissions on those files?

In my current setup, each user's media files have permissions user:media 740 (so the "media" group has read access). The Immich user is in the media group. I then have the NAS files mapped as read-only, and added in Immich as external storage per user. This means I'm currently not uploading anything. (If I do, they get stored separately in Immich, not merged with the rest of the media files).

I could instead make the dir writable by the media group, map each NAS user's media directories directly as their Immich upload location (and fix up the Immich file naming/organization so that it matches), but I would still have the problem that it would create new files as the Immich user on the NAS, not the specific user.

Is there a clever permissions solution here I'm missing, or is it a lost cause to try and have both coherent per-user permissions on the NAS/samba share, AND use Immich? I don't really want a script that runs and chmods everything to user:media periodically. Feels hacky, and then Immich isn't able to change/delete any files, but that might be the only solution...

you are viewing a single comment's thread
view the rest of the comments
[–] non_burglar@lemmy.world 1 points 15 hours ago (1 children)

Squashing per-user is a blanket measure intended to default "public" users into a default access permission.

It is usable according to your layout, but this is effectively logical control preventing users from affecting files that aren't their own.

And if that is the goal, you might as well set this up as library access through immich.

[–] PeriodicallyPedantic@lemmy.ca 1 points 13 hours ago (1 children)

Library access won't allow upload, this will.

My knowledge here isn't super deep, but it seems like you can do mapping per-share-per-ip, which means you can say "all file access coming from the immich host to this share will act as this user" which I think is fine if that share belongs to that user, and you don't have anything else coming from that host to that share which you want to act as a different user. Which are very big caveats.

[–] non_burglar@lemmy.world 1 points 12 hours ago (1 children)

Library access won't allow upload, this will.

This isn't right. https://docs.immich.app/administration/user-management/

I understand following op's pattern of wanting to set controls on underlying storage together with a share, but simply using immich's built-in storage labels is much easier.

Plus, each user can be assigned an NFS share to their individual files separate from immich's access requirements for storage. There is no need to make this a worse hodge-podge than op has already made it.

[–] PeriodicallyPedantic@lemmy.ca 1 points 10 hours ago (1 children)

Sorry I misread when you said "library" for some reason I thought you meant "external library"

The problem that I'm trying to solve and I think OP is also trying to solve, is that they want the files to be on their NAS because it is high capacity, redundant, and backed up, but many users have access to the NAS, so they cannot rely on immich alone to provide access permissions, they need access permissions on the files themselves.

I solved this by having a separate share for every user, and then mounting that user's share on their library (storage label).
It sounds like OP wants a single share, so having correct file ownership is important to restrict file access to the correct users who are viewing the filesystem outside of immich.

Not sure what you mean by your last paragraph, how do you assign a share to individual files (assume you mean directories) outside of immich's need for storage?

[–] non_burglar@lemmy.world 2 points 9 hours ago

Ah, gotchu. Carry on.