How can I limit access to user via permission mechanism?

My YunoHost server

Hardware: Raspberry Pi 4 at home
YunoHost version: 11.2.4
I have access to my server: Through SSH and through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ?: Increased Swap to 2 or 4 Gb, I don’t remember.

Description of my issue

I’d like to limit the access to some app to some users of the server, but if I do that, the users that I want to have access to the apps also lose the ability to use the apps.

Example:

  • I want User_One to access Jellyfin, but not Nextcloud.
  • I want User_Two to access to Nextcloud, but not Jellyfin.

My first thought was to remove Jellyfin and Nextcloud permissions from all users group, then grant User_One Jellyfin permission and User_Two Nextcloud permission.

But then Jellyfin throws a user or password doesn't match error, and those who should be able to log in into the app (User_One), can’t do so.

The only way is to grant all users Jellyfin permission, but then also User_Two will be able to access the app that they weren’t supposed to access to.

I’m sure the permission mechanism introduced in 3.7 is what I need, I just don’t know how to make it work. Any help will be appreciated,

Thanks

Yup, use groups.

Create group “Jellyfin but not Nextcloud”, assign the appropriate permissions and User_One to it.
Create group “Nextcloud but not Jellyfin”, assign the appropriate permissions and User_Two to it.
Remove all permissions from “all users” group.


Regarding Jellyfin, which version of the app and its LDAP plugin are you using?

1 Like

Thank you, I knew it had to be easy but I couldn’t get it to work.

I’m using Jellyfin 10.8.11~ynh2, and as for LDAP, whatever comes as default (SSO?). Users can visit the URL directly and sign in with their YunoHost name and password; if they are already logged in on YunoHost portal, when clicking on the Jellyfin tile they have to enter username and password again.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.