That's only a tiny, tiny piece of it. If you want to know more: https://grapheneos.org/features

All phones have a BFU (before first unlock) state, and GrapheneOS doesn’t require a passphrase unless you’ve set one, otherwise it’s your PIN. Fingerprint unlock is disabled until after BFU though, so it requires essentially using a backup PIN even if you always use your fingerprint, at least for first unlock.

To add to the security of the PIN and to prevent reading screen smudges you can enable an option so that the digits on the PIN pad are randomized each time it loads.

Graphene also supports fully isolated user accounts. Applications running in one profile can not even discover the existence of the other profiles*. There is a way to forward notifications from user containers but is disabled by default. Each account, when inactive, is encrypted independently of the system drives and the key is generated at user login with the entry of a password and overwritten in memory upon logout.

*If you enable the notification forwarding, a hostile application running on the primary account could deduce that there is at least one other user profile on the phone by analyzing the notifications.

ou're Try just running findmnt, the type may be ntfs instead of ntfs-3g. The -t switch is saying to filter and only show 'ntfs-3g' mounts and it maybe called something else in your environment. The list will be a bit longer but you should be able to find the listing, it'll be the directory where your drive is mounted.

I then unmounted Samsung and ran sudo mount -t ntfs-3g -o uid=1000,gid=1000,rw /dev/disk/by-label/Samsung /mnt/Samsung

Did Emby work after this? You said you had to remount, what did you use to do that?

If you can get Emby to work, you can then look at findmnt to see how the working directory is mounted (which options/etc) and then you can update your fstab to have those options so that it will mount on startup.

I’m guessing I could also open fstab and change it manually but I’m not quite there yet haha.

Now's a good time!

Editing the fstab is the 'correct' Linux way of doing things, the GUIs can be convenient but they can also prevent you from learning how the system works (so when it later breaks, you have no idea where to start).

fstab is just a text file, there are 6 fields: <file system/device> . The way it tells the fields apart is through white space(a tab or space character).

/dev/sda1  (any amount of spaces or tabs)  /home/external-drive   options,seperated,by,comma    0(old way of marking a drive to be backed up)   2(fsck check order, 1 for your root directory, 2 for everything else, 0 if you don't want disk checking like for a swap device)

If you're worried about breaking anything you can just make a backup:

sudo cp /etc/fstab /etc/fstab.bak

If you break something, just restore it:

sudo cp /etc/fstab.bak /etc/fstab

League of Legends is the toxicity honeypot of the gaming community, it draws in all of the people who have the 'I'm a video game athlete and better than you because of it'-vibe and keeps them away from positive communities (Deeprock Galactic, I'm looking at you).

That fstab entry is correct (assuming the by-label path is valid), you could change auto to ntfs-3g but it is likely detecting the correct type so that isn't needed.

If you can put it in the 'not working' and also in the 'working' state you can compare how it is mounted with

findmnt -t ntfs-3g

That'll show the options that the mounts are currently using, a quick thing that you can try unmounting and remounting

sudo umount /mnt/Samsung
sudo mount /mnt/Samsung

That should mount it with the options in the fstab file, you can confirm with the findmnt command.

If not, that doesn't work try umounting and then mounting with the options set explicitly:

sudo mount -t ntfs-3g -o uid=1000,gid=1000,rw /dev/disk/by-label/Samsung /mnt/Samsung

and see if they show in findmnt.

EDIT 2: Spoke too soon. After a reboot they were ro for Emby again. I added rw to the drive options and it worked again. But after another reboot, no go again. Turns out after each reboot unmounting then remounting works. Not sure if there’s a way to make this work. Maybe they mount too soon? I dunno, but for now it’s functional.

You shouldn't need to remount if you added the options, they should be in the fstab file now so they'll be applied at every reboot. If it isn't doing that check the fstab file

cat /etc/fstab

To see what the relevant entry says. The options block is the block of text just before the two numbers at the end of the file.

Clear Key is an excellent example of usability completely neutering security.

Your drive encryption keys (FVEK) are protected by the VMK which is then encrypted and written to the drive on suspend and then the key that was used to encrypt it is also written to the drive in plaintext.

It's like a lock that comes with a key that's chained to it, completely worthless but they can say, like Microsoft here, that it is technically locked.

However, I think I got it set. I added uid=1000,gid=1000 to the end of the options string and Emby now has control.

Yup, that'll do it.

Now I just gotta look into why that worked haha.

Adding uid=1000,gid=1000 tells the NTFS mount driver “Present every file on this NTFS volume as if it is owned by UID 1000 and GID 1000.” The account running Emby is probably just your user account (guessing) so this did what you were trying to do with chown. Chown won't work without the 'permissions' option and a usermapping file to translate linux IDs to the SID's that NTFS uses, probably way more configuration than you need.

You should try to get off of NTFS ASAP. It'll be fine for media storage but some things (pc games, esp) really hate running off of NTFS. I know how unwieldy it is to shift the data around, but it will save you a lot of headaches going forward.

Next, I have ntfs-3g installed and plan to run mount -t ntfs3 /dev/sdxY /mnt though I think I either need to create a drivename folder in /mnt or add mount -t ntfs3 /dev/sdxY /mnt/DRIVENAME the drive name to the end and it’ll create it maybe?

mount -m -t ntfs-3g /dev/sdx /mnt/mountname

Will create /mountname in /mnt and then mount the device on the created directory.

Instead of doing that you could just edit the fstab file and change the fileystem type to ntfs-3g(the package may be just ntfs on CachyOS so ymmv). Although, I suspect this is already done since you're able to access and read the drive.

You may need to add -o permissions so that standard Linux permissions are applied (TFM: https://linux.die.net/man/8/ntfs-3g), alternatively you can add 'permissions' to your current fstab entries, then remount the drives.

ex:

/dev/sda1                             /mnt/windowsdrive           ntfs-3g            permissions,rw     0 0

I can now access my drives, so I began setting up my server. No problem this time! Emby sees the directories and scans them. Finally! However even though I can rw on the drives, Emby sees them as read only. Bummer.

How is Emby installed? In a container or are you running it on bare metal?

When you say it sees them as read only, what indicates this? A log? A GUI element?

A major reason these kinds of things are happening is the EU move toward digital sovereignty.

Since there isn't exactly a non-US commercial OS available and Linux is good enough for most everything, we're starting to see a lot of interest in the open source world and moving towards open and standards-based software.

Commercial companies recognize that the EU governments represent a huge potential source of income. Some categories of software have essentially no Linux support... this leaves a huge vacuum to be filled by a company who can create professional image editing/CAD software which also works on Linux.

If Affinity is the only large, commercially supported professional publishing software available then they become the defacto winner of all of these new EU Digital Sovereignty contracts.

This is why all of the megarich are selfish assholes.

The good people give their money away.

Keep the pressure on.

Collective Shout got them to change their position and they're a small group. We are legion, as the kids say