Fixing File Permission Problem of Jellyfin on Arch Linux

Cyrus Yip
Jan 11, 2023 (Modified: Jan 13, 2023)

This tutorial should work for other Linux distributions, but I only tested it on Arch Linux.

In order to add a directory to a Jellyfin library, Jellyfin needs to access the directory and all its parent directories. If you add ~/Videos to a library, Jellyfin fails to access it. Jellyfin runs as user jellyfin. Jellyfin can access ~/Videos (other::r-x) but can’t access its parent ~ (other::---).

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
❯ getfacl ~/Videos
getfacl: Removing leading '/' from absolute path names
# file: home/cyrusyip/Videos
# owner: cyrusyip
# group: cyrusyip
user::rwx
group::r-x
mask::r-x
other::r-x

❯ getfacl ~
getfacl: Removing leading '/' from absolute path names
# file: home/cyrusyip
# owner: cyrusyip
# group: cyrusyip
user::rwx
group::---
mask::---
other::---

To fix it, grant Jellyfin execution permission for the home directory.

1
setfacl --modify user:jellyfin:--x ~

Now, Jellyfin can access not only ~/Videos but also other directories under ~, which is unsafe. We only want Jellyfin to access necessary directories. We’d better remove the permission for Jellyfin and create a dedicated directory for it.

1
2
3
setfacl --remove u:jellyfin ~
sudo mkdir /media
sudo chown $USER: /media

References:

Jellyfin#File_permission - ArchWiki (Actually, I wrote this section)