Linux on Cyrus Yip's bloghttps://cyrusyip.org/en/tags/linux/Recent content in Linux on Cyrus Yip's blogHugoen-USFri, 13 Jan 2023 21:42:05 +0800Fixing File Permission Problem of Jellyfin on Arch Linuxhttps://cyrusyip.org/en/posts/2023/01/11/fix-jellyfin-permission/Wed, 11 Jan 2023 00:00:00 +0800https://cyrusyip.org/en/posts/2023/01/11/fix-jellyfin-permission/<p>This tutorial should work for other Linux distributions, but I only tested it on Arch Linux.</p> <p>In order to add a directory to a Jellyfin library, Jellyfin needs to access the directory and all its parent directories. If you add <code>~/Videos</code> to a library, Jellyfin fails to access it. Jellyfin runs as user <code>jellyfin</code>. Jellyfin can access <code>~/Videos</code> (<code>other::r-x</code>) but can&rsquo;t access its parent <code>~</code> (<code>other::---</code>).</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">❯ getfacl ~/Videos </span></span><span class="line"><span class="cl">getfacl: Removing leading &#39;/&#39; from absolute path names </span></span><span class="line"><span class="cl"># file: home/cyrusyip/Videos </span></span><span class="line"><span class="cl"># owner: cyrusyip </span></span><span class="line"><span class="cl"># group: cyrusyip </span></span><span class="line"><span class="cl">user::rwx </span></span><span class="line"><span class="cl">group::r-x </span></span><span class="line"><span class="cl">mask::r-x </span></span><span class="line"><span class="cl">other::r-x </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">❯ getfacl ~ </span></span><span class="line"><span class="cl">getfacl: Removing leading &#39;/&#39; from absolute path names </span></span><span class="line"><span class="cl"># file: home/cyrusyip </span></span><span class="line"><span class="cl"># owner: cyrusyip </span></span><span class="line"><span class="cl"># group: cyrusyip </span></span><span class="line"><span class="cl">user::rwx </span></span><span class="line"><span class="cl">group::--- </span></span><span class="line"><span class="cl">mask::--- </span></span><span class="line"><span class="cl">other::--- </span></span></code></pre></td></tr></table> </div> </div><p>To fix it, grant Jellyfin execution permission for the home directory.</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">setfacl --modify user:jellyfin:--x ~ </span></span></code></pre></td></tr></table> </div> </div><p>Now, Jellyfin can access not only <code>~/Videos</code> but also other directories under <code>~</code>, which is unsafe. We only want Jellyfin to access necessary directories. We&rsquo;d better remove the permission for Jellyfin and create a dedicated directory for it.</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">setfacl --remove u:jellyfin ~ </span></span><span class="line"><span class="cl">sudo mkdir /media </span></span><span class="line"><span class="cl">sudo chown $USER: /media </span></span></code></pre></td></tr></table> </div> </div><hr> <p>References:</p> <ul> <li><a href="https://wiki.archlinux.org/title/Jellyfin#File_permission">Jellyfin#File_permission - ArchWiki</a> (Actually, <a href="https://wiki.archlinux.org/index.php?title=Jellyfin&amp;type=revision&amp;diff=763685&amp;oldid=702260">I wrote this section</a>)</li> </ul> <p>Further reading:</p> <ul> <li><a href="https://wiki.archlinux.org/title/File_permissions_and_attributes">File permissions and attributes - ArchWiki</a></li> <li><a href="https://wiki.archlinux.org/title/Users_and_groups">Users and groups - ArchWiki</a></li> <li><a href="https://wiki.archlinux.org/title/Access_Control_Lists">Access Control Lists - ArchWiki</a></li> <li><a href="https://www.reddit.com/r/jellyfin/comments/10992x3/comment/j3xm596/?utm_source=share&amp;utm_medium=web2x&amp;context=3">Comment from u/jcdick1</a></li> </ul>