HelpGuidesLinux permissions for media servers
jellyfinemby8 min read

Linux permissions for media servers

The most common problem for Linux beginners. File permissions, ACLs, the media server user, and fstab.

The core problem

When you install Jellyfin or Emby on Linux, it creates a system user (jellyfin or emby) that runs the server process. This user needs read and execute permissions on every folder in the path to your media files - not just the files themselves.

Running chmod 777 on a file does nothing if a parent folder blocks access. The server user must be able to navigate the entire directory tree.

How Linux permissions work

Every file and folder has three permission sets: owner, group, and others. Each can have read (r/4), write (w/2), and execute (x/1). For directories, "execute" means "allowed to enter/traverse this directory."

When you run ls -l you see permissions like drwxr-xr-x. That's: owner can read/write/execute, group can read/execute, others can read/execute. The media server user needs at least read + execute on every folder and read on the files.

The auto-mount trap

If you're using desktop Linux and drives are auto-mounted (typically to /media/username/), there's a hidden problem: the directory /media/username is protected by an ACL (Access Control List) that only allows your user inside. The jellyfin user is blocked even if the drive itself has open permissions.

You can spot ACLs by a + at the end of permission strings in ls -l output.

Important

Don't fight ACLs on auto-mounts. Use /etc/fstab to mount drives yourself instead.

The fix: mount with fstab

  1. 1Find your drive: sudo fdisk -l (look for the drive by model/size).
  2. 2Get the UUID: sudo blkid /dev/sda1 - use the UUID, not the device path (device paths like /dev/sda can change between boots).
  3. 3Create a mount point: sudo mkdir /media/storage (mount outside your home directory).
  4. 4Add to /etc/fstab: UUID=your-uuid-here /media/storage ext4 defaults 0 0
  5. 5Mount it: sudo mount -a
  6. 6Set permissions: sudo chown -R youruser:jellyfin /media/storage then sudo chmod -R 750 /media/storage

Tip

The key is chown group to jellyfin (or emby) and chmod to 750. This gives your user full access, the media server read+traverse access, and blocks everyone else.

Key commands

  1. 1chmod 750 /path - owner gets rwx, group gets r-x, others get nothing.
  2. 2chown chris:jellyfin /path - change owner to chris, group to jellyfin.
  3. 3chmod g+x /path - add execute for group without changing anything else.
  4. 4sudo usermod -a -G jellyfin chris - add your user to the jellyfin group (useful for shared access).
  5. 5sudo usermod -a -G render,video jellyfin - add jellyfin to render/video groups (needed for hardware transcoding).

Docker avoids most of this

If permissions are driving you mad, Docker sidesteps the worst of it. Set the UID and GID environment variables in your container to match the user that owns your media files, and map the volumes correctly. The container's internal user then has the same permissions as your host user.

For the official Jellyfin Docker image, the MALLOC_TRIM_THRESHOLD_=131072 environment variable is already set, which significantly reduces RAM usage over time (from potentially 10 GB+ down to under 1 GB on long-running instances). The LinuxServer.io image doesn't include this fix.

Did this guide help?

Be the first to vote.

Related guides

Hardware transcoding setup

Remote access