No Data for Jellyfin

[hectorg]

After many days of trying different things I am unable to get Jellyfin to read my movie dataset when the owner and group change to the desired owner and group although the permissions to my knowledge are correct. The setup is as follows.

Credentials
group created: media
- users in group: www-data, apps

Datasets
Pool Name: Pool 2
Dataset Name: Jelly

my movies are in the following path:  \mnt\Pool 2\Jelly\BoxOffice

Details for Jelly Dataset

- Owner: apps
- Group: apps

- POSIX Permissions

User Obj – apps / Read | Wite | Execute

Read | Write | Execute

Group Obj – apps / Read | Wite | Execute

Read | Write | Execute

Group – media / Read | Wite | Execute

Read | Write | Execute

Mask / Read | Wite | Execute

Read | Write | Execute

Other / None

None

User Obj – default – apps / Read | Wite | Execute

Read | Write | Execute

Group Obj – default – apps / Read | Wite | Execute

Read | Write | Execute

Group – default – media / Read | Wite | Execute

Read | Write | Execute

Mask – default / Read | Wite | Execute

Read | Write | Execute

Other – default / None
oe

If I go in to the dataset and apply owner / group and set all the permissions above recursively everything works perfectly.  The problem comes in when I perform an rsync from another server.  When I do this, it will change the permissions on purpose to match the system it is coming from. This changes the owner and group of the files to www-data:www-data as I show below. Technically when I do this it should still work because the dataset has the "media" group permissions assigned in the ACL ( see above has www-data in it ). I don't know why jellyfin is not able to read even if the permissions are set ( unless I am missing something). Yes I have stopped and started Jellyfin multiple times and yes I have even rebooted the NAS and nothing seems to work. I miagine I am missing some key thing but I have not been able to pinpoint it researching on forums and youtube. 

Before I perform my rsync it works but I do not want the files to remain owned by apps so while it works, it wont work for me. Here is the getfacl details.

root@truenas[/mnt/Pool 2]# getfacl /mnt/Pool\ 2/Jelly         
getfacl: Removing leading '/' from absolute path names
# file: mnt/Pool 2/Jelly
# owner: apps
# group: apps
user::rwx
group::rwx
group:media:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:media:rwx
default:mask::rwx
defaultther::---

root@truenas[/mnt/Pool 2]# getfacl /mnt/Pool\ 2/Jelly/BoxOffice
getfacl: Removing leading '/' from absolute path names
# file: mnt/Pool 2/Jelly/BoxOffice
# owner: apps
# group: apps
user::rwx
group::rwx
group:media:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:media:rwx
default:mask::rwx
defaultther::---

After my rsync, this is what the getfacl looks like. and at this point I am unable to scan the directory as Jellyfin loses all its access to the  files and makes me very unhappy in the process.  notice that only the BoxOffice permissions change owner and group but all else seems to remain the same. media should have permissions but Jellyfin seems to ignore them.

root@truenas[~]# getfacl /mnt/Pool\ 2/Jelly         
getfacl: Removing leading '/' from absolute path names
# file: mnt/Pool 2/Jelly
# owner: apps
# group: apps
user::rwx
group::rwx
group:media:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:media:rwx
default:mask::rwx
defaultther::---

root@truenas[~]# getfacl /mnt/Pool\ 2/Jelly/BoxOffice
getfacl: Removing leading '/' from absolute path names
# file: mnt/Pool 2/Jelly/BoxOffice
# owner: www-data
# group: www-data
user::rwx
group::rwx
group:media:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:media:rwx
default:mask::rwx
defaultther::---


in case it helps this is the rsync command I am using.
rsync -auzvP --delete -e "ssh -p22" "/path/to/files" "XXXXX@###.###.###.###mnt/Pool 2/Jelly"

[TheDreadPirate]

Why are you using ACLs instead of basic Linux permissions?

[hectorg]

A few reasons really,

1. I don't see how I would add permissions to a secondary group using the standard permissions editor. There is no way to add a group from what I can see.

2. All the tutorials and posts I have seen use them when dealing with a generic dataset. Maybe I missed something but isn't the standard permissions editor an ACL anyways?

[TheDreadPirate]

I think it would be better to ask what you are trying to achieve? ACLs are a PITA. If I needed multiple groups to have access to a shared directory I would add both to a new group and give THAT group permissions to the shared directory using basic RWX Linux permissions.

[hectorg]

That's sort of what I tried to do. I added www-data to the media group and applied the media group in an ACL on that dataset thinking that it would work. In the end, I want Jellyfin to be able to read the files owned by www-data so that I don't have to change the permissions of the files themselves. I am using truenas system as a backup hence why I don't really want to change permissions of the files and wanted to do it via ACL's even though they are a pain to deal with. I just so happened to enable Jellyfin since it seemed like it was going to be easy to do to server my media files from my backup.

[TheDreadPirate]

Ah. Ok. IMO, it would make more sense to add the jellyfin user to the www-data group.

[hectorg]

The user that runs Jellyfin is apps and that user is already in the media group.

Note that this is installed as an app in truenas if that helps any.