2024-01-06, 04:48 PM
(This post was last modified: 2024-01-06, 04:48 PM by alphamike-1612.)
Hello,
TL;DR - Can the web-ui files located at /usr/share/jellyfin/web-ui be owned by user jellyfin, without creating a vulnerability? (Default ownership is root)
I have tried searching the official docs and forums and reddit but couldnt find what I was looking for.
System - Debian 12 Bookworm x64.
I have installed jellyfin via the manual method (add repo, install jellyfin with sudo apt install). In this case, user jellyfin has been created who owns the log files at /var/log/jellyfin and the json/xml files at etc/jellyfin.
However, the web-ui at /usr/share/jellyfin is owned by root. (The folder jellyfin itself is also owned by root.) This is not a problem in day to day use, but whenever I use plugins that would like to modify the index.html file inside this folder, they complain and I am required to manually enter the values inside the file.
I am tempted to change ownership of this folder also to the user jellyfin but I am wondering if there is a reason behind why the automatic install chose to keep this directory under root control?
In other words, by changing the ownership am I inviting trouble for myself?
If it makes a difference to security, my interface is accessible remotely via a reverse proxy. In other words, this means that my jellyfin cannot differentiate between a local and a remote connection since according to it, all connections originate from beyond the reverse proxy.
Thank you,
alphamike-1612
TL;DR - Can the web-ui files located at /usr/share/jellyfin/web-ui be owned by user jellyfin, without creating a vulnerability? (Default ownership is root)
I have tried searching the official docs and forums and reddit but couldnt find what I was looking for.
System - Debian 12 Bookworm x64.
I have installed jellyfin via the manual method (add repo, install jellyfin with sudo apt install). In this case, user jellyfin has been created who owns the log files at /var/log/jellyfin and the json/xml files at etc/jellyfin.
However, the web-ui at /usr/share/jellyfin is owned by root. (The folder jellyfin itself is also owned by root.) This is not a problem in day to day use, but whenever I use plugins that would like to modify the index.html file inside this folder, they complain and I am required to manually enter the values inside the file.
I am tempted to change ownership of this folder also to the user jellyfin but I am wondering if there is a reason behind why the automatic install chose to keep this directory under root control?
In other words, by changing the ownership am I inviting trouble for myself?
If it makes a difference to security, my interface is accessible remotely via a reverse proxy. In other words, this means that my jellyfin cannot differentiate between a local and a remote connection since according to it, all connections originate from beyond the reverse proxy.
Thank you,
alphamike-1612
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github){kind=icon}