• Login
  • Register
  • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below
  • Forum
  • Website
  • GitHub
  • Status
  • Translation
  • Features
  • Team
  • Rules
  • Help
  • Feeds
User Links
  • Login
  • Register
  • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below

    Useful Links Forum Website GitHub Status Translation Features Team Rules Help Feeds
    Jellyfin Forum Support Troubleshooting WebUI Error Deleting Media

     
    • 0 Vote(s) - 0 Average

    WebUI Error Deleting Media

    Probably a permissions problem
    FortySixnTwo
    Offline

    Junior Member

    Posts: 5
    Threads: 1
    Joined: 2024 Jan
    Reputation: 0
    #1
    2024-01-25, 03:02 PM (This post was last modified: 2024-01-25, 03:08 PM by FortySixnTwo. Edited 2 times in total.)
    Hi,
    So I'm getting the error mentioned in the title when attempting to delete media via the WebUI. I've attached the logs below.
    SSH'd into the VM, and using su -u jellyfin to impersonate Jellyfin's user (Which is part of the group 'media'), I see the following permissions:


    Code:
    drwxrwxr-x 2 nobody media      4096 Oct  8 09:45  [Item Folder Name]
    -rwxrwxr-x 1 nobody media 1500774400 Oct  5  2021 [Item File Name]

    I can create, modify and delete files in the Film & TV directories using vi and rm when impersonating the jellyfin user, so I'm at a bit of a loss as to why the WebUI isn't able to. The only difference between the media files and a .txt created this way is that it's owned by the jellyfin user instead of nobody.

    Code:
    [2024-01-25 14:39:38.507 +00:00] [INF] Removing item, Type: "Movie", Name: " [ITEM] ", Path: "/shared/media/Film/[ITEM]", Id: a8cdbac4-88bb-b067-a025-4a926b1a3738
    [2024-01-25 14:39:38.512 +00:00] [INF] Deleting item path, Type: "Movie", Name: " [ITEM]", Path: "/shared/media/Film/ [ITEM] ", Id: a8cdbac4-88bb-b067-a025-4a926b1a3738
    [2024-01-25 14:39:38.515 +00:00] [ERR] Error processing request: "Access to the path '/shared/media/Film/ [ITEM] ' is denied". URL "DELETE" "/Items/a8cdbac488bbb067a0254a926b1a3738".
    tmsrxzar
    Offline

    Senior Member

    Posts: 755
    Threads: 6
    Joined: 2023 Nov
    Reputation: 20
    #2
    2024-01-25, 03:16 PM
    "The only difference between the media files and a .txt created this way is that it's owned by the jellyfin user instead of nobody."

    then make the owner of the files jellyfin and recheck, seems to be an easy test
    if it works; you know the problem and how to fix it

    if you use google you will see that 'nobody' owned files are an issue to delete in almost all situations on linux
    FortySixnTwo
    Offline

    Junior Member

    Posts: 5
    Threads: 1
    Joined: 2024 Jan
    Reputation: 0
    #3
    2024-01-25, 03:46 PM
    I did google a whole bunch of stuff, have been for hours, just not the correct thing by the looks of it. Thanks for bringing my attention to the actual issue instead of the stuff I've been fixating on.

    Assuming I must ensure all of my files are owned by a known user, does this not mean I'll have to map every uid I'm planning on using to every container that might need full write permissions? I know it's well beyond the question, or this forum, but at first glance it seems to me like that will significantly reduce the security all this id mapping provides.
    TheDreadPirate
    Offline

    Community Moderator

    Posts: 15,374
    Threads: 10
    Joined: 2023 Jun
    Reputation: 460
    Country:United States
    #4
    2024-01-25, 05:43 PM
    If you have a directory where multiple users need access and have similar permission needs you would need to create a group, add all those users to this new group, and then set the group permissions on the shared directory accordingly.
    Jellyfin 10.10.7 (Docker)
    Ubuntu 24.04.2 LTS w/HWE
    Intel i3 12100
    Intel Arc A380
    OS drive - SK Hynix P41 1TB
    Storage
        4x WD Red Pro 6TB CMR in RAIDZ1
    [Image: GitHub%20Sponsors-grey?logo=github]
    FortySixnTwo
    Offline

    Junior Member

    Posts: 5
    Threads: 1
    Joined: 2024 Jan
    Reputation: 0
    #5
    2024-01-25, 09:23 PM
    The shared dir is owned by group 1002 and my jellyfin user is part of that group. Which I reckon is why I can create and delete my own files in those dirs but I assume nobody being the user that owns the existing files is stopping jellyfin from modifying. Haven't had time to try mapping all those other uids.
    tmsrxzar
    Offline

    Senior Member

    Posts: 755
    Threads: 6
    Joined: 2023 Nov
    Reputation: 20
    #6
    2024-01-25, 09:51 PM
    i wouldn't offer or accept security advice on this forum, sorry
    FortySixnTwo
    Offline

    Junior Member

    Posts: 5
    Threads: 1
    Joined: 2024 Jan
    Reputation: 0
    #7
    2024-01-26, 12:26 PM
    I had a chance to try your suggestion. I changed the owner of the File & Folder to be deleted in the WebUI to 1005, the jellyfin user account. I still get the 'Error deleting media' message.

    This time however, the file has been deleted. So my assumption here is that the folder containing the file/folder Jellyfin needs to modify must also be owned by a known user.

    I'm going to map the entire range of uids that will own any files that Jellyfin might need modify rights for, hopefully any security drawbacks from doing this are less severe than just running all my containers unpriviliged.
    FortySixnTwo
    Offline

    Junior Member

    Posts: 5
    Threads: 1
    Joined: 2024 Jan
    Reputation: 0
    #8
    2024-01-27, 11:42 AM (This post was last modified: 2024-01-27, 01:54 PM by FortySixnTwo. Edited 6 times in total.)
    Files & folders are now mapped to users for the Jellyfin VM.

    Still can't delete any files/folder using the webui which are owned by the media group but not the jellyfin user.

    I can delete the files & folders using rm, when logged in as the jellyfin user via ssh.

    So back again to the WebUI being unable to delete media but the user account being able to in shell.

    User is no longer nobody, group owner is 'media'.
    Code:
    jellyfin@jellyfin:/root$ ls -l /shared/media/Film/[ITEM]
    total 1436188
    -rwxrwxr-x 1 1000 media        37 Oct  5  2021 '[FileName].txt'
    -rwxrwxr-x 1 1000 media        609 Oct  5  2021  [filename].NFO
    -rwxrwxr-x 1 1000 media 1470642428 Oct  5  2021  [item].avi
    jellyfin@jellyfin:/root$ ls -l "/shared/media/Film/[item]/[filename].txt"
    -rwxrwxr-x 1 1000 media 37 Oct  5  2021 '/shared/media/Film/[item]/[filename].txt'
    Files can be deleted.
    Code:
    jellyfin@jellyfin:/root$ rm "/shared/media/Film/[item]/[filename].txt"
    jellyfin@jellyfin:/root$ ls -l "/shared/media/Film/[item]/[filename].txt"
    ls: cannot access '/shared/media/Film/[item]/[filename].txt': No such file or directory
    Directories can also be deleted by the 'jellyfin' user.
    Code:
    jellyfin@jellyfin:/root$ rm -rf /shared/media/Film/[item]/
    jellyfin@jellyfin:/root$ ls -l /shared/media/Film/[item]/
    ls: cannot access '/shared/media/Film/[item]/': No such file or directory

    Why does the WebUI not work with just group ownership & group wrx permissions when the jellyfin user account works with just group perms? Does the WebUI use a different user for deleting things?

    Edit: WebUI WILL delete a folder or directory if the parent directory belongs the 'jellyfin' account. So it looks to me like the WebUI is either ignoring the group ownership or write permissions, or it's operating under sticky bit permissions even though I don't have sticky bit set.

    Edit2: Does the WebUI use the account set in jellyfin.service.d.conf, 'jellyfin' for me, for all operations? That's the only thing i can think might be an issue at this point.
    « Next Oldest | Next Newest »

    Users browsing this thread: 1 Guest(s)


    • View a Printable Version
    • Subscribe to this thread
    Forum Jump:

    Home · Team · Help · Contact
    © Designed by D&D - Powered by MyBB
    L


    Jellyfin

    The Free Software Media System

    Linear Mode
    Threaded Mode