User and folder rights? App can't access user folders


I installed SABnzbd from the AUR and the Arch Wiki says I can start it with “sabnzbd.service”.
It worked, I managed to start it, but when I try to change download folders in the web menu, I can’t access my users folders like ~/Downloads. I can’t select my home directory.

It also tells me to “Add users to the sabnzbd user group to allow read/write access to SABnzbd files.”
I did that and I hoped it would work after that but I still can’t choose my home directory folders.

Am I right when I assume that running the program as global user I can’t access my users folders because of missing rights and the entry above just gives my user the rights to access the download folders in /var/…

The Wiki also states that I could start the service as a user by starting as sabnzbd@myuser .service but I found some forum posts that say that this is not a good idea because the app can access all my data if I do that?

As a former Mac and Windows user I can’t wrap my head around this stuff. Could someone help me?
Is there a better way to do that besides those two options? Running as a global user it downloads everything deep into sub folders…

Did you log-out and back in to a session, or reboot?


Can you give a link, or quote of such posts?

Untrue. - I think your user might have an incomplete or broken profile in general. You could create a new user and then see if it works.

Question: You don’t have any firejail running?

Thank you for your answer!

Yes, several times.

It was late and I was trying to figure stuff out. I will look at my browser history at home.

It is just a regular EndeavourOS installation. I didn’t change anything, didn’t do any stuff after the install. It is pretty fresh and I didn’t mess around with rights other than the command above. I didn’t run into any problems with any other app I installed.
I have to admit I don’t even know what a firejail is.
I just installed EndeavourOS, nividia drivers, Steam, Kitty, and stuff from the official repository. Sab is the first app I installed with the AUR. Nothing strange happened till now.

1 Like

This is a choice you have to make. If you want the application to be able to access your ~/Downloads and your other user data then run the service as described above. But, of course, this will give it access to your data.

If you don’t want it to have access to your data, then you can’t expect to be able to access your ~/Downloads.

An alternative approach would be to save those files into the directory that the sabnzbd program is reading instead of saving them to downloads.


I see. So I did everything right and the difference in Linux is that a “for all users installation” has no access to a users data?

Is it possible to add a completely new user, lets call him Bob, and give my current user Andy access to Bobs personal folders but not the other way round?

Yes, the issue isn’t access to the software. All users can run the software. You are choosing to run the software as separate user already. That provides maximum security but doesn’t let the process access your data.

If you run the process as your user, it will have access to your user’s data.

Yes. However, I don’t think you need to do that in this particular case.

1 Like


Looks like you also have to set the permissions in the configuration :

That is different than the OPs issue. That is about what permissions the output files are saved with.

The OPs issue, as I understand it, is that the process can’t access the data in the first place because it doesn’t have rights.


Correct. I was used to choose any kind of folder I liked in Windows. We all know that Windows has a lot of security issues. So my problem was that I expected the same in Linux by running the process as global user and the app not having access to safe its downloads in my personal stuff folders under /home/andy/Downloads.

One last question, if I may ask?
I decided to keep the global solution… The thing is: I can copy the downloaded files out of /var/lib/sabnzbd but I can’t delete files there or copy files to that folder without sudo.

I did:

ls -ld /var/lib/sabnzbd/downloads


ls -l /var/lib/sabnzbd/downloads

to check group and file permission and got this output:

➜  ~ groups andy            
sys wheel rfkill autologin sabnzbd andy
➜  ~ ls -ld /var/lib/sabnzbd
drwxr-xr-x 5 sabnzbd sabnzbd 4096  8. Mai 18:04 /var/lib/sabnzbd
➜  ~ ls -l /var/lib/sabnzbd 
insgesamt 28
drwxr-xr-x 2 sabnzbd sabnzbd 4096  8. Mai 20:04 admin
drwxr-xr-x 4 sabnzbd sabnzbd 4096  8. Mai 18:04 Downloads
drwxr-xr-x 2 sabnzbd sabnzbd 4096  8. Mai 18:04 logs
-rw------- 1 sabnzbd sabnzbd 7024  8. Mai 18:26 sabnzbd.ini
-rw------- 1 sabnzbd sabnzbd 7024  8. Mai 18:26 sabnzbd.ini.bak

If I want Andy to be able to use these folders and its subfolders without limitations I can do:

sudo chmod -R g+w /var/lib/sabnzbd/


It is correct but that will only change the existing files.

You also need to change the setting @vazicebon mentioned above so that it creates new files with group write privs. I would set that setting to 0770

1 Like

Thank you!

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.