minidlna can't access my /home

Charly La Celle · 2026-02-23 11:41:07

Hi,
I installed minidlna following the wiki.

Thes server can't acces my /home/<user>/musique complaining it hasn't ths sufficient rights.

But this directory has 755 permissions, so the minidlna user can access it.

I'm aware of the bug https://bbs.archlinux.org/viewtopic.php … 69#p311169 but i guess it doesn't apply here.

/etc/minidlna.conf

# port for HTTP (descriptions, SOAP, media transfer) traffic
port=8200

# network interfaces to serve, comma delimited (8 interfaces max)
#network_interface=eth0

# specify the user account name or uid to run as
user=minidlna

# set this to the directory you want scanned.
# * if you want multiple directories, you can have multiple media_dir= lines
# * if you want to restrict a media_dir to specific content types, you
#   can prepend the types, followed by a comma, to the directory:
#   + "A" for audio  (eg. media_dir=A,/home/jmaggard/Music)
#   + "V" for video  (eg. media_dir=V,/home/jmaggard/Videos)
#   + "P" for images (eg. media_dir=P,/home/jmaggard/Pictures)
#   + "PV" for pictures and video (eg. media_dir=PV,/home/jmaggard/digital_camera)
media_dir=/home/user/musique

# set this to merge all media_dir base contents into the root container
# note: the default is no
merge_media_dirs=yes

# set this if you want to customize the name that shows up on your clients
friendly_name=My DLNA Server

# set this if you would like to specify the directory where you want MiniDLNA to store its database and album art cache
#db_dir=/var/cache/minidlna

# set this if you would like to specify the directory where you want MiniDLNA to store its log file
#log_dir=/var/log

# set this to change the verbosity of the information that is logged
# each section can use a different level: off, fatal, error, warn, info, or debug
#log_level=general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=warn

# this should be a list of file names to check for when searching for album art
# note: names should be delimited with a forward slash ("/")
album_art_names=Cover.jpg/cover.jpg/AlbumArtSmall.jpg/albumartsmall.jpg/AlbumArt.jpg/albumart.jpg/Album.jpg/album.jpg/Folder.jpg/folder.jpg/Thumb.jpg/thumb.jpg

# set this to no to disable inotify monitoring to automatically discover new files
# note: the default is yes
inotify=no

# set this to yes to enable support for streaming .jpg and .mp3 files to a TiVo supporting HMO
enable_tivo=no

# set this to beacon to use legacy broadcast discovery method
# defauts to bonjour if avahi is available
tivo_discovery=bonjour

# set this to strictly adhere to DLNA standards.
# * This will allow server-side downscaling of very large JPEG images,
#   which may hurt JPEG serving performance on (at least) Sony DLNA products.
strict_dlna=no

# default presentation url is http address on port 80
#presentation_url=http://www.mylan/index.php

# notify interval in seconds. default is 895 seconds.
notify_interval=900

# serial and model number the daemon will report to clients
# in its XML description
serial=12345678
model_number=1

# specify the path to the MiniSSDPd socket
#minissdpdsocket=/var/run/minissdpd.sock

# use different container as root of the tree
# possible values:
#   + "." - use standard container (this is the default)
#   + "B" - "Browse Directory"
#   + "M" - "Music"
#   + "V" - "Video"
#   + "P" - "Pictures"
#   + Or, you can specify the ObjectID of your desired root container (eg. 1$F for Music/Playlists)
# if you specify "B" and client device is audio-only then "Music/Folders" will be used as root
#root_container=.

# always force SortCriteria to this value, regardless of the SortCriteria passed by the client
# note: you can prepend the sort criteria with "!" to alter the titles of the objects so that they
# will be alphanumerically sorted in the order you specify here, to work around clients that do their
# own alphanumeric sorting.
#force_sort_criteria=+upnp:class,+upnp:originalTrackNumber,+dc:title

# maximum number of simultaneous connections
# note: many clients open several simultaneous connections while streaming
#max_connections=50

# set this to yes to allow symlinks that point outside user-defined media_dirs.
#wide_links=no

# enable subtitle support by default on unknown clients.
# note: the default is yes
#enable_subtitles=yes

systemctl status minidlna.service

● minidlna.service - minidlna server
     Loaded: loaded (/usr/lib/systemd/system/minidlna.service; enabled; preset: disabled)
    Drop-In: /etc/systemd/system/minidlna.service.d
             └─override.conf
     Active: active (running) since Mon 2026-02-23 12:10:41 CET; 15min ago
 Invocation: be5c5a0e1ca542b7a69960eac19f81a5
   Main PID: 26409 (minidlnad)
      Tasks: 1 (limit: 9388)
     Memory: 13M (peak: 13.4M)
        CPU: 71ms
     CGroup: /system.slice/minidlna.service
             └─26409 /usr/bin/minidlnad -S

Feb 23 12:10:41 shuttle systemd[1]: Starting minidlna server...
Feb 23 12:10:41 shuttle systemd[1]: Started minidlna server.
Feb 23 12:10:41 shuttle minidlnad[26409]: [2026/02/23 12:10:41] minidlna.c:669: error: Media directory "/home/user/musique" not accessible [Permission denied]
Feb 23 12:10:41 shuttle minidlnad[26409]: minidlna.c:1134: warn: Starting MiniDLNA version 1.3.3.
Feb 23 12:10:41 shuttle minidlnad[26409]: minidlna.c:1182: warn: HTTP listening on port 8200

ls -lisa /home/user/musique

total 92424
21655501     4 drwxr-xr-x  3 user user     4096 Feb 23 11:50 .
21364738     4 drwx------ 55 user user     4096 Feb 23 12:26 ..
22422325    16 drwxr-xr-x  2 user user    16384 Aug 18  2025 parisdjs
21657987 92400 -rw-r--r--  1 user user 94615614 Feb 23 11:50 rickroll.mp4

WorMzy · 2026-02-23 11:59:11

I'm not sure what that ~20 year old topic has to do with your issue? Did you copy/paste the wrong link?

Please share the outputs of

$ systemctl cat minidlna.service

and

$ systemctl show minidlna.service

just4arch · 2026-02-23 12:26:48

If you don't have a dedicated path for you library, you'll have to override the service file, something along

# /etc/systemd/system/minidlna.service.d/Protect.conf
[Service]
ProtectHome=read-only
ReadWritePaths=/home/dlna/.minidlna/

Set ReadWritePaths when you want to keep the database etc. in your home as well.
But be aware of the security implications this brings along.

Charly La Celle · 2026-02-23 12:29:38

(oops wrong post id : https://bbs.archlinux.org/viewtopic.php?id=311169)

systemctl cat minidlna.service

# /usr/lib/systemd/system/minidlna.service
[Unit]
Description=minidlna server
After=network.target

[Service]
Type=exec
DynamicUser=yes
ExecStart=/usr/bin/minidlnad -S
RuntimeDirectory=minidlna
CacheDirectory=minidlna
ProtectSystem=full
ProtectHome=on
PrivateDevices=on
NoNewPrivileges=on

[Install]
WantedBy=multi-user.target

# /etc/systemd/system/minidlna.service.d/override.conf
[Service]
ProtectHome=read-only

systemctl show minidlna.service

Id=minidlna.service
Names=minidlna.service
Requires=system.slice -.mount sysinit.target
Wants=-.mount
WantedBy=multi-user.target
Conflicts=shutdown.target
Before=shutdown.target multi-user.target
After=-.mount system.slice basic.target network.target systemd-remount-fs.service sysinit.target systemd-journald.socket
RequiresMountsFor=/run/minidlna /var/cache/minidlna
WantsMountsFor=/var
Description=minidlna server
LoadState=loaded
ActiveState=active
FreezerState=running
SubState=running
FragmentPath=/usr/lib/systemd/system/minidlna.service
DropInPaths=/etc/systemd/system/minidlna.service.d/override.conf
UnitFileState=enabled
UnitFilePreset=disabled
StateChangeTimestamp=Mon 2026-02-23 12:10:41 CET
StateChangeTimestampMonotonic=12812415442
InactiveExitTimestamp=Mon 2026-02-23 12:10:41 CET
InactiveExitTimestampMonotonic=12812387080
ActiveEnterTimestamp=Mon 2026-02-23 12:10:41 CET
ActiveEnterTimestampMonotonic=12812415442
ActiveExitTimestamp=Mon 2026-02-23 12:10:41 CET
ActiveExitTimestampMonotonic=12812380427
InactiveEnterTimestamp=Mon 2026-02-23 12:10:41 CET
InactiveEnterTimestampMonotonic=12812384519
CanStart=yes
CanStop=yes
CanReload=no
CanIsolate=no
CanClean=runtime cache
CanFreeze=yes
CanLiveMount=yes
StopWhenUnneeded=no
RefuseManualStart=no
RefuseManualStop=no
AllowIsolate=no
DefaultDependencies=yes
SurviveFinalKillSignal=no
OnSuccessJobMode=fail
OnFailureJobMode=replace
IgnoreOnIsolate=no
NeedDaemonReload=no
JobTimeoutUSec=infinity
JobRunningTimeoutUSec=infinity
JobTimeoutAction=none
ConditionResult=yes
AssertResult=yes
ConditionTimestamp=Mon 2026-02-23 12:10:41 CET
ConditionTimestampMonotonic=12812385381
AssertTimestamp=Mon 2026-02-23 12:10:41 CET
AssertTimestampMonotonic=12812385383
Transient=no
Perpetual=no
StartLimitIntervalUSec=10s
StartLimitBurst=5
StartLimitAction=none
FailureAction=none
SuccessAction=none
InvocationID=be5c5a0e1ca542b7a69960eac19f81a5
CollectMode=inactive
DebugInvocation=no
Type=exec
ExitType=main
Restart=no
RestartMode=normal
NotifyAccess=none
RestartUSec=100ms
RestartSteps=0
RestartMaxDelayUSec=infinity
RestartUSecNext=100ms
TimeoutStartUSec=1min 30s
TimeoutStopUSec=1min 30s
TimeoutAbortUSec=1min 30s
TimeoutStartFailureMode=terminate
TimeoutStopFailureMode=terminate
RuntimeMaxUSec=infinity
RuntimeRandomizedExtraUSec=0
WatchdogUSec=0
WatchdogTimestampMonotonic=0
RootDirectoryStartOnly=no
RemainAfterExit=no
GuessMainPID=yes
MainPID=26409
ControlPID=0
FileDescriptorStoreMax=0
NFileDescriptorStore=0
FileDescriptorStorePreserve=restart
StatusErrno=0
Result=success
ReloadResult=success
CleanResult=success
LiveMountResult=success
UID=61737
GID=61737
NRestarts=0
OOMPolicy=stop
ReloadSignal=1
ExecMainStartTimestamp=Mon 2026-02-23 12:10:41 CET
ExecMainStartTimestampMonotonic=12812386599
ExecMainExitTimestampMonotonic=0
ExecMainHandoffTimestamp=Mon 2026-02-23 12:10:41 CET
ExecMainHandoffTimestampMonotonic=12812414905
ExecMainPID=26409
ExecMainCode=0
ExecMainStatus=0
ExecStart={ path=/usr/bin/minidlnad ; argv[]=/usr/bin/minidlnad -S ; ignore_errors=no ; start_time=[Mon 2026-02-23 12:10:41 CET] ; stop_time=[n/a] ; pid=26409 ; code=(null) ; status=0/0 }
ExecStartEx={ path=/usr/bin/minidlnad ; argv[]=/usr/bin/minidlnad -S ; flags= ; start_time=[Mon 2026-02-23 12:10:41 CET] ; stop_time=[n/a] ; pid=26409 ; code=(null) ; status=0/0 }
Slice=system.slice
ControlGroup=/system.slice/minidlna.service
ControlGroupId=7797
MemoryCurrent=13524992
MemoryPeak=14143488
MemorySwapCurrent=0
MemorySwapPeak=0
MemoryZSwapCurrent=0
MemoryAvailable=7202607104
EffectiveMemoryMax=8227512320
EffectiveMemoryHigh=8227512320
CPUUsageNSec=79520000
EffectiveCPUs=0-3
EffectiveMemoryNodes=0
TasksCurrent=1
EffectiveTasksMax=9388
IPIngressBytes=[no data]
IPIngressPackets=[no data]
IPEgressBytes=[no data]
IPEgressPackets=[no data]
IOReadBytes=[not set]
IOReadOperations=[not set]
IOWriteBytes=[not set]
IOWriteOperations=[not set]
OOMKills=0
ManagedOOMKills=0
Delegate=no
CPUWeight=[not set]
StartupCPUWeight=[not set]
CPUQuotaPerSecUSec=infinity
CPUQuotaPeriodUSec=infinity
IOAccounting=no
IOWeight=[not set]
StartupIOWeight=[not set]
MemoryAccounting=yes
DefaultMemoryLow=0
DefaultStartupMemoryLow=0
DefaultMemoryMin=0
MemoryMin=0
MemoryLow=0
StartupMemoryLow=0
MemoryHigh=infinity
StartupMemoryHigh=infinity
MemoryMax=infinity
StartupMemoryMax=infinity
MemorySwapMax=infinity
StartupMemorySwapMax=infinity
MemoryZSwapMax=infinity
StartupMemoryZSwapMax=infinity
MemoryZSwapWriteback=yes
DevicePolicy=closed
TasksAccounting=yes
TasksMax=9388
IPAccounting=no
ManagedOOMSwap=auto
ManagedOOMMemoryPressure=auto
ManagedOOMMemoryPressureLimit=0
ManagedOOMMemoryPressureDurationUSec=[not set]
ManagedOOMPreference=none
MemoryPressureWatch=auto
MemoryPressureThresholdUSec=200ms
CoredumpReceive=no
UMask=0022
LimitCPU=infinity
LimitCPUSoft=infinity
LimitFSIZE=infinity
LimitFSIZESoft=infinity
LimitDATA=infinity
LimitDATASoft=infinity
LimitSTACK=infinity
LimitSTACKSoft=8388608
LimitCORE=infinity
LimitCORESoft=infinity
LimitRSS=infinity
LimitRSSSoft=infinity
LimitNOFILE=524288
LimitNOFILESoft=1024
LimitAS=infinity
LimitASSoft=infinity
LimitNPROC=31295
LimitNPROCSoft=31295
LimitMEMLOCK=8388608
LimitMEMLOCKSoft=8388608
LimitLOCKS=infinity
LimitLOCKSSoft=infinity
LimitSIGPENDING=31295
LimitSIGPENDINGSoft=31295
LimitMSGQUEUE=819200
LimitMSGQUEUESoft=819200
LimitNICE=0
LimitNICESoft=0
LimitRTPRIO=0
LimitRTPRIOSoft=0
LimitRTTIME=infinity
LimitRTTIMESoft=infinity
RootEphemeral=no
OOMScoreAdjust=0
CoredumpFilter=0x33
Nice=0
IOSchedulingClass=2
IOSchedulingPriority=4
CPUSchedulingPolicy=0
CPUSchedulingPriority=0
CPUAffinityFromNUMA=no
NUMAPolicy=n/a
TimerSlackNSec=50000
CPUSchedulingResetOnFork=no
NonBlocking=no
StandardInput=null
StandardOutput=journal
StandardError=inherit
TTYReset=no
TTYVHangup=no
TTYVTDisallocate=no
SyslogPriority=30
SyslogLevelPrefix=yes
SyslogLevel=6
SyslogFacility=3
LogLevelMax=-1
LogRateLimitIntervalUSec=0
LogRateLimitBurst=0
SecureBits=0
CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore
User=minidlna
Group=minidlna
DynamicUser=yes
SetLoginEnvironment=yes
RemoveIPC=yes
PrivateTmp=yes
PrivateTmpEx=disconnected
PrivateDevices=yes
ProtectClock=no
ProtectKernelTunables=no
ProtectKernelModules=no
ProtectKernelLogs=no
ProtectControlGroups=no
ProtectControlGroupsEx=no
PrivateNetwork=no
PrivateUsers=no
PrivateUsersEx=no
PrivateMounts=no
PrivateIPC=no
PrivatePIDs=no
ProtectHome=read-only
ProtectSystem=strict
SameProcessGroup=no
UtmpMode=init
IgnoreSIGPIPE=yes
NoNewPrivileges=yes
SystemCallErrorNumber=2147483646
LockPersonality=no
RuntimeDirectorySymlink=minidlna:
RuntimeDirectoryPreserve=no
RuntimeDirectoryMode=0755
RuntimeDirectory=minidlna
StateDirectoryMode=0755
StateDirectoryAccounting=no
StateDirectoryQuota=[not set]
CacheDirectorySymlink=minidlna:
CacheDirectoryMode=0755
CacheDirectoryAccounting=no
CacheDirectoryQuota=[not set]
CacheDirectory=minidlna
LogsDirectoryMode=0755
LogsDirectoryAccounting=no
LogsDirectoryQuota=[not set]
ConfigurationDirectoryMode=0755
TimeoutCleanUSec=infinity
MemoryDenyWriteExecute=no
RestrictRealtime=no
RestrictSUIDSGID=yes
RestrictNamespaces=no
DelegateNamespaces=18446744073709551615
MountAPIVFS=no
BindLogSockets=no
KeyringMode=private
ProtectProc=default
ProcSubset=all
ProtectHostname=no
PrivateBPF=no
MemoryKSM=no
RootImagePolicy=root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent
MountImagePolicy=root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent
ExtensionImagePolicy=root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent
KillMode=control-group
KillSignal=15
RestartKillSignal=15
FinalKillSignal=9
SendSIGKILL=yes
SendSIGHUP=no
WatchdogSignal=6

Charly La Celle · 2026-02-23 12:51:34

@just4arch

- Following the wiki, I wrote a file named override.conf instead of your Protect.conf. Does it matter ?

- And mine has only the following lines

[Service]
ProtectHome=read-only

I see many uses of ReadWritePaths in the wiki but none in the minidlna page.
Sorry I don't get the purpose of it.

WorMzy · 2026-02-23 13:01:12

Okay, so you have the correct override, and it's taking effect. The issue is that the home directory is not accessible to anyone other than 'user':

21364738     4 drwx------ 55 user user     4096 Feb 23 12:26 ..

You can either make the directory traversable to 'everyone else', (chmod o+x /home/user), or you can add minidlna to the 'user' group, and add group access to the directory (chmod g+x /home/user).

Charly La Celle · 2026-02-23 13:36:09

I guess there's no `minidlna` user.
Can't see it in `/etc/passwd`. And the wiki says so.

seth · 2026-02-23 13:45:41

/etc/minidlna.conf

user=minidlna

systemctl show minidlna.service

User=minidlna
DynamicUser=yes

But I highly recommend to do neither of this but instead bind mount /home/user/musique into a public path (eg. in /serv)
Edit: you can this way also change it to be read-only outside your $HOME

Last edited by seth (2026-02-23 13:46:12)

Charly La Celle · 2026-02-23 14:11:20

$ sudo su minidlna
[sudo] password for <user>:
su: user minidlna does not exist or the user entry does not contain all the required fields
$ groups minidlna
groups: 'minidlna': no such user

Scimmia · 2026-02-23 14:30:05

Yes, that's normal with "DynamicUser".

Charly La Celle · 2026-02-23 16:30:49

Okay I followed Seth's way:

# mkdir -p /srv/dlna
# mount --bind /home/user/musique /srv/dlna

Plus
- the according fstab line

/home/user/musique /srv/dlna none bind 0 0

- in /etc/minidlna.conf

media_dir = /srv/dlna

- restart minidlna.service

# systemctl restart minidlna

seth · 2026-02-23 17:13:15

\o/
Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

Charly La Celle · 2026-03-08 09:36:58

Sorry I can't find out to edit my post title. I feel old sometimes.

seth · 2026-03-08 14:08:55

https://bbs.archlinux.org/misc.php?edit.php=2288413 will allow you to edit your original post (there's a link in the lower right corner) and there you can also change the subject line.

Arch Linux

#1 2026-02-23 11:41:07

minidlna can't access my /home

#2 2026-02-23 11:59:11

Re: minidlna can't access my /home

#3 2026-02-23 12:26:48

Re: minidlna can't access my /home

#4 2026-02-23 12:29:38

Re: minidlna can't access my /home

#5 2026-02-23 12:51:34

Re: minidlna can't access my /home

#6 2026-02-23 13:01:12

Re: minidlna can't access my /home

#7 2026-02-23 13:36:09

Re: minidlna can't access my /home

#8 2026-02-23 13:45:41

Re: minidlna can't access my /home

#9 2026-02-23 14:11:20

Re: minidlna can't access my /home

#10 2026-02-23 14:30:05

Re: minidlna can't access my /home

#11 2026-02-23 16:30:49

Re: minidlna can't access my /home

#12 2026-02-23 17:13:15

Re: minidlna can't access my /home

#13 2026-03-08 09:36:58

Re: minidlna can't access my /home

#14 2026-03-08 14:08:55

Re: minidlna can't access my /home

Board footer