diff --git a/services/qbittorrent.nix b/services/qbittorrent.nix
index 16a8d34..8235273 100644
--- a/services/qbittorrent.nix
+++ b/services/qbittorrent.nix
@@ -18,7 +18,9 @@
     ])
     (lib.vpnNamespaceOpenPort config.services.qbittorrent.webuiPort "qbittorrent")
     (lib.serviceFilePerms "qbittorrent" [
-      "Z ${config.services.qbittorrent.serverConfig.Preferences.Downloads.SavePath} 0750 ${config.services.qbittorrent.user} ${service_configs.media_group}"
+      # 0770: group (media) needs write to delete files during upgrades —
+      # Radarr/Sonarr must unlink the old file before placing the new one.
+      "Z ${config.services.qbittorrent.serverConfig.Preferences.Downloads.SavePath} 0770 ${config.services.qbittorrent.user} ${service_configs.media_group}"
       "Z ${config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath} 0700 ${config.services.qbittorrent.user} ${config.services.qbittorrent.group}"
       "Z ${config.services.qbittorrent.profileDir} 0700 ${config.services.qbittorrent.user} ${config.services.qbittorrent.group}"
     ])
@@ -28,6 +30,11 @@
     enable = true;
     webuiPort = service_configs.ports.torrent;
     profileDir = "/var/lib/qBittorrent";
+    # Set the service group to 'media' so the systemd unit runs with media as
+    # the primary GID. Linux assigns new file ownership from the process's GID
+    # (set by systemd's Group= directive), not from /etc/passwd. Without this,
+    # downloads land as qbittorrent:qbittorrent (0700), blocking Radarr/Sonarr.
+    group = service_configs.media_group;
 
     serverConfig.LegalNotice.Accepted = true;