Folder permission loophole with Nextcloud installation

linux-mintnextcloudpermissionssnap

I have installed Nextcloud via snap on a Linux Mint 20.2 Cinnamon system.
Since I wanted Nextcloud to use a dedicated HD for its data, I have mounted an HD to /mnt/nextcloud and made a /data folder into it as explained here https://github.com/nextcloud-snap/nextcloud-snap/wiki/Change-data-directory-to-use-another-disk-partition

The installation seems to work at first, I can go to localhost and set up username and password. After that though, I get the following error:

Your data directory is invalid

Ensure there is a file called ".ocdata" in the root of the data directory.

Your data directory is not writable

Permissions can usually be fixed by giving the webserver write access to the root directory. See https://docs.nextcloud.com/server/21/go.php?to=admin-dir_permissions.

The file .ocdata is actually in the directory, so it must be a permission problem. But if I change the folder permission from 0770 to 777 I get:

Your data directory is readable by other users

Please change the permissions to 0770 so that the directory cannot be listed by other users.

If I change it back to 0770, I get the first error.
The link https://docs.nextcloud.com/server/21/go.php?to=admin-dir_permissions doesn't point to any solution either.

I have also tried sudo chown -R www-data:www-data /mnt/nextcloud/data, but I still get the first error.

Any idea on how to deal with this?

Best Answer

The snap runs as confined root. Try sudo chown -R root:root /mnt/nextcloud/data.

Related Solutions

Linux – cannot create directory. permission denied. but i have permission

The /sys directory in Linux is deceptive. Unlike most other directories, it does not provide persistent storage for arbitrary files.

Rather, it's a way to look at the systems's devices - their states and configurations. These files go away between boots and are dynamically generated by your system at startup. It is normal to be denied permission to write new files or directories there, even as root. You can detect these filesystems by viewing the mount type:

$ mount
none on /dev/pts type devpts (rw,nosuid,noexec,relatime,mode=600)
none on /proc type proc (rw,nosuid,nodev,noexec,relatime)
none on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nosuid,nodev,noexec,relatime)
none on /sys/fs/fuse/connections type fusectl (rw,relatime)
none on /run type tmpfs (rw,nosuid,noexec,relatime,size=3284248k,mode=755)
/dev/md2 on /home type ext4 (rw,relatime,user_xattr,acl,barrier=1,data=ordered,discard)

devpts, proc, sysfs, binfmt_misc, and fusectl are all dynamically generated filesystems that reflect internal system information, and aren't for normal filesystem use. You will likely get permission denied errors even as root or other issues if you try to use these as a normal filesystem.
tmpfs is a temporary filesystem which resides within RAM - You can write to here and use it like a normal filesystem, but anything saved here will be erased as soon as the computer shuts down. Copy your files elsewhere if you want to save them.
ext4 is an actual filesystem on a device somewhere. Data saved here will be preserved like you would expect on a harddisk. There are many filesystems, but the key note is how this line has /dev/md2 instead of none: none means that there is no device backing the filesystem - it doesn't really exist, and is entirely virtual. If a mount point has an actual device (like /dev/sda1 or /dev/md1), then that means the contents actually exist on a device somewhere.

Would you be able to put your edited files in another directory? Or do you specifically mean to edit the configuration of a device?

Change owncloud data directory to an external drive

Got it myself!

By default you are not able to set permissions on NTFS formatted drives, but with NTFS-3G you can. Just enable it on mount.

Add permissions to the options in /etc/fstab/. It should look like this:

UUID=xxxxxxxxx   /home/pi/media    ntfs-3g     defaults,permissions      0       0

Reboot your Raspberry Pi so that the drive get mounted with permissions.

sudo shutdown -r now

Now you are able to set permissions. For owncloud like this:

sudo chown -R www-data:www-data /home/pi/media/owncloud/data

Best Answer

Related Solutions

Linux – cannot create directory. permission denied. but i have permission

Change owncloud data directory to an external drive

Related Question