Access rights for external storage

Nextcloud version : 18.0.2
Operating system and version : Ubuntu Server 19.10 x64
Apache or nginx version : Apache 2.4.41
PHP version : 7.3.11

I’ve got multiple directories added as external storage. These directories are stored locally on my server. These directories/files have a chmod 777 set. They belong to a local user of the server, not www-data.

When I add files on my laptop in these directories, Nextcloud can’t sync them : “not allowed because you don’t have write access to this directory” (this is a rough translation, my client is in french).

I tried to add a file in the same directories directly on the server :

sudo -u www-data touch /path/to/local/storage/test.txt

And it works just fine.

I don’t have anything showing in the nextcloud logs related to my issue (or any log message at all that would appear at the time I tried to sync). Nothing in the Apache logs either.

Output of config.php (sensible infos removed/obfuscated) :

<?php
$CONFIG = array (
  'instanceid' => 'removed',
  'passwordsalt' => 'removed',
  'secret' => 'removed',
  'trusted_domains' =>
  array (
    0 => 'nextcloud.mydomain.tld',
  ),
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'localhost',
    'port' => 6379,
  ),
  'datadirectory' => '/mnt/raid/nextcloud_data',
  'dbtype' => 'pgsql',
  'version' => '18.0.2.2',
  'overwrite.cli.url' => 'https://nextcloud.mydomain.tld',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost:5432',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'removed',
  'dbpassword' => 'removed',
  'installed' => true,
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'tls',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'nextcloud',
  'mail_domain' => 'mydomain.tld',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'mysmtp.isp.tld',
  'mail_smtpport' => '587',
  'mail_smtpname' => 'me@mydomain.tld',
  'mail_smtppassword' => 'removed',
);

Normally that third 7 would give any other user read/write/execute access, but just for kicks, have you tried adding www-data to the group that owns the files?

Bear in mind, I think with your setup, www-data will own any new files created through Nextcloud.

Not sure if this was ever solved. I had a very similar problem with my Nextcloud instance, and the step I missed was adding the www-data user to the group on my Nextcloud instance and on the external storage.

My setup:
Nextcloud:

  1. Separate hardware with Xen Orchestra Community as the OS
  2. VM with Ubuntu Server 20
  3. Nextcloud installed

File Server:

  1. Separate hardware with Ubuntu Server 20 as the OS
  2. This is hosting all files with exportfs set up for smb and nfs, depending on the share and system it exports to.

I have one main user on both machines as uid 1000. This user is the primary user for all files and folders.

I have www-data as the user for Nextcloud.

The solution for me occurred when I added www-data as a user in the group with uid 1000 on both machines. File and folder permissions are 770, allowing the www-data user as part of the main user’s group still have access. My file server connects multiple desktop OS and users, as well as other apps, which is why I allow groups full access.

This was where I was not complete in my set up. I added the www-data user to the uid 1000 group on the Nextcloud machine, and it would not see the folders on the file server. After I added it on the server as well, then ran this command to rescan the files:

sudo -u www-data php -f /var/www/html/nextcloud/occ files:scan --all -vvv

Now, I do not get a Exception during scan: opendir - Permission denied error, and it is showing the scan entering all folders and reading all files.

Such a simple little thing I overlooked.