Admin manual recommends placing data directory outside web root. Why?

From the Security and Hardening section of the admin manual:

It is highly recommended to place your data directory outside of the Web root (i.e. outside of /var/www). It is easiest to do this on a new installation.

Why?

Is it feared that misconfiguration of the web server will result in exposing data or are there more reasons?

Why doesn’t nextcloud default to outside the web root if that’s the recommendation?

Yes

Because it’s a web application, and therefore only automatically has permission to manipulate files and folders within the directories owned by the webserver user. Creating a directory outside of the webroot requires first making the folder and assigning permissions to the webserver user - that isn’t automated by the setup wizard and therefore would cause users problems.

1 Like

Thanks and I can understand that reason.

To no one in particular, I will say out load that it would be desirable for the web setup wizard to somehow indicate that the web root default is not recommended so that the admin has a chance to use a recommended location before committing. This is especially pertinent considering that Nextcloud does not support changing the data dir after installation.

The install wizard is encouraging the less-secure location by defaulting it inside web root. It should instead be a conscious, informed decision by the admin to choose.

I’d think it would be better to change the wizard data directory edit box to blank and add text nearby to this effect:

For maximum security, use a directory outside of the web root and grant permissions to www-data. For a less-secure, but easier install, use /var/www/nextcloud/data.

Not correct: There are both supported and unsupported way’s of moving the data directory after installation as described in this post : Is there a safe and reliable way to move data directory out of web root?

Quote from JasonBayton

Be aware, moving the data dir after installation is not supported and may cause issues.

Edit 2017 (as this is a popular topic):

If you have a fresh install, consider reinstalling with your preferred directory location.

Unofficially moving the data directory can be done as follows:

Make sure no cron jobs are running
Stop apache
Move /data to the new location
Change the config.php entry
Edit the database: In oc_storages change the path on the local::/old-data-dir/ entry
Ensure permissions are still correct
Restart apache

However this is not supported and you risk breaking your database. It’d be better if instead you:

Make sure no cron jobs are running
Stop apache
Move /data to the new location
Create a symlink from the original location to the new location
Ensure permissions are still correct
Restart apache

(Note, you may need to configure your webserver to support symlinks)

Which is supported by Nextcloud.

Unquote

I moved mine by using fstab to mount a copy of /ncdata on a new drive (in a NC-PI-Box) to the mount point where the old /ncdata was originally mounted to. So this is in essence the supported way, only the creating of the symlink isn’t required anymore.

Worth mentioning the supported method leaves the data directory accessible from the original location, and so too would fstab… so you’d need to use the unsupported method.

If I’m not mistaken, using a symlink means that the data dir is still effectively in the web root. It’s only beneficial for those that want to move the data physically and not for security reasons.

1 Like

Exactly, for security reasons you would need to move the data dir out of web root and configure your nextcloud accordingly.