AIO: The www-data user doesn't seem to have access rights in the datadir

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face: is for home/non-enterprise users. If you’re running a business, paid support can be accessed via where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:


Or for longer, use three backticks above and below the code snippet:


Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 20.0.5): AIO: v7.9.0
Operating system and version (eg, Ubuntu 20.04): Fedora Silverblue 39
Apache or nginx version (eg, Apache 2.4.25): AIO v7.9.0
PHP version (eg, 7.4): AIO v7.9.0

The issue you are facing:

Following the directions at Rootless Podman Quadlet · nextcloud/all-in-one · Discussion #3487 · GitHub, I successfully ran NC AIO over cloudflare tunnel on an arm sbc taped to my wall, which is p. cool.

While uploading photos from my mobile, the host machine went down for suspend and for reasons i’d prefer not to think about that caused the arm sbc taped to my wall to power off unexpectedly.

Here are the contents of ~/.config/containers/systemd/nextcloud-aio-mastercontainer.container:

Description=Nextcloud AIO Master Container

	# AIO needs to turn off SELinux labeling

	# Allows to adjust borgs retention policy.
	# See
Environment=BORG_RETENTION_POLICY=--keep-within=7d --keep-weekly=4 --keep-monthly=6
	# Allows to set the host directory for Nextcloud's datadir.
	# ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done!
	# See
	# Can be adjusted if you need more.
	# See
	# Necessary for cloudflare tunnel


And the contents of ~/.config/containers/systemd/nextcloud-aio-mastercontainer.volume


After restarting the host server, I performed the following steps:

  1. remove all volumes and destroy the data dir
❯ podman volume ls

❯ ls -ldZ ~/Public/nextcloud/ncdata
ls: cannot access '/var/home/powersfamily/Public/nextcloud/ncdata': No such file or directory

I then started the nextcloud-aio-mastercontainer service:

❯ systemctl --user daemon-reload

❯ systemctl --user start nextcloud-aio-mastercontainer

Waiting a few moments, i then loaded the aio UI in my browser and filled out the installation form, selecting:

  • Install Nextcloud 28
  • Collabora
  • Fulltextsearch
  • Imaginary
  • Nextcloud Talk
  • Docker socket proxy

and my local timezone. I then clicked Save

I then clicked Download and start containers.

after a few minutes i got a cloudflare tunnel timeout (524 error code). I then refreshed the page, and waited several minutes for container state to settle.

At that point, I saw this on the AIO screen:

Clicking on the link by Nextcloud (Starting) I saw:

+ '[' -f /dev-dri-group-was-added ']'
++ find /dev -maxdepth 1 -mindepth 1 -name dri
+ '[' -n '' ']'
+ set +x
chown: cannot read directory '/mnt/ncdata': Permission denied
chmod: changing permissions of '/mnt/ncdata': Permission denied
chmod: cannot read directory '/mnt/ncdata': Permission denied
Installing imagemagick via apk...
Enabling Imagick...
WARNING: opening from cache No such file or directory
WARNING: opening from cache No such file or directory
Configuring Redis as session handler...
The www-data user doesn't seem to have access rights in the datadir.
Most likely are the files located on a drive that does not follow linux permissions.
Please adjust the permissions like mentioned below.
The found permissions are:
0:0 755
(userID:groupID permissions)
but they should be:
33:0 750
(userID:groupID permissions)
Also make sure that the parent directories on the host of the directory that you've chosen as datadir are publicly readable with e.g. 'sudo chmod +r /mnt' (adjust the command accordingly to your case) and the same for all subdirectories.
Additionally, if you want to use a Fuse-mount as datadir, set 'allow_other' as additional mount option.
For SMB/CIFS mounts as datadir, see
nc: getaddrinfo for host "nextcloud-aio-database" port 5432: Try again
Waiting for database to start...
nc: getaddrinfo for host "nextcloud-aio-database" port 5432: Try again
Waiting for database to start...
nc: getaddrinfo for host "nextcloud-aio-database" port 5432: Try again
Waiting for database to start...

etc etc.

At that point, from the host:

❯ ls -ldZ ~/Public/nextcloud/ncdata/
drwxr-xr-x. 1 powersfamily powersfamily unconfined_u:object_r:samba_share_t:s0 0 Jan  1 18:45 /var/home/powersfamily/Public/nextcloud/ncdata/

❯ ls -ldZ .local/share/containers/storage/volumes/nextcloud_aio_nextcloud/_data/
drwxrwxrwt. 1 524320 powersfamily system_u:object_r:container_file_t:s0 0 Dec 14 14:18 .local/share/containers/storage/volumes/nextcloud_aio_nextcloud/_data//

❯ ls -ldZ .local/share/containers/storage/volumes/nextcloud_aio_apache/_data/
drwxr-xr-x. 1 524320 524320 system_u:object_r:container_file_t:s0 0 Dec 14 13:48 .local/share/containers/storage/volumes/nextcloud_aio_apache/_data//

❯ ls -ldZ .local/share/containers/storage/volumes/nextcloud_aio_redis/_data/
drwxr-xr-x. 1 525286 525287 system_u:object_r:container_file_t:s0 16 Jan  1 19:17 .local/share/containers/storage/volumes/nextcloud_aio_redis/_data//

I also tried stopping and deleting all containers and then

sudo semanage fcontext -t container_file_t -a Public/nextcloud/ncdata/

This did not have any discernable effect.
Please advise where my configuration has gone awry, thanks :slight_smile:

SELinux strikes again

It appears that the correct incantation was:

sudo semanage fcontext -a -t container_file_t '/var/home/powersfamily/Public/nextcloud/ncdata(/.*)?'

as well as to append :Z to the line Volume=nextcloud_aio_mastercontainer:/mnt/docker-aio-config:Z

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.