Another webuser for data directory

Nextcloud version (eg, 12.0.2): 13.0.1
Operating system and version (eg, Ubuntu 17.04): CentOS 7.4.1708
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.6
PHP version (eg, 7.1): 7.0.28

The issue you are facing: Second webserver-user not supported?

Is this the first time you’ve seen this error? (Y/N): Y

Hey guys!

I’m trying to setup disk quotas. To do that, i’ve created a new user called “user1”.
After that i’ve added that user1 to the apache-Group:
usermod -a -G apache user1

then i’ve chown’d the file-directory:
chown -R user1:apache ./data/

But if i’m trying to upload new files, Nextcloud is showing “forbidden”… if I change it back to apache:apache everything is working…

Is there any way to use a second user for the data directory?

Thanks in advance!

Hi,

Different users in the right group should be a perfect way to go. The group definition for the web server and the group permissions need to be correct then of course.

Could you please provide the current permissions for ./data/?

The web server is running with apache as group right? You could check /etc/apache2/apache.conf for that.

Right, Webserver user & group are both “apache”

ls -la
insgesamt 36696
drwxrwx--- 11 apache apache     4096 23. Apr 18:30 .
drwxr-xr-x 19 apache apache     4096 23. Apr 09:17 ..
drwxr-xr-x  4 apache apache       32 24. Apr 2017  userA
drwxr-xr-x 11 apache apache      151 30. Jan 23:28 appdata_ocjqgyvakocq
drwxr-xr-x  7 apache apache       91 19. Feb 16:06 userB
drwxr-xr-x  2 apache apache       27 15. Mär 16:48 files_external
-rw-r--r--  1 apache apache      324 15. Mär 16:48 .htaccess
-rw-r--r--  1 apache apache        0 15. Mär 16:48 index.html
drwxr-xr-x  5 apache apache       54 23. Apr 08:18 userC
drwxr-xr-x  6 apache apache       76 29. Jan 13:09 userD
-rw-r-----  1 apache apache  6663192 23. Apr 18:33 nextcloud.log
-rw-r--r--  1 apache apache        0 15. Mär 16:48 .ocdata
-rw-r--r--  1 apache apache 30749068 24. Apr 2017  owncloud.log
drwxr-xr-x  8 apache apache      113 23. Apr 18:30 userE
drwxr-xr-x  5 apache apache       54 28. Mär 01:56 userF
-rw-r--r--  1 apache apache   130286 15. Mär 16:48 updater.log
drwxr-xr-x  4 apache apache       67 15. Mär 16:48 updater-ocjqgyvakocq

changed to user1 as webuser, it was like:
drwxr-xr-x 5 user1 apache 54 28. Mär 01:56 userF

Alright, good! And the thing now is: the group needs to have write permission.

Very important now: please enter the full path of your data directory in the following commands (so you don’t mess up your whole system by a little mistake)!

After you changed the path, run these two commands and try again with user1 as owner.

find /path/to/data/ -type f -print0 | xargs -0 chmod 0660
find /path/to/data/ -type d -print0 | xargs -0 chmod 0770
1 Like

Okay, got it…Now it’s working… but there’s another problem… If I upload new files, the ownership is apache:apache instead of user1:apache and the permissions are reset to 0644 (for files)…

So to use that in production I need to use a cronjob to change permissions + owner once per second?

EDIT: Okay, maybe not once a second bc with apache as the owner it’s possible to create and delete files… but maybe once a day to get all files for quota calculation?

EDIT 2: Done via cronjob… now every 15 minutes the ownership + permissions will be set. Thank you very much @Schmu !

Hi @PietsHost

I’m glad it worked out for you, but I think that’s not a good solution with the cron job and changing the ownership all the time. I mean it will probably do what you want, but I’m wondering if there isn’t a more comfortable, cleaner solution.
So I wanted to ask, what exactly your whole plan is.

Do I understand it right, that you:

  • have a nextcloud server for many users (pretty obvious)?
  • your users can access the server not only via Nextcloud account but also via FTP/ SMB/ SSH?
  • it is no option to use the external storage app of Nextcloud to access the FTP/ SMB shares via Nextcloud?
  • you definitely need to apply a quota on OS level?

I’m asking this, because you could set quotas in Nextcloud for all your users and limit the available storage there. So Nextcloud will differentiate for all users although all files belong to apache:apache.
If I or we (the community) understand your use case better, maybe there is an even better solution available for your, which we can come up with.
Just an idea :slight_smile:

well, not exactly…

i’m running multiple Nextcloud instances… so let’s say i’ve got 5…

those 5 are installed on a SSD, but the data directory is on a HDD. The problem I have is the following:

I setup Nextcloud and create a second user with group admin rights… the second user can then create unlimited new users… and there’s no way to limit this group to x GB…
That’s why i’ve setup a disk quota for the data folders on my HDD… now a group can create unlimited users with e.g. 50GB per user, but the disk quota is limited to 10GB… otherwise i wouldn’t have any control about how much space the group can take

1 Like