Nextcloud version (eg, 12.0.2): 13.0.1
Operating system and version (eg, Ubuntu 17.04): CentOS 7.4.1708
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.6
PHP version (eg, 7.1): 7.0.28
The issue you are facing: Second webserver-user not supported?
Is this the first time you’ve seen this error? (Y/N): Y
I’m trying to setup disk quotas. To do that, i’ve created a new user called “user1”.
After that i’ve added that user1 to the apache-Group:
usermod -a -G apache user1
then i’ve chown’d the file-directory:
chown -R user1:apache ./data/
But if i’m trying to upload new files, Nextcloud is showing “forbidden”… if I change it back to apache:apache everything is working…
Is there any way to use a second user for the data directory?
Thanks in advance!
Different users in the right group should be a perfect way to go. The group definition for the web server and the group permissions need to be correct then of course.
Could you please provide the current permissions for ./data/?
The web server is running with apache as group right? You could check /etc/apache2/apache.conf for that.
Right, Webserver user & group are both “apache”
drwxrwx--- 11 apache apache 4096 23. Apr 18:30 .
drwxr-xr-x 19 apache apache 4096 23. Apr 09:17 ..
drwxr-xr-x 4 apache apache 32 24. Apr 2017 userA
drwxr-xr-x 11 apache apache 151 30. Jan 23:28 appdata_ocjqgyvakocq
drwxr-xr-x 7 apache apache 91 19. Feb 16:06 userB
drwxr-xr-x 2 apache apache 27 15. Mär 16:48 files_external
-rw-r--r-- 1 apache apache 324 15. Mär 16:48 .htaccess
-rw-r--r-- 1 apache apache 0 15. Mär 16:48 index.html
drwxr-xr-x 5 apache apache 54 23. Apr 08:18 userC
drwxr-xr-x 6 apache apache 76 29. Jan 13:09 userD
-rw-r----- 1 apache apache 6663192 23. Apr 18:33 nextcloud.log
-rw-r--r-- 1 apache apache 0 15. Mär 16:48 .ocdata
-rw-r--r-- 1 apache apache 30749068 24. Apr 2017 owncloud.log
drwxr-xr-x 8 apache apache 113 23. Apr 18:30 userE
drwxr-xr-x 5 apache apache 54 28. Mär 01:56 userF
-rw-r--r-- 1 apache apache 130286 15. Mär 16:48 updater.log
drwxr-xr-x 4 apache apache 67 15. Mär 16:48 updater-ocjqgyvakocq
changed to user1 as webuser, it was like:
drwxr-xr-x 5 user1 apache 54 28. Mär 01:56 userF
Alright, good! And the thing now is: the group needs to have write permission.
Very important now: please enter the full path of your data directory in the following commands (so you don’t mess up your whole system by a little mistake)!
After you changed the path, run these two commands and try again with user1 as owner.
find /path/to/data/ -type f -print0 | xargs -0 chmod 0660
find /path/to/data/ -type d -print0 | xargs -0 chmod 0770
Okay, got it…Now it’s working… but there’s another problem… If I upload new files, the ownership is apache:apache instead of user1:apache and the permissions are reset to 0644 (for files)…
So to use that in production I need to use a cronjob to change permissions + owner once per second?
EDIT: Okay, maybe not once a second bc with apache as the owner it’s possible to create and delete files… but maybe once a day to get all files for quota calculation?
EDIT 2: Done via cronjob… now every 15 minutes the ownership + permissions will be set. Thank you very much @Schmu !
I’m glad it worked out for you, but I think that’s not a good solution with the cron job and changing the ownership all the time. I mean it will probably do what you want, but I’m wondering if there isn’t a more comfortable, cleaner solution.
So I wanted to ask, what exactly your whole plan is.
Do I understand it right, that you:
- have a nextcloud server for many users (pretty obvious)?
- your users can access the server not only via Nextcloud account but also via FTP/ SMB/ SSH?
- it is no option to use the external storage app of Nextcloud to access the FTP/ SMB shares via Nextcloud?
- you definitely need to apply a quota on OS level?
I’m asking this, because you could set quotas in Nextcloud for all your users and limit the available storage there. So Nextcloud will differentiate for all users although all files belong to apache:apache.
If I or we (the community) understand your use case better, maybe there is an even better solution available for your, which we can come up with.
Just an idea
well, not exactly…
i’m running multiple Nextcloud instances… so let’s say i’ve got 5…
those 5 are installed on a SSD, but the data directory is on a HDD. The problem I have is the following:
I setup Nextcloud and create a second user with group admin rights… the second user can then create unlimited new users… and there’s no way to limit this group to x GB…
That’s why i’ve setup a disk quota for the data folders on my HDD… now a group can create unlimited users with e.g. 50GB per user, but the disk quota is limited to 10GB… otherwise i wouldn’t have any control about how much space the group can take