Permissions for Local Storage in the All-in-One Container

Maginos · June 20, 2024, 3:45pm

Hi guys,

I have a question concerning permissions of external storage in the AiO Container. I set up the AiO Container in an Ubuntu Server VM on my Unraid Host and all data I want to access are on SMB shares on my Unraid server. Of course I could mount the SMB shares in NC with the external storage app, but then it is not possible to automatically backup photos/videos from the iOS Nextcloud app. Unfortunately, this feature is crucial for me.

So I tried the following:

I mounted the Unraid Shares in the Ubuntu VM via autofs under /media/servername
I used the credentials from the Unraid SMB user. PID is 1000, PGID is 100.
I added the following variable to the NC AiO Container: --env NEXTCLOUD_MOUNT="/media/servername"
Unfortunately, the NC Container can’t access the files due to a permission error. In the AiO documentation it is described, that following commands have to be executed in the container:
sudo chown -R 33:0 /media/servername (User 33 is www-data and Group 0 is root)
and
sudo chmod -R 750 /media/servername

I am afraid that this would mess up my permissions on my unraid host and would lead to bigger issues.

Unfortunately I can’t create a new user on my unraid host with PID 33 and PGID 0, because PID 33 is already taken by the user sshd.

Has anyone an idea, what else I could do?

I have no thinking barriers, so all suggestions are welcome and will be discussed.

Thank you for your help!

Maginos

Sharkof · June 22, 2024, 3:49pm

Hi Maginos,

Could you share the whole docker run line that allows you to launch the masterconatiner?
Have you explored the option of binding your directory via docker volumes?

I don’t have much experience with SMB on nextcloud, in my case I use S3. But at first I’d tried to bind a directory before I knew about ObjectStorage.

Nice day,

Sharkof

Maginos · June 23, 2024, 6:01am

Hi Sharkov and thank you for your reply.

Here’s the docker run command:

docker run
  -d
  --name='nextcloud-aio-mastercontainer'
  --net='bridge'
  -e TZ="Europe/Berlin"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="Tilda"
  -e HOST_CONTAINERNAME="nextcloud-aio-mastercontainer"
  -e 'Community_Applications_Conversion'='true'
  -e 'APACHE_PORT'='11000'
  -e 'APACHE_IP_BINDING'='0.0.0.0'
  -e 'NEXTCLOUD_MEMORY_LIMIT'='3072M'
  -e 'PGID'='100'
  -e 'PUID'='99'
  -e 'UMASK'='000'
  -e 'NEXTCLOUD_MOUNT'='/mnt/user/backup/tilda-nextcloud-aio/'
  -e 'BORG_RETENTION_POLICY'='--keep-within=7d
  --keep-weekly=4
  --keep-monthly=6'
  -l net.unraid.docker.managed=dockerman
  -p '8085:8080/tcp'
  -v 'nextcloud_aio_mastercontainer':'/mnt/docker-aio-config':'rw'
  -v '/var/run/docker.sock':'/var/run/docker.sock':'ro'
  -v '/mnt/user/home/':'/mnt/user/home/':'rw'
  -v '/mnt/user/photo/':'/mnt/user/photo/':'rw'
  -v '/mnt/user/music/':'/mnt/user/music/':'rw'
  -v '/mnt/user/video/':'/mnt/user/video/':'rw'
  --init
  --sig-proxy=false 'nextcloud/all-in-one:latest'

The lines with

-v '/mnt/user/xyz/':'/mnt/user/xyz/':'rw'

I added after your suggestion. When I try to mount these folders in the External Storage app, I get the error message

StorageNotAvailableException Local storage path does not exist "/mnt/user/photo/".

So this does not work unfortunately. I think for this scenario they added the

NEXTCLOUD_MOUNT

environment variable.

Have also a nice day

Maginos

Sharkof · June 23, 2024, 9:44am

Hi Maginos,

I found that on the forum : help.nextcloud.com

I think this might help. To sum up, there can only be one “NEXTCLOUD_MOUNT” but it is possible to use the “mount” command.

In your case the mount command should look like this:

mount /mnt/user/xyz/ /destination/folder/on/nextcloud/app

In the past, I’ve encountered a problem when adding a volume to docker. I had to remove the last slash before the colon.

'/mnt/user/photo':'/mnt/user/photo/':'rw'

Have a nice day,

Sharkof

Maginos · June 23, 2024, 3:59pm

I already tried this in the vm.

I mounted several smb shares with autofs to /media/servername and set the NEXTCLOUT_MOUNT variable to /media.

The problem with this is, that the folders are mounted with root:root permissions inside the containers, but nextcloud needs www-data:root permissions. When I try to enter the folder /media/servername/sharename within the container, I get the error message

ls: cannot access '/media/servername/sharename/': Symbolic link loop

I am also not able to add the shares to external storage in NC.

On the vm itself, the folders are mounted with the permissions of the SMB user from unraid, so accessing the folders on the host works fine.

Sharkof · June 24, 2024, 4:06am

There’s a topic on the forum that could help you. Here is the link:

https://help.nextcloud.com/t/users-cant-see-files-on-desktop-or-mobile/195912/4

Maginos · June 24, 2024, 7:38am

I think you’re referring to the

chown -R www-data:www-data <data_directory_root>

command, right?

Actually I’m afraid that when I execute this command in the NC docker container, permissions get changed as well on my unraid host and that’s not what I want. I expect lots of permission errors on the unraid host afterwards. What do you think?

Sharkof · June 24, 2024, 9:10am

I don’t know UnRaid at all, so I can’t comment on that.
On the other hand, this is the order I was talking about in my previous message.

I understand your concern and unfortunately I can’t guarantee anything. But there’s nothing to stop you checking the rights before making a modification with the ls -lsa command to find out how to reset them in case of problems.