I’m hoping someone can help me out.
I’ve tried searching google and fora but unfortunately I can not find what I’m looking for.
I’m using NextCloud to sync files from my FreeNas Server(location 1) to a workstation on a different location (2).
The FreeNas shares are added to nextcloud using the external storage module.
On Location 1 I have a workstation + FreeNas server.
The workstation works directly with the FreeNas server using a SMB share.
On Location 2 I have a workstation that syncs projects using NextCloud to that workstation.
New files are being uploaded from the workstation (on location 2) to the FreeNas Server (location 1) using nextcloud.
However - those new files, uploaded from workstation at location 2, can’t be modified/deleted by workstation 1 while accessing the FreeNas server using the SMB share.
I get an error telling me that I need to get rights from unix user/www.
Nextcloud version nextcloud-10.0.1-amd64
Operating system and version FreeNAS-11.0-U2 (e417d8aa5)
PHP version _Version: 5.5.16
Can you reliably replicate it? (If so, please outline steps):
Yes, when trying to delete files uploaded from another workstation while directly accessing external storage on freenas server.
The issue you are facing:
I can’t control the files the way I need.
The output of your Nextcloud log in Admin > Logging:
The output of your config.php file in
/path/to/nextcloud (make sure you remove any identifiable information!):
I’m sorry, not sure where to find this in \jails\nextcloud_1
The output of your Apache/nginx/system log in
I’m sorry, not sure which file to show in nextcloud_1\var\log
This turns out to be a problem of User rights in your filesystem. You have different aproaches to solve it, but the easiest one should be, that you use Nextcloud on both locations. (You can select diffent folders if you don’t want to sync everything to loc2)
If you want to keep your setup (and some security/ limitation on the rights settiing), then you should provide info, about the current rights in your data-/smb-directory and the setup of your samba-server. Anyway it’s not trivial to manage user-rights across two unix-services beeing smb and apache/ nginx (Nextcloud) - and keeping some standard security.
Thanks so much for your response. Since I’m using more than one computer on location 1 I would like to keep my current setup and be as flexible as possible on location 1. On Location 1, I work straight off the server - save it - and then another co worker can open the project again on his own computer from the server.
If you are able to help me, which would be great, I would like to give you all the information that is needed.
info about current rights - data/smb-directory.
Set up of my samba-server
I use FreeNas 11.0-U2 and I run Nextcloud in a Jail.
I am logged in with my root freenas account so somehow we need to have user ‘www’ accept user ‘root’ to change the files, right?
this is the error message - https://www.dropbox.com/s/munq0oc3s4su5b0/error.jpg?dl=0
which roughly translates to -
‘you need to be allowed by Unix User/WWW to change this file.’
well I don’t know if I can help. I feel the need to say: don’t handle your permissions the way you do - root, wheel and everybody else… On the other hand I don’t like forums where you only get: don’t, don’t, don’t… and probably you know that you shouldn’t…
I can think of setups where you want to access your NAS through smb-shares - it is extra space that you loose by syncing. But nevertheless I would consider rethinking your home/ work/ co-worker setup and separating smb-workstation-share and smb-nextcloud-share.
‘Helping’ you with your setup can mean escalating your already big security issues… probably that’s not good help. Anyway: I would look into your group permission setup. In freenas-GUI:
- Make accounts for you. A user and a group.
- change the rights of the volume so that you can access the share - and your nextcloud-jail to (so there you will probably have to stick with the ‘other’ permissions).
- the security is normally set so that your data-files in nextcloud are written with the permissions user:www can write, read, execute / group:www can read and execute - no one else can do anything.
- change this (ssh into freenas) by setting the write attribute to the group:www too. Perhaps you have to set the set-guid-bit on the data-directory to make this persistent.
- Make your user part of the group:www (this should be possible in the GUI).
- A more proper setup would probably require ACL setting in freenas. You could change your permissions on the volume to Windows (recursive) and just add your group with the right to read,write,execute as a default. (I would try this first actually)
- Make sure that nextcloud runs some sort of cron to manage the new files and the missing files manipulated through your workstation-smb.
- Assumption is, that only you but not your co-worker is working with the smb on workstation1.
So basically again, what I’m saying is: you can’t delete files through smb created in nextcloud because it is a security setting. Changing this makes your nextcloud installation more insecure (I think you can dismiss this when actually using ACLs).