Data directory invalid after migration to a new server, permissions issue?

ℹ️ Support
1

Nextcloud version: 21.0.4
Operating system and version (eg, Ubuntu 20.04): Ubuntu 20.04
Apache or nginx version (eg, Apache 2.4.25): replace me
PHP version: 7.4

The issue you are facing:

I am migrating my self-hosted Nextcloud instance from a raspberry pi 4 running raspbian buster to a new server which an x86 machine running Ubuntu 20.04. In both cases my data directory is located on a separate drive on the machine, mounted at /mnt/reos-storage-1. I transferred all data to this directory on the new server using rsync. I also copied over the /var/www/nextcloud directory. However, now, when I try to access the nextcloud web page, or run occ commands I get an error like this:

$ sudo -u www-data php /var/www/nextcloud/occ files:scan --all
Nextcloud is in maintenance mode - no apps have been loaded

Your data directory is invalid
Ensure there is a file called ".ocdata" in the root of the data directory.

Cannot create "data" directory
This can usually be fixed by giving the webserver write access to the root directory. See https://docs.nextcloud.com/server/21/go.php?to=admin-dir_permissions

An unhandled exception has been thrown:
Exception: Environment not properly prepared. in /var/www/nextcloud/lib/private/Console/Application.php:168
Stack trace:
#0 /var/www/nextcloud/console.php(99): OC\Console\Application->loadCommands()
#1 /var/www/nextcloud/occ(11): require_once('/var/www/nextcl...')
#2 {main}

Currently the permissions and ownership of the data directory looks like this:

$ sudo ls -l /mnt/reos-storage-1/
[sudo] password for rcrozier: 
total 20
drwx------  2 root     root     16384 Aug 20 07:23 lost+found
drwxrwxr-x 20 www-data www-data  4096 Aug 24 09:00 nextcloud-data

The contents of the data directory look like this (with some redactions). .ocdata is present.


$ sudo ls -la /mnt/reos-storage-1/nextcloud-data
total 445596
drwxrwxr-x 20 www-data www-data      4096 Aug 24 09:00 .
drwx------  4 root     root          4096 Sep  1 02:37 ..
drwxr-xr-x  5 www-data www-data      4096 Sep  3  2019 67cf481e-62a3-1039-8bf2-05805d214bca
drwxr-xr-x  6 www-data www-data      4096 Jan 27  2019 <redacted>
drwxr-xr-x 15 www-data www-data      4096 Mar  4 11:26 appdata_<redacted>
drwxr-xr-x  4 www-data www-data      4096 Feb  7  2020 <redacted>
drwxr-xr-x  6 www-data www-data      4096 May 11  2020 <redacted>
drwxr-xr-x  7 www-data www-data      4096 Oct 12  2020 <redacted>
drwxr-xr-x  4 www-data www-data      4096 Jan  8  2020 <redacted>
drwxr-xr-x  2 www-data www-data      4096 Jun 20 14:58 files_external
-rw-r-----  1 www-data www-data  56238288 Aug 31 15:39 flow.log
-rw-r-----  1 www-data www-data 105492695 Jun  3 11:55 flow.log.1
drwxr-xr-x  5 www-data www-data      4096 Oct  9  2020 __groupfolders
-rw-r--r--  1 www-data www-data       542 Aug 29 20:47 .htaccess
-rw-r--r--  1 www-data www-data         0 Aug 29 20:47 index.html
drwx------  7 www-data www-data      4096 Jan 24  2019 <redacted>
drwxr-xr-x  4 www-data www-data      4096 Mar 30  2020 <redacted>
drwxr-xr-x  4 www-data www-data      4096 Oct  7  2019 nextcloudadmin
-rw-r--r--  1 root     root     161082684 Sep  1 03:37 nextcloud-db.bak
-rw-r-----  1 www-data www-data  28158897 Sep  1 03:40 nextcloud.log
-rw-r-----  1 www-data www-data 104872933 Aug 24 08:55 nextcloud.log.1
-rw-r--r--  1 www-data www-data         0 Aug 29 20:47 .ocdata
drwxr-xr-x  7 www-data www-data      4096 Oct 20  2020 <redacted>
drwxr-xr-x  7 www-data www-data      4096 Feb  1  2018 <redacted>
drwxr-xr-x  4 www-data www-data      4096 Feb  6  2019 <redacted>
drwxr-xr-x  4 www-data www-data      4096 Sep 15  2019 Test_User
drwxr-xr-x  7 www-data www-data      4096 Jul  8  2020 <redacted>
-rw-r--r--  1 www-data www-data    345756 Aug 29 20:47 updater.log
drwxr-xr-x  4 www-data www-data      4096 Aug 29 20:47 updater-<redacted>

The link provided in the error message does not lead to a page which gives any useful information on the correct permissions required for the data directory.

Any suggestions for what I am doing wrong?

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Run sudo -u www-data php /var/www/nextcloud/occ files:scan --all or attempt to access website

The output of your Nextcloud log in Admin > Logging:

inaccessible

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$ sudo cat /var/www/nextcloud/config/config.php 
<?php
$CONFIG = array (
  'passwordsalt' => '<redacted>',
  'secret' => '<redacted>',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => '<redacted>',
    2 => '<redacted>',
  ),
  'datadirectory' => '/mnt/reos-storage-1/nextcloud-data',
  'dbtype' => 'mysql',
  'version' => '21.0.4.1',
  'overwrite.cli.url' => 'http://localhost',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nextcloud',
  'dbpassword' => '<redacted>',
  'installed' => true,
  'instanceid' => '<redacted>',
  'maintenance' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'mail_from_address' => 'cloud',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => '<redacted>',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => '<redacted>',
  'mail_smtpport' => '<redacted>',
  'mail_smtpname' => '<redacted>',
  'mail_smtppassword' => '<redacted>',
  'mail_smtpsecure' => 'ssl',
  'theme' => '',
  'loglevel' => 1,
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'updater.secret' => '<redacted>',
);

The output of your Apache/nginx/system log in /var/log/____:

can provide if relevant

EDIT:

Probably worth adding how I recreated the nextcloud database on the new server, in case it is relevant. I first created a database and user, with the same name as on the old server. I took a dump of the old server database, then I ran a script like this:

#!/bin/bash

set -ex

backup_db_file="/mnt/reos-storage-2/backups/nextcloud-data/nextcloud-db.bak"

echo "The current backup file is:"
echo "   ${backup_db_file}"

read -r -p "Do you want to DESTROY the existing nextcloud database, and restore it from this backup? (y/n)? " answer
case ${answer:0:1} in
    y|Y )

        if test -f "${backup_db_file}"; then

            echo "DESTROYing nextcloud database and restoring from backup"

            mysql -h localhost -uroot -p<redacted> -e "DROP DATABASE nextcloud"

            mysql -h localhost -u nextcloud -p<redacted> -e "CREATE DATABASE nextcloud"

            mysql -h localhost -uroot -p<redacted> -e "GRANT ALL PRIVILEGES on nextcloud.* to nextcloud@localhost"

            mysql -h localhost -u nextcloud -p<redacted> nextcloud < ${backup_db_file}

        else
            echo "The backup file: ${backup_db_file} does not exist, Aborting, the exsiting DB has not been touched"
        fi

    ;;
    * )
        echo "Aborting"
    ;;
esac
2

Try to call
sudo -u www-data ls -la /mnt/reos-storage-1/nextcloud-data
I suppose www-data user have no permissions to reos-storage-1 as it listed on the last line of the quote.

3

@gas85

You are right about the root cause, I also found a solution from separate investigations. The problem is that the root folder /mnt/reos-storage-1 is owned by root, and users could not even traverse the directory.

I have rectified this and got rid of the issue by changing the permissions based on what I found here. I basically did the following on the directory.

chmod 755 /mnt/reos-storage-1

it means (I think) that any user can list the files in reos_storage-1 but not read or write them. This means the directory can be traversed and www-data can now access the subdirectories which it owns.

4

Yap, check it here https://chmodcommand.com/chmod-755/

Be aware that you have 755 also in nextcloud-data, set it to 750 is more secure, e.g.

chmod 750 /mnt/reos-storage-1/nextcloud-data
5

Should it be

chmod -R 750 /mnt/reos-storage-1/nextcloud-data

?

6

Nope, without -R, otherwise you will set those rules to all sub-directories and files and as you see they have different permissions:

If you would like to harden it, check this out "Set strong permissions" script breaks functioning NC server, but default permissions are good enough for most all users.

7

@gas85 Thanks, I’ll check that out, and for all your help on this.

1 Like