Docker container does not have write permission on config directory

patrickcloud · June 8, 2020, 10:36pm

Hello folks,

After trying for a couple hours i decided i have to ask you for help. My set-up is a Ubuntu 20.04 server with docker installed. Based on the example of github i ran Nextcloud in a container.

github.com

nextcloud/docker/blob/654ddeae236152a8a6c6d1e9ba2b009542c08f3f/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/docker-compose.yml

version: '3'

services:
  db:
    image: mariadb
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
    env_file:
      - db.env

  app:
    image: nextcloud:fpm
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:

This file has been truncated. show original

I’m able to start it up by using docker-compose. However once everything is loaded im not able to login on the web portal, it gives a server fault.

{“reqId”:“m28nhHnjoCHRjjnfKjS6”,“level”:3,“time”:“2020-06-08T19:47:45+00:00”,“remoteAddr”:“XXX.XXX.XXX.XXX”,“user”:"–",“app”:“index”,“method”:“GET”,“url”:"/core/js/dist/main.js.map",“message”:{“Exception”:“OC\HintException”,“Message”:“Can’t write into config directory!”,“Code”:0,“Trace”:[{“file”:"/var/www/html/lib/private/Config.php",“line”:134,“function”:“writeData”,“class”:“OC\Config”,“type”:"->",“args”:[]},{“file”:"/var/www/html/lib/private/SystemConfig.php",“line”:111,“function”:“setValue”,“class”:“OC\Config”,“type”:"->",“args”:[“instanceid”,“oclnkhyggj90”]},{“file”:"/var/www/html/lib/private/legacy/OC_Util.php",“line”:1146,“function”:“setValue”,“class”:“OC\SystemConfig”,“type”:"->",“args”:[“instanceid”,“oclnkhyggj90”]},{“file”:"/var/www/html/lib/base.php",“line”:419,“function”:“getInstanceId”,“class”:“OC_Util”,“type”:"::",“args”:[]},{“file”:"/var/www/html/lib/base.php",“line”:649,“function”:“initSession”,“class”:“OC”,“type”:"::",“args”:[]},{“file”:"/var/www/html/lib/base.php",“line”:1090,“function”:“init”,“class”:“OC”,“type”:"::",“args”:[]},{“file”:"/var/www/html/index.php",“line”:35,“args”:["/var/www/html/lib/base.php"],“function”:“require_once”}],“File”:"/var/www/html/lib/private/Config.php",“Line”:250,“Hint”:“This can usually be fixed by giving the webserver write access to the config directory.”,“CustomMessage”:"–"},“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36”,“version”:""}

Also when i try to use the nextcloud cli i also get an error

So i understand i need to change the permission on the config directory and possibly more, but how am i able to do that will running in docker containers???

I’m totally new to docker containers, just started using them like a week ago.

bastien · June 9, 2020, 6:17am

Hello,
I think that you have to check the right of config.php under nextcloud folder.
Config.php should be in /var/www/html/nextcloud/config/config.php
The owner and proprietor should be www-data if you have debian/ubuntu and rights are 644

Reiner_Nippes · June 9, 2020, 8:00am

nope. you made a mistake during your setup.

unless you didn’t change this, docker creates a folder in /var/lib/docker/volumes and map this folder to /var/www/html into the container.

by running sudo docker inspect --format '{''{ .Mounts }''}' nextcloudyaml_app_1 you’ll get the exact path.

docker handles file permission correct. that is to say the web server process should a able to write to /var/www/html inside the container and therefore to /var/lib/docker /volumes/.../_data/ on the host.

to check this run sudo ls -l /var/lib/docker /volumes/.../_data/ (replace … with the uid of your volume) on the host. and sudo docker exec nextcloudyaml_app_1 ls -l /var/www/html

but my guess is you changed the volume name to a path. nextcloud -> ./nextcloud

in this case you have to make sure that the folder ./nextcloud on your host is writeable to the user running the web server inside the container. (identified by id, not name)

to get the id run sudo docker exec --user www-data nextcloudyaml_app_1 id.

patrickcloud · June 9, 2020, 10:25am

@Reiner_Nippes First of all i’m impressed by your knowledge while searching for an answer i saw a lot of people that you’ve helped.

I ran the commands you described:

However im still clueless how i should solve this. Thanks in advance

Reiner_Nippes · June 9, 2020, 12:44pm

you changed the ownership of the folder data to www-data on the host. but you should change it to “82:root”.

inside the container the folder belongs to xfs. that is to say the user with that uid is named www-data on the host but xfs in the container /etc/passwd.

patrickcloud · June 9, 2020, 6:12pm

@Reiner_Nippes I tried it but still no luck. then i thought about you mentioning the volumes so i decided to remove the old volumes and run docker-compose again and now is everything completely working.

I feel a bit dumb but in the beginning i tried running nextcloud in docker with the simple configuration. Just as a test to see if it would work for me.

Then i got excited about the product and i wanted to be secure as possible and stumbled on the yml file with nginx and the encryption wtfssl. I forgot that the new nextcloud instance won’t remove that volume, because i used the same YML file. So i think my volume got corrupt by this action.

Now everything is working and am i able to finally use this awesome product. Thanks for the support! Really like the fact there is such a helpful community.