Every new file/ folder created in NC get's read rights for World on filesys

Hi everyone,

I noticed that whenever I create a folder in the Web-GUI of Nextcloud or upload a file, the new files and folders get read rights for World on filesystem basis:
-rw-r–r-- www-data www-data …
drwxr-xr-x www-data www-data …

For me it doesn’t make sense to have read rights for world on the user files under /var/ncdata

How can I change that behavior?
I tried using umask and set
root: umask 027
ncadmin: umask 027
www-data: umask 027
(if somebody suggests to rather use umask 077, I’m open for every good hint)

However although umask is set for these user, every new created file and folder gets higher rights.

The server was rebooted after the changes with umask and the setting is still “active”. Also I manually change ALL files and folders to the permissions I would like to have:
drwxr-x— www-data www-data …
-rw-r----- www-data www-data …

But nothing helped so far.
I’m using Nextcloud 10.0 stable on Ubuntu 16.04 with Apache latest release and PHP7.

Every help is very much appreciated.

Thanks and best regards,
Kristian

There is also a setting for apache:

Nextcloud itself only checks the chmod of the data-folder and your config file.

Hi tflidd,

Thanks a lot! I didn’t know that apache has such an option. Nice to know :slight_smile:

The issue is solved and this thread can be closed.