External file sharing unauthorized if on s3fs

ℹ️ Support
1
Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 12.0.2): 17.0.2
Operating system and version (eg, Ubuntu 17.04): Ubuntu 18.04
Apache or nginx version (eg, Apache 2.4.25): 2.4.29
PHP version (eg, 7.1): 7.2
S3 provider: Scaleway

The issue you are facing:
I couldn’t find a way to generate external sharing link for files stored in an external s3fs space. The web UI says that sharing is not authorized.

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Install external storage addon
  2. Configure new s3fs mount in the web UI
  3. Upload some files in the s3fs space
  4. Display files details and observe the following message in the Sharing tab: “Sharing is not authorized”

The output of your Nextcloud log in Admin > Logging:

Irrelevant

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'OMMITED',
  'passwordsalt' => 'OMMITED',
  'secret' => 'OMMITED',
  'trusted_domains' =>
  array (
    0 => 'OMMITED',
  ),
  'datadirectory' => '/var/www/html/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '17.0.2.1',
  'overwrite.cli.url' => 'OMMITED/nextcloud',
  'dbname' => 'OMMITED',
  'dbhost' => 'OMMITED',
  'dbport' => 'OMMITED',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'OMMITED',
  'dbpassword' => 'OMMITED',
  'installed' => true,
  'updater.secret' => 'OMMITED',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
);

The output of your Apache/nginx/system log in /var/log/____:

Irrelevant

Here are the options currently enabled in the sharing admin panel (i’m translating so it can be sligthly different):

  • Authorize applications to use storage API
  • Authorize users to share by link
    • Authorize publics uploads
    • Set default expiration date (7 days)
  • Authorize resharing
  • Authorize sharing with groups
  • Enable autocompletion…

Default sharing authorizations :

  • Create
  • Edit
  • Delete
  • Share

The other options are disabled.

I’m adding a little precision: sharing files with external links works fine for files stored locally on the nextcloud server.

Have i missed something obvious?

Thanks in advance for your help!

2

Hi @flowb,

How did you ‘upload some files in the s3fs space’

What user and permissions are set on your NC data directory (S3 mountpoint).

Does your AWS IAM NC user have a valid policy to allow READING from the relevant S3 bucket?

Useful docs might be:
1.) https://aws.amazon.com/iam/
2.) https://awspolicygen.s3.amazonaws.com/policygen.html

3

Hi @NeptuneUK, thanks for answering!

Thanks for the doc, but i need to precise in my original post that my storage provider is Scaleway, not Amazon.

I put files in the s3 bucket from my nextcloud instance web UI or, for me only, also from the admin panel of my s3 storage provider.

And concerning files permissions, unfortunately i can’t see those files on the host (no visible mount). I think this is because is have set up the s3fs bucket with the “External Storage” nextcloud addon. Maybe the problem come from here, i will take a look at it when i figured out where they are. I maybe will have to manually setup the s3fs mountpoint with s3fs-tools.

I will keep you informed, thanks for your help!

4

Hi @flowb,

I note Scaleway states on it’s website it is S3 compatible. “Scalable, fast and reliable S3-compatible storage platform for your data.”

If you add the files from the admin panel of your s3 provider NC will have no idea the files exist unless you use files:scan which adds them into the NC files database. More info on files:scan can be found here: https://docs.nextcloud.com/server/17/admin_manual/configuration_server/occ_command.html#file-operations-label

Did you follow this Scaleway guide: https://www.scaleway.com/en/docs/install-and-configure-nextcloud-object-storage/

or maybe

I suspect as the required block is missing from your config.php file the answer is no.

Have you patched together several guides to be able to use s3fs from elsewhere?

We have previously used s3fs with AWS S3 and Wasabi without any issues, although the initial setup can be fiddly.

Can you write and read files to your S3 compatible bucket using s3fs from the command line?

5

@NeptuneUK

Thanks for the intel!

Yes i configured my bucket as an external storage with this guide (i assume that explains why a config block is missing). But as i read it again i think it would be better to set up my nextcloud instance with s3fs as primary storage directly.

Nope, i may have try that before asking for help, you are absolutely right.

I didn’t install it, but soon it will be.

I will try to setup a new instance this weekend, i’ll let you know how it turns.
Anyway thanks for your time, i’ll make an update if i need more help. In the mean time i have work to do!