External Storage: files & dirs created with wrong permissions

An addon to an addon?

Addon to a base functionality (documents)?

How about to set Access Control Lists?

sudo setfacl -Rdm g:SomeGroup:rwx /your/folder/to/share/docker
sudo chmod -R 775 /your/folder/to/share/docker

The above command forces any new sub-folders within the /your/folder/to/share/docker folder to inherit permissions from the docker folder.

… and if the filesystem supports ACLs, and if the application honors these ACLs it could work… but usually not.

I was hoping this was something that could be fixed within the functionality of the core application or the add-on rather than use a work-around. It is something that is usually handled on an application level and should be addressed. Especially when dealing with shared access.

To be honest in this case helps cron with simple line:

find . ! -group foo -exec chown www-data:foo {} \;

All files and folders are set to the group foo and will be nice to added your www-data to this group also:

usermod -a -G foo www-data

You want me to create an entire new docker container to work around this one issue of changing the group access to +w by changing the owner of the folder? Would it not be better to just write this into the code so that when it writes a file it sets the group write access to +w or allows us to set what it sets in the options? This way people do not have to learn cron, or shell commands, or how to create a docker container (in my case) and start hacking the sh*t out of their system?

No.
I also use a docker and expose shared folder e.g. under /var/docker/shared Then all containers has this folder mounted and (usually) use docker user and docker group to create and access files.

Simple cron with find command from above on a host machine will change group so that other applications from the Host machine can access files.

E.g. my nextcloud is on local machine with user www-data. Now I trying to access docker shared folder under /var/docker/shared from it. I set group to foo and added user www-data to this group. Now my Nextcloud from local host and docker containers has an access to the shared local folder. Also I can added to group foo my local user and access files without sudo.

… if your docker container has the same uids and gids matching the uids/gids of the server presenting the shared folder - if not -> mess!!

Its depends on particular container, if .yaml file will not use PUID/GUID as variables or from environments, but something that is ether hard coded or could not be changed without rebuild the container, then user could be even in numbers because does not exist in local host.
But this is not a big issue as soon as your container mounted folders are managed.

Why can we not just fix the options in the plugin so we can specify a file and folder create mask instead of jumping through all these hoops. And yeah, if the shared folder is big with lots of files then every five my minutes I have to have my server sorting through all that? Then if someone uploads a file for 5 minutes no one else can access it? This is all silly. Just fix the problem in the code. PLEASE??? Why is this so difficult?

1 Like

This is obviously a huge bug that prevents the app from being usable. So I am just going to sit here and politely BUMP THIS in hopes that the developer of it sees it and ads the few lines of coded needed to make this work.

So I posted a file on my computer today. And when it got uploaded the group STILL did not have write permissions. This is a real problem for me. I am just wondering if there are any plans to fix this ever?

Has this ever been addressed? I have the same issue. My files are created with 644 instead of 666 like Unraid needs it to work for the samba shares…

Since 2018, there are seems some workaround exist: Allow the UID/GID to be changed · Issue #359 · nextcloud/docker · GitHub

Yes, the UID and GID issue has been addressed. However, I am still unable to tell my Nextcloud instance to write files with a specific UMASK. I need the files to be written with 666 (i.e. UMASK 000) but there is no way for me to achieve this since the Docker-Variable doesn’t seem to do anything :confused:

According to what I see in source file www/nextcloud/lib/private/Files/Storage
umask 022 is hardcoded to all file operations
I would assume to give an option to change it via settings / env var, so we may use external mounted storage simultaneously with cloud access
I need permission to be 664 instead of 644 for (umask = 002) files created via nextcloud so they are accessible for users from group.

still you may change it manually in this file to 002 or whatever you need. it’s just in 3 places there

Issue resolved in version 25+
Just add to config.php
‘localstorage.umask’ => 002,
it will make new files group writable.

2 Likes

It was actually proposed a while ago but never backported for some reason. Link to the original PR https://github.com/nextcloud/server/pull/32723