Facing NotPermittedException Error in Dockerized Nextcloud Instance

BoBBer446 · December 11, 2023, 6:24pm

Hello Nextcloud Community,

I’m using a Nextcloud instance within a Docker container and have encountered a permission-related error. The error is as follows:

Exception thrown: OCP\Files\NotPermittedException
Could not create folder "/appdata_ock30l3row2q/preview/5/5/2/4/e/d/5/157830"

This error occurs when Nextcloud tries to generate a preview image. It seems like a permission issue, where the process is not allowed to create a folder in the specified path.

Compose-file is:

version: '3.8'

services:
  db:
    image: postgres
    restart: always
    volumes:
      - /home/docker-projects/nextcloud/volumes/db:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=
      - POSTGRES_USER=
      - POSTGRES_PASSWORD=

  redis:
    image: redis:alpine
    restart: always

  app:
    image: nextcloud
    ports:
      - 8009:80
    links:
      - db
      - redis
    volumes:
      - /home/docker-projects/nextcloud/volumes/html:/var/www/html
      - /home/docker-projects/nextcloud/NasFotos:/mnt/NasPhotos
    restart: always
    environment:
      - POSTGRES_HOST=db
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_PASSWORD=
      - NEXTCLOUD_ADMIN_USER=
      - NEXTCLOUD_ADMIN_PASSWORD=
      - NEXTCLOUD_DEFAULT_PHONE_REGION=DE
      - REDIS_HOST=redis
      - PHP_MEMORY_LIMIT=1024M

$ docker exec -it nextcloud-app-1 bash
root@2ae72224608a:/var/www/html# whoami
root
root@2ae72224608a:/var/www/html# id
uid=0(root) gid=0(root) groups=0(root)
root@2ae72224608a:/var/www/html# groups
root
root@2ae72224608a:/var/www/html# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

root@2ae72224608a:/var/www/html# ls -lh
total 2.0M
drwxr-xr-x 45 www-data www-data 4.0K Dec  1 11:04 3rdparty
-rw-r--r--  1 www-data www-data  24K Dec  1 11:04 AUTHORS
-rw-r--r--  1 www-data www-data  34K Dec  1 11:04 COPYING
drwxr-xr-x 51 www-data www-data 4.0K Dec  1 11:04 apps
-rw-r--r--  1 www-data www-data 1.3K Dec  1 11:04 composer.json
-rw-r--r--  1 www-data www-data 3.1K Dec  1 11:04 composer.lock
drwxr-xr-x  2 www-data www-data 4.0K Dec  8 08:02 config
-rw-r--r--  1 www-data www-data 4.0K Dec  1 11:04 console.php
drwxr-xr-x 24 www-data www-data 4.0K Dec  1 11:04 core
-rw-r--r--  1 www-data www-data 6.2K Dec  1 11:04 cron.php
drwxr-xr-x  7 www-data www-data 4.0K Dec 10 13:31 custom_apps
drwxrwx---  5 www-data www-data 4.0K Dec  1 11:55 data
drwxr-xr-x  2 www-data www-data  12K Dec  1 11:04 dist
-rw-r--r--  1 www-data www-data  156 Dec  1 11:04 index.html
-rw-r--r--  1 www-data www-data 3.4K Dec  1 11:04 index.php
drwxr-xr-x  6 www-data www-data 4.0K Dec  1 11:04 lib
-rw-r--r--  1 root     root        0 Dec 11 18:21 nextcloud-init-sync.lock
-rwxr-xr-x  1 www-data www-data  283 Dec  1 11:04 occ
drwxr-xr-x  2 www-data www-data 4.0K Dec  1 11:04 ocs
drwxr-xr-x  2 www-data www-data 4.0K Dec  1 11:04 ocs-provider
-rw-r--r--  1 www-data www-data 1.8M Dec  1 11:04 package-lock.json
-rw-r--r--  1 www-data www-data 6.2K Dec  1 11:04 package.json
-rw-r--r--  1 www-data www-data 3.2K Dec  1 11:04 public.php
-rw-r--r--  1 www-data www-data 5.5K Dec  1 11:04 remote.php
drwxr-xr-x  4 www-data www-data 4.0K Dec  1 11:04 resources
-rw-r--r--  1 www-data www-data   26 Dec  1 11:04 robots.txt
-rw-r--r--  1 www-data www-data 2.4K Dec  1 11:04 status.php
drwxr-xr-x  3 www-data www-data 4.0K Dec  1 11:04 themes
-rw-r--r--  1 www-data www-data  403 Dec  1 11:04 version.php
root@2ae72224608a:/var/www/html#

I’m running my Nextcloud instance in a Docker container, which might add a layer of complexity to the permissions setup. I’m looking for insights or solutions from anyone who might have faced and resolved a similar issue in a Docker environment.

Any suggestions on how to diagnose and fix this issue?

Thank you for your help!

Best regards

wwe · December 19, 2023, 3:00pm

you should check the right on this folder on your host

the user should be 33:33 (most often www-data) and the rights 740 for directories and 640 for files. this should be a quick-fix:

sudo chown -R www-data:www-data /home/docker-projects/nextcloud/volumes/html;
find /home/docker-projects/nextcloud/volumes/html -type d -exec sudo chmod 750 '{}' \;
find /home/docker-projects/nextcloud/volumes/html -type f -exec sudo chmod 640 '{}' \;

BoBBer446 · December 20, 2023, 1:23pm

Thank you so much for the help with the NotPermittedException error on my Dockerized Nextcloud instance.

Your suggestion to adjust the permissions and ownership of the /home/docker-projects/nextcloud/volumes/html directory was spot-on.

Using chown to set the user and group to www-data and chmod to set directory permissions to 750 and file permissions to 640 resolved my issue perfectly.

Your quick and effective advice was greatly appreciated!

BoBBer446 · February 9, 2024, 9:42am

Because I managed to destroy it again

For those setting up Nextcloud in a Docker container with PostgreSQL and looking to repair file and folder permissions, as well as ownership and group settings, here’s a concise guide:

Set Ownership for Nextcloud Directory: Ensure that the Nextcloud directory is owned by the www-data user and group, which is standard for web servers like Apache or Nginx. This allows the web server to read, write, and execute files as needed.
```
sudo chown -R www-data:www-data /home/docker-projects/nextcloud-zwei/nc-data;
```
Secure Directory Permissions: Apply a permission scheme of 750 for directories, allowing the owner full access, the group read and execute permissions, and no access for others. This limits access to essential parties only.
```
find /home/docker-projects/nextcloud-zwei/nc-data -type d -exec sudo chmod 750 '{}' \;
```
Secure File Permissions: Set file permissions to 640, granting the owner read and write access, the group read access, and preventing any access by others. This protects sensitive data from unauthorized viewing.
```
find /home/docker-projects/nextcloud-zwei/nc-data -type f -exec sudo chmod 640 '{}' \;
```

Repair PostgreSQL Permissions

Adjust Ownership for PostgreSQL Data Directory: Change the ownership of the PostgreSQL data directory to the appropriate user and group, typically lxd:root for the initial setup, and then lxd:docker for recursive ownership, ensuring the database process can access its files.
```
sudo chown lxd:root /home/docker-projects/nextcloud-zwei/postgres-data
sudo chown -R lxd:docker /home/docker-projects/nextcloud-zwei/postgres-data*
```
Set Directory Permissions: Apply a permission level of 700 to directories within the PostgreSQL data folder, allowing only the owner to read, write, and execute, which is crucial for database security.
```
sudo find /home/docker-projects/nextcloud-zwei/postgres-data -type d -exec chmod 700 {} \;
```
Set File Permissions: Ensure files within the PostgreSQL data directory have a permission setting of 600, allowing only the owner read and write access, safeguarding against unauthorized data access.
```
sudo find /home/docker-projects/nextcloud-zwei/postgres-data -type f -exec chmod 600 {} \;
```

These steps are essential for maintaining a secure Nextcloud installation with PostgreSQL in a Docker environment, ensuring both functionality and data protection.