Facing NotPermittedException Error in Dockerized Nextcloud Instance

Hello Nextcloud Community,

I’m using a Nextcloud instance within a Docker container and have encountered a permission-related error. The error is as follows:

Exception thrown: OCP\Files\NotPermittedException
Could not create folder "/appdata_ock30l3row2q/preview/5/5/2/4/e/d/5/157830"

This error occurs when Nextcloud tries to generate a preview image. It seems like a permission issue, where the process is not allowed to create a folder in the specified path.

Compose-file is:

version: '3.8'

services:
  db:
    image: postgres
    restart: always
    volumes:
      - /home/docker-projects/nextcloud/volumes/db:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=
      - POSTGRES_USER=
      - POSTGRES_PASSWORD=

  redis:
    image: redis:alpine
    restart: always

  app:
    image: nextcloud
    ports:
      - 8009:80
    links:
      - db
      - redis
    volumes:
      - /home/docker-projects/nextcloud/volumes/html:/var/www/html
      - /home/docker-projects/nextcloud/NasFotos:/mnt/NasPhotos
    restart: always
    environment:
      - POSTGRES_HOST=db
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_PASSWORD=
      - NEXTCLOUD_ADMIN_USER=
      - NEXTCLOUD_ADMIN_PASSWORD=
      - NEXTCLOUD_DEFAULT_PHONE_REGION=DE
      - REDIS_HOST=redis
      - PHP_MEMORY_LIMIT=1024M

$ docker exec -it nextcloud-app-1 bash
root@2ae72224608a:/var/www/html# whoami
root
root@2ae72224608a:/var/www/html# id
uid=0(root) gid=0(root) groups=0(root)
root@2ae72224608a:/var/www/html# groups
root
root@2ae72224608a:/var/www/html# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

root@2ae72224608a:/var/www/html# ls -lh
total 2.0M
drwxr-xr-x 45 www-data www-data 4.0K Dec  1 11:04 3rdparty
-rw-r--r--  1 www-data www-data  24K Dec  1 11:04 AUTHORS
-rw-r--r--  1 www-data www-data  34K Dec  1 11:04 COPYING
drwxr-xr-x 51 www-data www-data 4.0K Dec  1 11:04 apps
-rw-r--r--  1 www-data www-data 1.3K Dec  1 11:04 composer.json
-rw-r--r--  1 www-data www-data 3.1K Dec  1 11:04 composer.lock
drwxr-xr-x  2 www-data www-data 4.0K Dec  8 08:02 config
-rw-r--r--  1 www-data www-data 4.0K Dec  1 11:04 console.php
drwxr-xr-x 24 www-data www-data 4.0K Dec  1 11:04 core
-rw-r--r--  1 www-data www-data 6.2K Dec  1 11:04 cron.php
drwxr-xr-x  7 www-data www-data 4.0K Dec 10 13:31 custom_apps
drwxrwx---  5 www-data www-data 4.0K Dec  1 11:55 data
drwxr-xr-x  2 www-data www-data  12K Dec  1 11:04 dist
-rw-r--r--  1 www-data www-data  156 Dec  1 11:04 index.html
-rw-r--r--  1 www-data www-data 3.4K Dec  1 11:04 index.php
drwxr-xr-x  6 www-data www-data 4.0K Dec  1 11:04 lib
-rw-r--r--  1 root     root        0 Dec 11 18:21 nextcloud-init-sync.lock
-rwxr-xr-x  1 www-data www-data  283 Dec  1 11:04 occ
drwxr-xr-x  2 www-data www-data 4.0K Dec  1 11:04 ocs
drwxr-xr-x  2 www-data www-data 4.0K Dec  1 11:04 ocs-provider
-rw-r--r--  1 www-data www-data 1.8M Dec  1 11:04 package-lock.json
-rw-r--r--  1 www-data www-data 6.2K Dec  1 11:04 package.json
-rw-r--r--  1 www-data www-data 3.2K Dec  1 11:04 public.php
-rw-r--r--  1 www-data www-data 5.5K Dec  1 11:04 remote.php
drwxr-xr-x  4 www-data www-data 4.0K Dec  1 11:04 resources
-rw-r--r--  1 www-data www-data   26 Dec  1 11:04 robots.txt
-rw-r--r--  1 www-data www-data 2.4K Dec  1 11:04 status.php
drwxr-xr-x  3 www-data www-data 4.0K Dec  1 11:04 themes
-rw-r--r--  1 www-data www-data  403 Dec  1 11:04 version.php
root@2ae72224608a:/var/www/html#

I’m running my Nextcloud instance in a Docker container, which might add a layer of complexity to the permissions setup. I’m looking for insights or solutions from anyone who might have faced and resolved a similar issue in a Docker environment.

Any suggestions on how to diagnose and fix this issue?

Thank you for your help!

Best regards

you should check the right on this folder on your host

the user should be 33:33 (most often www-data) and the rights 740 for directories and 640 for files. this should be a quick-fix:

sudo chown -R www-data:www-data /home/docker-projects/nextcloud/volumes/html;
find /home/docker-projects/nextcloud/volumes/html -type d -exec sudo chmod 750 '{}' \;
find /home/docker-projects/nextcloud/volumes/html -type f -exec sudo chmod 640 '{}' \;
2 Likes

Thank you so much for the help with the NotPermittedException error on my Dockerized Nextcloud instance.

Your suggestion to adjust the permissions and ownership of the /home/docker-projects/nextcloud/volumes/html directory was spot-on.

Using chown to set the user and group to www-data and chmod to set directory permissions to 750 and file permissions to 640 resolved my issue perfectly.

Your quick and effective advice was greatly appreciated!

1 Like

Because I managed to destroy it again :smiley: :rofl:

For those setting up Nextcloud in a Docker container with PostgreSQL and looking to repair file and folder permissions, as well as ownership and group settings, here’s a concise guide:

  1. Set Ownership for Nextcloud Directory: Ensure that the Nextcloud directory is owned by the www-data user and group, which is standard for web servers like Apache or Nginx. This allows the web server to read, write, and execute files as needed.

    sudo chown -R www-data:www-data /home/docker-projects/nextcloud-zwei/nc-data;
    
  2. Secure Directory Permissions: Apply a permission scheme of 750 for directories, allowing the owner full access, the group read and execute permissions, and no access for others. This limits access to essential parties only.

    find /home/docker-projects/nextcloud-zwei/nc-data -type d -exec sudo chmod 750 '{}' \;
    
  3. Secure File Permissions: Set file permissions to 640, granting the owner read and write access, the group read access, and preventing any access by others. This protects sensitive data from unauthorized viewing.

    find /home/docker-projects/nextcloud-zwei/nc-data -type f -exec sudo chmod 640 '{}' \;
    

Repair PostgreSQL Permissions

  1. Adjust Ownership for PostgreSQL Data Directory: Change the ownership of the PostgreSQL data directory to the appropriate user and group, typically lxd:root for the initial setup, and then lxd:docker for recursive ownership, ensuring the database process can access its files.

    sudo chown lxd:root /home/docker-projects/nextcloud-zwei/postgres-data
    sudo chown -R lxd:docker /home/docker-projects/nextcloud-zwei/postgres-data*
    
  2. Set Directory Permissions: Apply a permission level of 700 to directories within the PostgreSQL data folder, allowing only the owner to read, write, and execute, which is crucial for database security.

    sudo find /home/docker-projects/nextcloud-zwei/postgres-data -type d -exec chmod 700 {} \;
    
  3. Set File Permissions: Ensure files within the PostgreSQL data directory have a permission setting of 600, allowing only the owner read and write access, safeguarding against unauthorized data access.

    sudo find /home/docker-projects/nextcloud-zwei/postgres-data -type f -exec chmod 600 {} \;
    

These steps are essential for maintaining a secure Nextcloud installation with PostgreSQL in a Docker environment, ensuring both functionality and data protection.

1 Like