Force Directory and File Permissions

When a user creates a folder or uploads a file using nextcloud, how do I force file ownership and group permissions for the file. Currently they are getting created as www-data:www-data and I’d like them to be created with a certain group always (“Domain Users”)

Thank You!

TL

Hi,

My guess is: run the web server with that group.

Hmm, not sure if I understood right, but you don’t mean Nextcloud internal user groups right?

Nextcloud cannot influence with what “system” user and group files are created. They are created by the webserver according to its user and group settings within e.g. /etc/apache2/apache.conf

I don’t know about any method to differentiate this for e.g. different Nextcloud users. This also makes sense as the webserver has just it’s single defined user permissions that it uses to create files.

So yes you can adjust the webserver user and group and with this the files it creates, but only for the whole Nextcloud instance at once and all other web sites it provides.

Could it be, that you want to share that data via file services as well? This is the only reason, your request makes sense. If that is the case - don’t do it - at least not for the actual NC data folder. You will screw up the relation between your stored data and their states in the DB, unless you’re jumping through some hoops and establish some kind of periodical sync for that.

NC is not a file server and it shouldn’t be treated as one. If you want to sync using NC and have the same data shared via SMB, use the external storage app to make that data available to NC, but not the other way round.

So I have a SMB share that has been a file share for many years. We have installed a nextcloud instance and added the SMB share as an external storage location in nextcloud.

Some of our users have begin using nextcloud to create folders within the SMB share but they are added with the webserver user and group. Makes since that I could change the webserver group to one that has shared permissions but is there a way to force the chmod permission when a file or folder is created through nextcloud?

Thanks

These files will be stored with the user and group of the user that nextcloud uses to access the share.

You could run a cron script to chgrp them to the group you want. It’s as simplistic solution but maybe it’s all you need?

I thought we mentioned that as probable solution already:

Or do I misunderstand you and you explicitly don’t want to run the web server / PHP handler with another group?
When you run apache (which we don’t know because there was no description what software you run) refer to the advise Michalng gave. If you’re running nginx you could change the group setting in php-fpm.ini:

group [string]
Unix group of FPM processes. If not set, the default user’s group is used
(http://php.net/manual/en/install.fpm.configuration.php)

chmod g+s is successfully applying the correct group for new folders however they are created without group having write permission.

Short version of this question would be to ask where in nextcloud is the folder created and could I add to that setting permissions correctly.

I mean I understand they are created with the www-data user and group normally but why wouldn’t I be able to set group write permissions as well.

This is an apache setup on ubuntu btw with ZFS pool.

TL

The permissions are defined by umask. If you change the umask value to 007 for the web server user that should work. Your current value is either 022 or 027.

1 Like

That’s what I wanted! Just changed the umask in apache’s envvars and everythings working the way I want.

Thanks!

2 Likes

Hey. Could you tell me how you did to change the umask? I’m with the same goal.

I edited the file \lib\private\Files\Storage\Local.php and changed the umask to 007.

How did you do it?

For those interested it was addressed in version 25+
Add to config.php 'localstorage.umask' => 002,
While umask will still return 0022, new folders will be given group write permissions.
I think there is also a plan to backport it to 24?