Help understanding oc_filecache permissions

Hey all!

I’m trying to understand where the permission IDs (codes) come from for the database table oc_filecache.

I had a file with permissions = 19 which behaved as read-only (could be viewed, but not changed, deleted or renamed).
Looking at other files I’ve changed it to permissions = 27 like:
update oc_filecache set permissions = 27 where fileid = 559;
After that I could move and delete it.

Now, I see bunch of different values such as 19, 26, 27, 31 but I can’t trace it to neither a code table of some kind, nor could I find any documentation or mention of those in the code repo.

Could someone point me (or just straight tell me) what does each code value stand for? Or where they come from? Are they taken from file system, enforced by some logic, anything.

To explain further, once I am sure which code does what I’d like to change the codes in the oc_filecache table for subsection of the files and folders, making them read-only “protected” archives, accessible to everyone but not allowing anyone to move, delete or change the data in any way. In theory I could just blindly put “19” on everything, but that would be foolish without knowing the bigger picture.


First, I consider it critical to change the values in tables of other apps without understanding the implications of that. The table name suggests it is a file cache. So, it might be updated by e.g. occ files:scan or similar functions.

Having said that, I want to point you to the files app. That can be found in the nextcloud/server repo. There, you should be able to get the root of said table entries.

I guess that this is similar to unix file permissions. You have to convert to binary format in order to read them in a better way. E.g 19 = 16 + 2 + 1 and 26 = 16 + 8 + 2 and 27 = 16 + 8 + 2 + 1. So, 16 seems like readable and 8 might be change or remove or something similar.

Just an educated guess from my side.

I’m not a coder but I think permissions are defined in this file:

this is is often used in a code as \OCP\Constants::PERMISSION

19 = 16 + 2 + 1 (SHARE+READ+UPDATE) for me it looks a little like a file which was locked and the lock became stale…

this is not exactly the case… in fact this is the main place where files existing in storage linked into application DB and from there NC builds it’s own functions (permissions, shares, tags etc…)

very good guess - compliment :rose:

1 Like

This is great info, thank you guys!

And I see why I couldn’t find that constants file, I was searching with “OCP::” which I’ve found in other files, should’ve searched just the second part.

So, if I’d like to set some files to read-only then I’d set it to “1”, if I want to allow sharing but as read-only, then I’d use “17”.

Good thing I asked, as 19 includes “update” which would probably allow any sync app to overwrite existing file, so two thumbs up :+1::+1:

I’ll try to find a bit better way, but if I don’t find one soon I’ll do a test with “1” & “17” and see what happens.

Thank you both again!

Just make it 1 | 16 as 1 & 16 is 0. Just to avoid issues (see PHP bitwise AND/OR operators).

Ah, sorry, I wanted to say that I would try with setting either “1” in database, or “17” in the database (for those files). Is that logical?

I assume you meant “1 | 16” as a check somewhere in the code? NC code is a bit too overwhelming for me :sweat_smile: I was thinking making that an add-on as app, but woah, it requires too much learning.

Just for the reference, the PHP constants are located in this file. This shows the definitions of the \OCP\Constants class with the corresponding constants.

I suggest to write something like Constants::PERMISSION_SHARE | Constants::PERMISSION_READ. This is rather readable without hard-coding the constants in your app’s code.