How can I run a hook script without getting permission denied?

Hi, I hope you’re well.

I run nextcloud on Docker using this image:
https://hub.docker.com/_/nextcloud/
Sorry, we were unable to generate a preview for this web page, because the following oEmbed / OpenGraph tag could not be found: description

I have a script inside the /docker-entrypoint-hooks.d folder (in the container). This script does the following:

apt update
apt install -y lsb-release intel-media-va-driver zlib1g libx11-dev wget ocrmypdf tesseract-ocr-eng tesseract-ocr-por sm>echo "deb http://ftp.debian.org/debian $(lsb_release -cs) non-free" >> /etc/apt/sources.list.d/intel-graphics.list
apt update
rm -rf /var/lib/apt/lists/*
pipx install --include-deps nc_py_api
pipx ensurepath
freshclam
php occ db:add-missing-indices
php occ config:system:set default_phone_region --value=GB
wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-keyring_1.1-1_all.deb
dpkg -i cuda-keyring_1.1-1_all.deb
apt update
apt -y install cuda-toolkit linux-headers-amd64 nvidia-gds cudnn9-cuda-12
apt update
groupadd render
usermod -aG render www-data

When the container starts, it correctly reads for scripts in the hooks folder…
but then nothing executes correctly, I get permission denied errors…
How can I get this script to run without the permission errors?
If I call the script within the container (docker exec -it nextcloud bash) it runs successfully, but if it executes from a hook script it doesn’t. I really need to ensure it executes because I have to install some dependencies to make the instance function and I cannot use a Dockerfile.

I appreciate your help, and eagerly await your valuable advice.

Thanks.

Hooks run as www-data / --user. They do not run as root. They also run every time the container starts.

The php occ commands in there seem fine, but…

Based on the contents of the script you posted, a Dockerfile to extend/customize the image might be more appropriate for all the other stuff you’re trying to do: GitHub - nextcloud/docker: ⛴ Docker image of Nextcloud

3 Likes

Thanks @jtr

I had a go at adapting a Dockerfile. It builds, and I can create the container, however, it does not launch.

Contents of my Dockerfile are below:

FROM nextcloud:latest

# Update package lists once and Install core dependencies
RUN set -ex; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
    lsb-release \
    intel-media-va-driver \
    libx11-dev \
    ocrmypdf \
    tesseract-ocr-eng \
    tesseract-ocr-por \
    smbclient \
    ffmpeg \
    imagemagick-common \
    python3-pip \
    pipx \
    clamav \
    clamav-daemon \
    libopenblas-dev \
    liblapack-dev \
    git \
    cmake \
    make \
    zlib1g \
    wget \
    intel-gpu-tools \
    i965-va-driver


# Add repository for non-free Intel graphics drivers
RUN echo "deb http://ftp.debian.org/debian $(lsb_release -cs) non-free" >> /etc/apt/sources.list.d/intel-graphics.list

# Clean up temporary files
RUN rm -rf /var/lib/apt/lists/*

# Install nc_py_api using pipx
RUN pipx install --include-deps nc_py_api

# Add pipx to PATH
RUN pipx ensurepath

# Update ClamAV virus signatures
RUN freshclam

# Download CUDA keyring file directly
RUN wget -O cuda-keyring_1.1-1_all.deb https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-keyring_1.1-1_all.deb

# Install the CUDA keyring file
RUN dpkg -i cuda-keyring_1.1-1_all.deb

# Update package lists after installing the CUDA keyring
RUN apt update

# Install CUDA toolkit, headers, and GDS (remove nvidia-related packages)
RUN apt -y install cuda-toolkit linux-headers-amd64

# Add user www-data to the render group
RUN groupadd render
RUN usermod -aG render www-data

And I can execute the occ commands as www-data using the hooks, but for now to make sure this is not causing the issue, I am not using hook scripting.

When I start the container using my custom image based on my Dockerfile per above, I just get this on my Docker logs, any ideas greatly appreciated please:

Configuring Redis as session handler
Warning: /var/www/html/config/autoconfig.php differs from the latest version of this image at /usr/src/nextcloud/config/autoconfig.php
Warning: /var/www/html/config/redis.config.php differs from the latest version of this image at /usr/src/nextcloud/config/redis.config.php
Warning: /var/www/html/config/s3.config.php differs from the latest version of this image at /usr/src/nextcloud/config/s3.config.php
Warning: /var/www/html/config/smtp.config.php differs from the latest version of this image at /usr/src/nextcloud/config/smtp.config.php
Warning: /var/www/html/config/upgrade-disable-web.config.php differs from the latest version of this image at /usr/src/nextcloud/config/upgrade-disable-web.config.php
=> Skipping the folder "/docker-entrypoint-hooks.d/before-starting", because it doesn't exist
Usage: apache2 [-D name] [-d directory] [-f file]
               [-C "directive"] [-c "directive"]
               [-k start|restart|graceful|graceful-stop|stop]
               [-v] [-V] [-h] [-l] [-L] [-t] [-T] [-S] [-X]
Options:
  -D name            : define a name for use in <IfDefine name> directives
  -d directory       : specify an alternate initial ServerRoot
  -f file            : specify an alternate ServerConfigFile
  -C "directive"     : process directive before reading config files
  -c "directive"     : process directive after reading config files
  -e level           : show startup errors of level (see LogLevel)
  -E file            : log startup errors to file
  -v                 : show version number
  -V                 : show compile settings
  -h                 : list available command line options (this page)
  -l                 : list compiled in modules
  -L                 : list available configuration directives
  -t -D DUMP_VHOSTS  : show parsed vhost settings
  -t -D DUMP_RUN_CFG : show parsed run settings
  -S                 : a synonym for -t -D DUMP_VHOSTS -D DUMP_RUN_CFG
  -t -D DUMP_MODULES : show all loaded modules 
  -M                 : a synonym for -t -D DUMP_MODULES
  -t -D DUMP_INCLUDES: show all included configuration files
  -t                 : run syntax check for config files
  -T                 : start without DocumentRoot(s) check
  -X                 : debug mode (only one worker, do not detach)

Nextcloud does not start.

Fixed. I had a look at the image nextcloud:latest and was missing two lines in the Dockerfile:

ENTRYPOINT [“/entrypoint.sh”]

CMD [“apache2-foreground”]

It has launched now and is running, thanks for the guidance and God bless :slight_smile:

1 Like