Nextcloud version:
Helm Chart version2.14.2
with Docker Image tag23.0.3-fpm
running Nextcloud23.0.3.2
Operating system and version:
Kubernetes Distro k3s in Versionv1.23.5+k3s1
Apache or nginx version:
The Nextcloud Docker image includes versionnginx/1.21.6
PHP version:php --version PHP 8.0.17 (cli) (built: Mar 29 2022 02:31:00) ( NTS ) Copyright (c) The PHP Group Zend Engine v4.0.17, Copyright (c) Zend Technologies with Zend OPcache v8.0.17, Copyright (c), by Zend Technologies
The issue you are facing:
I recently upgraded from NC 21 to 22 and then 23. I don’t know really since when, but recently the Nextcloud logs complain about insufficient file permissions.
This error only occurs, when updating the file over WebDAV (with the Keepass2Android app). Within the Nextcloud WebGUI I can edit the file as usual.
The file permissions (including the whole path) looking fine:
$ ls -lah /var/www/html/data/thomass/files/works/keepass/databases/crucial.kdbx
-rwxrwx--- 1 www-data www-data 2.3M Apr 27 09:34 /var/www/html/data/thomass/files/works/keepass/databases/crucial.kdbx
The php-fpm config seems to be correct:
grep -E '^(user|group)' /usr/local/etc/php-fpm.d/www.conf
user = www-data
group = www-data
All php-fpm processes (despite the initial one) running as www-data
user:
ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.2 266968 37564 ? Ss 04:18 0:01 php-fpm: master process (/usr/local/etc/php-fpm.conf)
www-data 42 0.2 0.5 325976 90108 ? S 04:18 0:57 php-fpm: pool www
www-data 43 0.2 0.5 323260 88352 ? S 04:18 0:55 php-fpm: pool www
www-data 44 0.2 0.5 399280 89604 ? S 04:18 0:56 php-fpm: pool www
...
Is this the first time you’ve seen this error?: Y
Steps to replicate it:
- In Keepass2Android I configured to access the database file directly on Nextcloud over WebDAV
- When making local changes and pushing updates to Nextcloud, Keepass2Android receives a HTTP 500 response.
The output of your Nextcloud log in Admin > Logging:
PHP Error: file_put_contents(/var/www/html/data/thomass/files/works/keepass/databases/crucial.kdbx): Failed to open stream: Permission denied at /var/www/html/lib/private/Files/Storage/Local.php#282
The output of your config.php file
<?php
$CONFIG = array (
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'nc.xxxxx.de',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '23.0.3.2',
'dbname' => 'nextcloud',
'dbhost' => 'nextcloud-mariadb',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'xxxxx',
'dbpassword' => 'xxxxx',
'installed' => true,
'maintenance' => false,
'data-fingerprint' => 'xxxxx',
'loglevel' => 0,
'theme' => '',
'allow_user_to_change_display_name' => false,
'lost_password_link' => 'disabled',
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'passwordsalt' => 'xxxxx',
'secret' => 'xxxxx',
'instanceid' => 'xxxxx',
'default_phone_region' => 'DE',
'filesystem_check_changes' => 1,
'overwriteprotocol' => 'https',
'trusted_proxies' =>
array (
0 => 'traefik.svc.cluster.local',
),
'overwrite.cli.url' => 'http://nc.xxxxx.de',
'overwritehost' => 'nc.xxxxx.de',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'nextcloud-redis-master',
'port' => '6379',
'password' => 'xxxxx',
),
'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
'preview_max_x' => '3840',
'preview_max_y' => '2160',
'jpeg_quality' => '60',
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\HEIC',
4 => 'OC\\Preview\\BMP',
5 => 'OC\\Preview\\XBitmap',
6 => 'OC\\Preview\\MP3',
7 => 'OC\\Preview\\TXT',
8 => 'OC\\Preview\\MarkDown',
),
'oidc_login_provider_url' => 'https://sso.xxxxx.de/auth/realms/default',
'oidc_login_client_id' => 'xxxxx',
'oidc_login_client_secret' => 'xxxxx',
'oidc_login_auto_redirect' => true,
'oidc_login_logout_url' => 'https://sso.xxxxx.de/auth/realms/default/protocol/openid-connect/logout?redirect_uri=https%3A%2F%2Fnc.xxxxx.de%2F',
'oidc_login_button_text' => 'Log in with Keycloak',
'oidc_login_hide_password_form' => true,
'oidc_login_attributes' =>
array (
'id' => 'preferred_username',
'name' => 'name',
'mail' => 'email',
'groups' => 'nextcloudGroups',
'is_admin' => 'nextcloudAdmin',
),
'oidc_login_scope' => 'openid profile',
'oidc_login_disable_registration' => false,
'oidc_login_redir_fallback' => true,
'oidc_login_tls_verify' => true,
'oidc_create_groups' => false,
);
The output of your Apache/nginx/system log
10.42.x.x - - [27/Apr/2022:22:06:01 +0200] "PUT /remote.php/webdav/works/keepass/databases/crucial.kdbx HTTP/1.1" 401 426 "-" "okhttp/4.10.0-RC1" "10.42.0.1"
10.42.x.x - userx [27/Apr/2022:22:06:02 +0200] "PUT /remote.php/webdav/works/keepass/databases/crucial.kdbx HTTP/1.1" 500 306 "-" "okhttp/4.10.0-RC1" "10.42.0.1"
Output errors in nextcloud.log in /var/www/
{
"reqId": "7f8Q6y7ON9mpA2Ww3epR",
"level": 3,
"time": "2022-04-27T06:02:46+00:00",
"remoteAddr": "10.42.0.119",
"user": "thomass",
"app": "PHP",
"method": "PUT",
"url": "/remote.php/webdav/works/keepass/databases/crucial.kdbx",
"message": "file_put_contents(/var/www/html/data/thomass/files/works/keepass/databases/crucial.kdbx): Failed to open stream: Permission denied at /var/www/html/lib/private/Files/Storage/Local.php#282",
"userAgent": "okhttp/4.10.0-RC1",
"version": "23.0.3.2",
"exception": {
"Exception": "Error",
"Message": "file_put_contents(/var/www/html/data/thomass/files/works/keepass/databases/crucial.kdbx): Failed to open stream: Permission denied at /var/www/html/lib/private/Files/Storage/Local.php#282",
"Code": 0,
"Trace": [
{
"function": "onError",
"class": "OC\\Log\\ErrorHandler",
"type": "::",
"args": [
2,
"file_put_contents(/var/www/html/data/thomass/files/works/keepass/databases/crucial.kdbx): Failed to open stream: Permission denied",
"/var/www/html/lib/private/Files/Storage/Local.php",
282
]
},
{
"file": "/var/www/html/lib/private/Files/Storage/Local.php",
"line": 282,
"function": "file_put_contents",
"args": [
"/var/www/html/data/thomass/files/works/keepass/databases/crucial.kdbx",
null
]
},
{
"file": "/var/www/html/lib/private/Files/Storage/Local.php",
"line": 573,
"function": "file_put_contents",
"class": "OC\\Files\\Storage\\Local",
"type": "->",
"args": [
"files/works/keepass/databases/crucial.kdbx",
null
]
},
{
"file": "/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php",
"line": 647,
"function": "writeStream",
"class": "OC\\Files\\Storage\\Local",
"type": "->",
"args": [
"files/works/keepass/databases/crucial.kdbx",
null,
"*** sensitive parameter replaced ***"
]
},
{
"file": "/var/www/html/apps/dav/lib/Connector/Sabre/File.php",
"line": 218,
"function": "writeStream",
"class": "OC\\Files\\Storage\\Wrapper\\Wrapper",
"type": "->",
"args": [
"files/works/keepass/databases/crucial.kdbx",
null
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 1137,
"function": "put",
"class": "OCA\\DAV\\Connector\\Sabre\\File",
"type": "->",
"args": [
null
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/CorePlugin.php",
"line": 492,
"function": "updateFile",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": [
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php",
"line": 89,
"function": "httpPut",
"class": "Sabre\\DAV\\CorePlugin",
"type": "->",
"args": [
{
"__class__": "Sabre\\HTTP\\Request"
},
{
"__class__": "Sabre\\HTTP\\Response"
}
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 472,
"function": "emit",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": [
"method:PUT",
[
{
"__class__": "Sabre\\HTTP\\Request"
},
{
"__class__": "Sabre\\HTTP\\Response"
}
]
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 253,
"function": "invokeMethod",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": [
{
"__class__": "Sabre\\HTTP\\Request"
},
{
"__class__": "Sabre\\HTTP\\Response"
}
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 321,
"function": "start",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": []
},
{
"file": "/var/www/html/apps/dav/appinfo/v1/webdav.php",
"line": 83,
"function": "exec",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": []
},
{
"file": "/var/www/html/remote.php",
"line": 166,
"args": [
"/var/www/html/apps/dav/appinfo/v1/webdav.php"
],
"function": "require_once"
}
],
"File": "/var/www/html/lib/private/Log/ErrorHandler.php",
"Line": 92,
"CustomMessage": "--"
}
}
Thanks in advance for any help or advices.