TLTR: I used nextcloud with apache in docker before with success. Now i switch to nextcloud with nginx and i get permission error because the new owner of all relevant files is not www-data anymore but xfs.
I am migrating my nextcloud docker environment from apache to nginx. After that i’ll get this error in web interface:
Configuration was not read or initialized correctly, not overwriting /var/www/html/config/config.php
This sounds like permission issues at first. But i checked it:
[user@nuc nextcloud]$ sudo ls -la /var/lib/docker/volumes/nextcloud_nextcloud/_data
insgesamt 1264
drwxrwxrwx 14 http http 4096 28. Dez 12:04 .
drwxr-xr-x 3 root root 4096 3. Jan 2021 ..
drwxr-xr-x 43 http http 4096 28. Dez 10:03 3rdparty
drwxr-xr-x 50 http http 4096 28. Dez 10:03 apps
-rw-r--r-- 1 http http 23796 28. Dez 10:03 AUTHORS
-rw-r--r-- 1 http http 1906 28. Dez 10:03 composer.json
-rw-r--r-- 1 http http 3140 28. Dez 10:03 composer.lock
drwxr-xr-x 2 http http 4096 28. Dez 17:55 config
-rw-r--r-- 1 http http 4124 28. Dez 10:03 console.php
-rw-r--r-- 1 http http 34520 28. Dez 10:03 COPYING
drwxr-xr-x 24 http http 4096 28. Dez 10:04 core
-rw-r--r-- 1 http http 6317 28. Dez 10:03 cron.php
drwxr-xr-x 9 http root 4096 28. Dez 19:30 custom_apps
drwxrwx--- 2 http root 4096 25. Mär 2022 data
drwxr-xr-x 2 http http 20480 28. Dez 10:04 dist
-rw-r--r-- 1 http http 4342 28. Dez 10:04 .htaccess
-rw-r--r-- 1 http http 156 28. Dez 10:03 index.html
-rw-r--r-- 1 http http 4403 28. Dez 10:03 index.php
drwxr-xr-x 6 http http 4096 28. Dez 10:04 lib
-rw-r--r-- 1 root root 0 29. Dez 11:31 nextcloud-init-sync.lock
-rw-r--r-- 1 http http 0 28. Dez 12:04 nextcloud.log
-rwxr-xr-x 1 http http 283 28. Dez 10:03 occ
drwxr-xr-x 2 http http 4096 28. Dez 12:04 ocs
drwxr-xr-x 2 http http 4096 28. Dez 12:04 ocs-provider
-rw-r--r-- 1 http http 6991 28. Dez 10:03 package.json
-rw-r--r-- 1 http http 1070279 28. Dez 10:03 package-lock.json
-rw-r--r-- 1 http http 3187 28. Dez 10:03 public.php
-rw-r--r-- 1 http http 5597 28. Dez 10:03 remote.php
drwxr-xr-x 4 http http 4096 28. Dez 10:04 resources
-rw-r--r-- 1 http http 26 28. Dez 10:03 robots.txt
-rw-r--r-- 1 http http 2452 28. Dez 10:03 status.php
drwxr-xr-x 3 http root 4096 25. Mär 2022 themes
-rw-r--r-- 1 http http 101 28. Dez 10:03 .user.ini
-rw-r--r-- 1 http http 403 28. Dez 10:04 version.php
[user@nuc nextcloud]$ sudo ls -la /var/lib/docker/volumes/nextcloud_nextcloud/_data/config
insgesamt 124
-rw-r--r-- 1 http http 0 1. Aug 16:51 ,
drwxr-xr-x 2 http http 4096 28. Dez 17:55 .
drwxrwxrwx 14 http http 4096 28. Dez 12:04 ..
-rw-r--r-- 1 http http 0 1. Aug 16:51 23.0.3.2,
-rw-r--r-- 1 http http 0 1. Aug 16:51 6379,
-rw-r--r-- 1 http http 60 25. Mär 2022 apache-pretty-urls.config.php
-rw-r--r-- 1 http http 70 25. Mär 2022 apcu.config.php
-rw-r--r-- 1 http http 377 25. Mär 2022 apps.config.php
-rw-rw---- 1 http http 2025 29. Dez 09:34 config.php
-rw-r--r-- 1 http http 66350 25. Mär 2022 config.sample.php
-rw-r--r-- 1 http http 0 1. Aug 16:51 d7DgoxbqklIkNJtXkdh54S2azgA7+t5I550xMCKQO5grs96k,
-rw-r--r-- 1 http http 0 1. Aug 16:51 db,
-rw-r--r-- 1 http http 0 1. Aug 16:51 false,
-rw-r--r-- 1 http http 495 25. Mär 2022 .htaccess
-rw-r--r-- 1 http http 78 28. Dez 17:55 mimetypealiases.json
-rw-r--r-- 1 http http 160 28. Dez 17:55 mimetypemapping.json
-rw-r--r-- 1 http http 0 1. Aug 16:51 mysql,
-rw-r--r-- 1 http http 0 1. Aug 16:51 nextcloud,
-rw-r--r-- 1 http http 0 1. Aug 16:51 oc_,
-rw-r--r-- 1 http http 0 1. Aug 16:51 '\\OC\\Memcache\\APCu,'
-rw-r--r-- 1 http http 0 1. Aug 16:51 '\\OC\\Memcache\\Redis,'
-rw-r--r-- 1 http http 0 1. Aug 16:51 ocst4wxqk0vi,
-rw-r--r-- 1 http http 0 1. Aug 16:51 qgG_maWUIQB,
-rw-r--r-- 1 http http 0 1. Aug 16:51 redis,
-rw-r--r-- 1 http http 484 25. Mär 2022 redis.config.php
-rw-r--r-- 1 http http 798 25. Mär 2022 reverse-proxy.config.php
-rw-r--r-- 1 http http 1330 25. Mär 2022 s3.config.php
-rw-r--r-- 1 http http 0 1. Aug 16:51 my.server.com,
-rw-r--r-- 1 http http 944 25. Mär 2022 smtp.config.php
-rw-r--r-- 1 http http 1103 25. Mär 2022 swift.config.php
-rw-r--r-- 1 http http 0 1. Aug 16:51 true,
-rw-r--r-- 1 http http 0 1. Aug 16:51 Y5sGgY,
[user@nuc nextcloud]$ docker-compose exec app ls -al /var/www/html
total 1268
drwxrwxrwx 14 xfs xfs 4096 Dec 28 11:04 .
drwxrwxr-x 1 www-data root 4096 Dec 28 04:08 ..
-rw-r--r-- 1 xfs xfs 4342 Dec 28 09:04 .htaccess
-rw-r--r-- 1 xfs xfs 101 Dec 28 09:03 .user.ini
drwxr-xr-x 43 xfs xfs 4096 Dec 28 09:03 3rdparty
-rw-r--r-- 1 xfs xfs 23796 Dec 28 09:03 AUTHORS
-rw-r--r-- 1 xfs xfs 34520 Dec 28 09:03 COPYING
drwxr-xr-x 50 xfs xfs 4096 Dec 28 09:03 apps
-rw-r--r-- 1 xfs xfs 1906 Dec 28 09:03 composer.json
-rw-r--r-- 1 xfs xfs 3140 Dec 28 09:03 composer.lock
drwxr-xr-x 2 xfs xfs 4096 Dec 28 16:55 config
-rw-r--r-- 1 xfs xfs 4124 Dec 28 09:03 console.php
drwxr-xr-x 24 xfs xfs 4096 Dec 28 09:04 core
-rw-r--r-- 1 xfs xfs 6317 Dec 28 09:03 cron.php
drwxr-xr-x 9 xfs root 4096 Dec 28 18:30 custom_apps
drwxrwx--- 1 xfs xfs 4096 Dec 29 08:56 data
drwxr-xr-x 2 xfs xfs 20480 Dec 28 09:04 dist
-rw-r--r-- 1 xfs xfs 156 Dec 28 09:03 index.html
-rw-r--r-- 1 xfs xfs 4403 Dec 28 09:03 index.php
drwxr-xr-x 6 xfs xfs 4096 Dec 28 09:04 lib
-rw-r--r-- 1 root root 0 Dec 29 10:31 nextcloud-init-sync.lock
-rw-r--r-- 1 xfs xfs 0 Dec 28 11:04 nextcloud.log
-rwxr-xr-x 1 xfs xfs 283 Dec 28 09:03 occ
drwxr-xr-x 2 xfs xfs 4096 Dec 28 11:04 ocs
drwxr-xr-x 2 xfs xfs 4096 Dec 28 11:04 ocs-provider
-rw-r--r-- 1 xfs xfs 1070279 Dec 28 09:03 package-lock.json
-rw-r--r-- 1 xfs xfs 6991 Dec 28 09:03 package.json
-rw-r--r-- 1 xfs xfs 3187 Dec 28 09:03 public.php
-rw-r--r-- 1 xfs xfs 5597 Dec 28 09:03 remote.php
drwxr-xr-x 4 xfs xfs 4096 Dec 28 09:04 resources
-rw-r--r-- 1 xfs xfs 26 Dec 28 09:03 robots.txt
-rw-r--r-- 1 xfs xfs 2452 Dec 28 09:03 status.php
drwxr-xr-x 3 xfs root 4096 Mar 25 2022 themes
-rw-r--r-- 1 xfs xfs 403 Dec 28 09:04 version.php
[user@nuc nextcloud]$ docker-compose exec app ls -al /var/www/html/config
total 124
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 ,
drwxr-xr-x 2 xfs xfs 4096 Dec 28 16:55 .
drwxrwxrwx 14 xfs xfs 4096 Dec 28 11:04 ..
-rw-r--r-- 1 xfs xfs 495 Mar 25 2022 .htaccess
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 23.0.3.2,
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 6379,
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 Y5sGgY,
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 \\OC\\Memcache\\APCu,
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 \\OC\\Memcache\\Redis,
-rw-r--r-- 1 xfs xfs 60 Mar 25 2022 apache-pretty-urls.config.php
-rw-r--r-- 1 xfs xfs 70 Mar 25 2022 apcu.config.php
-rw-r--r-- 1 xfs xfs 377 Mar 25 2022 apps.config.php
-rw-rw---- 1 xfs xfs 2025 Dec 29 08:34 config.php
-rw-r--r-- 1 xfs xfs 66350 Mar 25 2022 config.sample.php
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 d7DgoxbqklIkNJtXkdh54S2azgA7+t5I550xMCKQO5grs96k,
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 db,
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 false,
-rw-r--r-- 1 xfs xfs 78 Dec 28 16:55 mimetypealiases.json
-rw-r--r-- 1 xfs xfs 160 Dec 28 16:55 mimetypemapping.json
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 mysql,
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 nextcloud,
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 oc_,
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 ocst4wxqk0vi,
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 qgG_maWUIQB,
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 redis,
-rw-r--r-- 1 xfs xfs 484 Mar 25 2022 redis.config.php
-rw-r--r-- 1 xfs xfs 798 Mar 25 2022 reverse-proxy.config.php
-rw-r--r-- 1 xfs xfs 1330 Mar 25 2022 s3.config.php
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 my.server.com,
-rw-r--r-- 1 xfs xfs 944 Mar 25 2022 smtp.config.php
-rw-r--r-- 1 xfs xfs 1103 Mar 25 2022 swift.config.php
-rw-r--r-- 1 xfs xfs 0 Aug 1 14:51 true,
[user@nuc nextcloud]$ docker-compose exec app ls -al /var/www/html/config/config.php
-rw-rw---- 1 xfs xfs 2025 Dec 29 08:34 /var/www/html/config/config.php
Sie haben neue Post in /var/mail/root.
[user@nuc nextcloud]$ sudo ls -la /var/lib/docker/volumes/nextcloud_nextcloud/_data/config/config.php
-rw-rw---- 1 http http 2025 29. Dez 09:34 /var/lib/docker/volumes/nextcloud_nextcloud/_data/config/config.php
So you can see, in the docker container the user xfs:xfs is owner of the files. On my system the user is called http. I checked the UID which is important here:
xfs is 33, http is 33.
So this is correct. Before i used apache, the user inside the container was www-data because his UID was 33.
Also if i try to set up some stuff in the container with the xfs user, it’s working:
[user@nuc nextcloud]$ docker exec --user xfs -it nextcloud_app php occ config:system:set trusted_proxies 0 --value="localhost"
System config value trusted_proxies => 0 set to string localhost
There is no error regarding permissions.
So i am not sure where the problem is?
Edit: also found this one but it doesn’t make difference if i give 660 to config.php or even to all files in config folder.
Edit 2: Weird:
[user@nuc nextcloud]$ docker exec --user xfs nextcloud_app ls -l /var/www/html/config/config.php
ls: /var/www/html/config/config.php: Permission denied
[user@nuc nextcloud]$ docker exec -it nextcloud_app /bin/sh
/var/www/html # ls
/var/www/html # cd config
/var/www/html/config # ls -l ./config.php
-rw-rw---- 1 xfs xfs 2061 Dec 29 11:05 ./config.php
So i guess there is a issue with this xfs user. Normally it should be ok to use this user as the UID is 33, but i have a weird feeling, i need to still use the www-data user and create a new user on my host with the UID 82, as this is the one of the www-data user inside the container?
[user@nuc nextcloud]$ sudo docker exec --user www-data nextcloud_app id
uid=82(www-data) gid=82(www-data) groups=82(www-data)
[user@nuc nextcloud]$ sudo docker exec --user xfs nextcloud_app id
uid=33(xfs) gid=33(xfs) groups=33(xfs)
[user@nuc nextcloud]$ grep "http" /etc/passwd
http:x:33:33::/srv/http:/usr/bin/nologin