Minimal write permissions for nextcloud folder


On my self-hosted web server, I plan to make my current user owner of /var/www/html and set the owner group to www-data. As proposed here.
By default, the www-data group cannot write to folders. So I need to grant write permissions on a case by case basis.
So which folders should be writable from the web server ? maybe config, apps ?


I advise against it. There are millions of Nextcloud installations that work differently. Do you think it makes sense to deviate from that?

I think the webserver user should own /var/www/html and everything under it (user www-data, group www-data). And if the Nextcloud runs well (which runs as webserver user), then and only then you should think about your normal user, how he can write to the directory in addition somehow. And even then it is stupid as a normal user to write to this directory structure. And Nextcloud doesn’t get to know anything about it anyway or has inconsistent data at most or even misses data. And even if you write manually files to the Nextcloud data directory as www-data, you have to run occ files:scan --all for Nextcloud to even notice.

1 Like

Thanks for your advice. I used to set permissions like these on a web server where I often need to manually put files in (and so avoid chown after copying).
I understand that in nextcloud case, I never need to manually put files in nextcloud directory. For me the only advantage of owning /var/www/html was for backing up (I don’t have to do a sudo -u www-data which prevent me to automated backup). But as I understand I better have to let the default directories owner and find another way to backup nextcloud.

Normally root makes the backups. Also if you want to upload/manage files in /var/www/html (outside of Nextcloud) you can use one-php-file-manager like Tiny File Manager.