[NC18] Problem to access data folder after upgrade to php 7.4

Hi,
After trying to update my nextcloud instance with beta version i’m stuck with an error.
It looks like a permission error on data folder but I don’t find it.

Any help would be appreciated :slight_smile:

Nextcloud version : 18.0.0 RC1
Operating system and version : Archlinux
Apache or nginx version : 1.17.7
PHP version : 7.4.1

The issue you are facing:
Votre répertoire n’est pas valide Assurez-vous que le répertoire de données contient un fichier “.ocdata” à sa racine. Impossible de créer le dossier “data” Ce problème est généralement résolu en donnant au serveur web un accès en écriture au répertoire racine. Voir https://docs.nextcloud.com/server/18/go.php?to=admin-dir_permissions

Is this the first time you’ve seen this error? : Y

Steps to replicate it:

No idea

The output of your Nextcloud log in Admin > Logging:

{"reqId":"XXX","level":1,"time":"2020-01-04T22:03:50+00:00","remoteAddr":"XXX","user":"--","app":"no app in context","method":"GET","url":"/","message":"Deprecated event type for \\OCP\\Files::preWrite: Symfony\\Component\\EventDispatcher\\GenericEvent","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0","version":"18.0.0.8"}
{"reqId":"XXX","level":1,"time":"2020-01-04T22:03:50+00:00","remoteAddr":"XXX","user":"--","app":"no app in context","method":"GET","url":"/","message":"Deprecated event type for \\OCP\\Files::preCreate: Symfony\\Component\\EventDispatcher\\GenericEvent","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0","version":"18.0.0.8"}
{"reqId":"XXX","level":1,"time":"2020-01-04T22:03:51+00:00","remoteAddr":"XXX","user":"--","app":"no app in context","method":"GET","url":"/favicon.ico","message":"Deprecated event type for \\OCP\\Files::preWrite: Symfony\\Component\\EventDispatcher\\GenericEvent","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0","version":"18.0.0.8"}
{"reqId":"XXX","level":1,"time":"2020-01-04T22:03:51+00:00","remoteAddr":"XXX","user":"--","app":"no app in context","method":"GET","url":"/favicon.ico","message":"Deprecated event type for \\OCP\\Files::preCreate: Symfony\\Component\\EventDispatcher\\GenericEvent","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0","version":"18.0.0.8"}

The output of your config.php file in /var/www/nextcloud

<?php
$CONFIG = array (
  'instanceid' => 'xxxxx',
  'passwordsalt' => 'xxxxx',
  'secret' => 'xxxxx',
  'trusted_domains' => 
  array (
    0 => 'xxxxx,
  ),
  'datadirectory' => '/home/nextcloud',
  'overwrite.cli.url' => 'xxxxx',
  'dbtype' => 'mysql',
  'version' => '18.0.0.8',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'XXX',
  'dbpassword' => 'XXX',
  'installed' => true,
  'filelocking.enabled' => 'true',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'mail_smtpmode' => 'smtp',
  'mail_smtpauthtype' => 'PLAIN',
  'mail_smtpsecure' => 'tls',
  'mail_from_address' => 'do-not-reply',
  'mail_domain' => 'xxxxx,
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'xxxxx,
  'mail_smtpport' => '587',
  'mail_smtpname' => 'xxxxx',
  'mail_smtppassword' => 'xxxxx,
  'updater.release.channel' => 'beta',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => '1',
  'mysql.utf8mb4' => true,
  'app_install_overwrite' => 
  array (
    0 => 'forms',
    1 => 'apporder',
    2 => 'bookmarks_fulltextsearch',
  ),
  'updater.secret' => 'xxxxx',
);

The output of your log in syslog:

Jan 04 23:36:46 XXX nginx[818]: 2020/01/04 23:36:46 [error] 818#818: *83 FastCGI sent in stderr: "PHP message: PHP Warning:  fileperms(): stat failed for /home/nextcloud/nextcloud.log in /var/www/nextcloud/lib/private/Log/File.php on line 83PHP message: {"reqId":"xxx","level":3,"time":"2020-01-04T22:36:46+00:00","remoteAddr":"XXX","user":"--","app":"PHP","method":"GET","url":"/","message":"fileperms(): stat failed for /home/nextcloud/nextcloud.log at /var/www/nextcloud/lib/private/Log/File.php#83","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0","version":"18.0.0.8"}PHP message: {"reqId":"XXX","level":3,"time":"2020-01-04T22:36:46+00:00","remoteAddr":"XXX","user":"--","app":"PHP","method":"GET","url":"/","message":"chmod(): Permission denied at /var/www/nextcloud/lib/private/Log/File.php#84","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0","version":"18.0.0.8"}" while reading upstream, client: XXX, server: XXX request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.sock:", host: "XXX"
Jan 04 23:36:46 XXX nginx[818]: 2020/01/04 23:36:46 [error] 818#818: *83 FastCGI sent in stderr: "PHP message: PHP Warning:  fileperms(): stat failed for /home/nextcloud/nextcloud.log in /var/www/nextcloud/lib/private/Log/File.php on line 83PHP message: {"reqId":"XXX","level":3,"time":"2020-01-04T22:36:46+00:00","remoteAddr":"XXX","user":"--","app":"PHP","method":"GET","url":"/favicon.ico","message":"fileperms(): stat failed for /home/nextcloud/nextcloud.log at /var/www/nextcloud/lib/private/Log/File.php#83","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0","version":"18.0.0.8"}PHP message: {"reqId":"XXX","level":1,"time":"2020-01-04T22:36:46+00:00","remoteAddr":"XXX","user":"--","app":"no app in context","method":"GET","url":"/favicon.ico","message":"Deprecated event type for \\OCP\\Files::preWrite: Symfony\\Component\\EventDispatcher\\GenericEvent","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0","version":"18.0.0.8"}PHP message: PHP Warning:  fileperms(): stat failed for /home/nextcloud/nextcloud.log in /var/www/nextcloud/lib/private/Log/File.php on line 83PHP message: {"reqId":"XXX","level":3,"time":"2020-01-04T22:36:46+00:00","remoteAddr":"XXX","user":"--","app":"PHP","method":"GET","url":"/favicon.ico","message":"fileperms(): stat failed for /home/nextcloud/nextcloud.log at /var/www/nextcloud/lib/private/Log/File.php#83","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0","version":"18.0.0.8"}PHP message: {"reqId":"XXX","level":1,"time":"2020-01-04T22:36:46+00:00","remoteAddr":"XXX","user":"--","app":"no app in context","method":"GET","url":"/favicon.ico","message":"Deprecated event type for \\OCP\\Files::preCreate: Symfony\\Component\\EventDispatcher\\GenericEvent","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0","version":"18.0.0.8"}" while reading response header from upstream, client: XXX
Jan 04 23:36:46 XXX nginx[818]: 2020/01/04 23:36:46 [error] 818#818: *83 FastCGI sent in stderr: "PHP message: PHP Warning:  fileperms(): stat failed for /home/nextcloud/nextcloud.log in /var/www/nextcloud/lib/private/Log/File.php on line 83PHP message: {"reqId":"XXX","level":3,"time":"2020-01-04T22:36:46+00:00","remoteAddr":"XXX","user":"--","app":"PHP","method":"GET","url":"/favicon.ico","message":"fileperms(): stat failed for /home/nextcloud/nextcloud.log at /var/www/nextcloud/lib/private/Log/File.php#83","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0","version":"18.0.0.8"}PHP message: {"reqId":"Xxx","level":3,"time":"2020-01-04T22:36:46+00:00","remoteAddr":"XXX","user":"--","app":"PHP","method":"GET","url":"/favicon.ico","message":"chmod(): Permission denied at /var/www/nextcloud/lib/private/Log/File.php#84","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0","version":"18.0.0.8"}" while reading upstream, client: XXX, server: XXX, request: "GET /favicon.ico HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.sock:", host: "XXX"

Permissions:

drwxr-x--- 14 http http     4096 Jan  4 23:08 nextcloud

ls -l /home
drwxrwx---+  8 http  http   4096 Jan  4 22:20 nextcloud

Php-fpm conf:

cat /etc/php/php-fpm.conf | egrep -v "(^;.*|^$)"
[global]
error_log = syslog
include=/etc/php/php-fpm.d/*.conf

cat /etc/php/php-fpm.d/www.conf
[www]
user = http
group = http
listen = /run/php-fpm/php-fpm.sock
listen.owner = http
listen.group = http
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
request_terminate_timeout = 300
env[PATH] = /usr/local/bin:/usr/bin:/bin
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
sudo systemctl status php-fpm
● php-fpm.service - The PHP FastCGI Process Manager
     Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled)
     Active: active (running) since Sat 2020-01-04 23:52:56 CET; 55s ago
   Main PID: 3321 (php-fpm)
     Status: "Processes active: 0, idle: 2, Requests: 2, slow: 0, Traffic: 0req/sec"
      Tasks: 3 (limit: 9442)
     Memory: 24.2M
     CGroup: /system.slice/php-fpm.service
             ├─3321 php-fpm: master process (/etc/php/php-fpm.conf)
             ├─3331 php-fpm: pool www
             └─3332 php-fpm: pool www

Jan 04 23:52:56 XXX systemd[1]: Starting The PHP FastCGI Process Manager...
Jan 04 23:52:56 XXX php-fpm[3321]: [NOTICE] fpm is running, pid 3321
Jan 04 23:52:56 XXX php-fpm[3321]: [NOTICE] ready to handle connections
Jan 04 23:52:56 XXX systemd[1]: Started The PHP FastCGI Process Manager.
Jan 04 23:52:56 XXX php-fpm[3321]: [NOTICE] systemd monitor interval set to 10000ms


sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
     Active: active (running) since Sat 2020-01-04 23:52:56 CET; 1min 40s ago
    Process: 3327 ExecStart=/usr/bin/nginx -g pid /run/nginx.pid; error_log stderr; (code=exited, status=0/SUCCESS)
   Main PID: 3328 (nginx)
      Tasks: 2 (limit: 9442)
     Memory: 3.0M
     CGroup: /system.slice/nginx.service
             ├─3328 nginx: master process /usr/bin/nginx -g pid /run/nginx.pid; error_log stderr;
             └─3330 nginx: worker process

Jan 04 23:54:10 XXX nginx[3330]: 2020/01/04 23:54:10 [error] 3330#3330: *4 FastCGI sent in stderr: "PHP message: PHP Warning:  fileperms(): stat failed for /home/nextcloud/nextcloud.log in /var/www/nextcloud/lib/private/Log/File.>
Jan 04 23:54:10 XXX nginx[3330]: 2020/01/04 23:54:10 [error] 3330#3330: *4 FastCGI sent in stderr: "PHP message: PHP Warning:  fileperms(): stat failed for /home/nextcloud/nextcloud.log in /var/www/nextcloud/lib/private/Log/File.>
Jan 04 23:54:10 XXX nginx[3330]: 2020/01/04 23:54:10 [error] 3330#3330: *5 FastCGI sent in stderr: "PHP message: PHP Warning:  fileperms(): stat failed for /home/nextcloud/nextcloud.log in /var/www/nextcloud/lib/private/Log/File.>
Jan 04 23:54:10 XXX nginx[3330]: 2020/01/04 23:54:10 [error] 3330#3330: *5 FastCGI sent in stderr: "PHP message: PHP Warning:  fileperms(): stat failed for /home/nextcloud/nextcloud.log in /var/www/nextcloud/lib/private/Log/File.>
Jan 04 23:54:33 XXX nginx[3330]: 2020/01/04 23:54:33 [error] 3330#3330: *9 FastCGI sent in stderr: "PHP message: PHP Warning:  fileperms(): stat failed for /home/nextcloud/nextcloud.log in /var/www/nextcloud/lib/private/Log/File.>
Jan 04 23:54:33 XXX nginx[3330]: 2020/01/04 23:54:33 [error] 3330#3330: *9 FastCGI sent in stderr: "PHP message: PHP Warning:  fileperms(): stat failed for /home/nextcloud/nextcloud.log in /var/www/nextcloud/lib/private/Log/File.>
Jan 04 23:54:33 XXX nginx[3330]: 2020/01/04 23:54:33 [error] 3330#3330: *9 FastCGI sent in stderr: "/3.9.2","version":"18.0.0.8"}" while reading upstream, client: 82.64.193.149, server: XXX, request: "GET /index.php>
Jan 04 23:54:33 XXX nginx[3330]: 2020/01/04 23:54:33 [error] 3330#3330: *8 FastCGI sent in stderr: "PHP message: PHP Warning:  fileperms(): stat failed for /home/nextcloud/nextcloud.log in /var/www/nextcloud/lib/private/Log/File.>
Jan 04 23:54:33 XXX nginx[3330]: 2020/01/04 23:54:33 [error] 3330#3330: *8 FastCGI sent in stderr: "PHP message: PHP Warning:  fileperms(): stat failed for /home/nextcloud/nextcloud.log in /var/www/nextcloud/lib/private/Log/File.>
Jan 04 23:54:33 XXX nginx[3330]: 2020/01/04 23:54:33 [error] 3330#3330: *8 FastCGI sent in stderr: "/3.9.2","version":"18.0.0.8"}" while reading upstream, client: 82.64.193.149, server: XXX request: "GET /index.php>

Solved it, hope it can be usefull to other people:

systemctl edit php-fpm.service

And add the following lines:

[Service]
ProtectHome=tmpfs
BindPaths=/home/nextcloud/
1 Like

Hi @quiwy

Thanks for letting us know what helped. Could you also please explain what these changes do and why they have to be added?

Hi @Schmu,

Sure.

With php 7.4.0 they implemented https://bugs.php.net/bug.php?id=72510 to hardened php-fpm service unit.

The php-fpm systemd service, php-fpm.service, should use be hardened as much as possible against potential attacks. Besides reducing the likelihood of an attack, if php does get compromised, there will be less damage possible.

So these are the new options in the php-fpm systemd unit:

PrivateTmp=true

ProtectHome=true

ProtectSystem=full

PrivateDevices=true

ProtectKernelTunables=true

ProtectControlGroups=true

RestrictNamespaces=true

That’s why in this comment https://bugs.archlinux.org/task/64689#comment184108 they said to add ReadWritePaths to the unit because of the protectSystem set to true.

This parameter mounts the /usr and /boot directories read-only for processes invoked by this unit.

So to keep write access to directories in the /share/webapps folder you hate to explicitly give write access to the folder with ReadWritePhths editing php-fpm service (systemclt edit php-fpm.service). So it should look like this on archlinux (nextcloud is installed in /usr/share/webapps)

[Service]
ReadWritePaths = /usr/share/webapps/nextcloud/data
ReadWritePaths = /usr/share/webapps/nextcloud/apps
ReadWritePaths = /etc/webapps/nextcloud/config/

This pointed me in the good direction to go and look the new systemd unit.

Because my nextcloud install is manual and not via pacman, my data directory is on my /home partition.

So the new option ProtectHome=true was the problem.

As said in the systemd documentation

If true, the directories /home , /root , and /run/user are made inaccessible and empty for processes invoked by this unit.

That’s why my folder /home/nextcloud was not anymore accessible to php-fpm.
To avoid this block, the documentation says you explicitly have to give acces to the home folder.
The way to do it is to give tmpfs parameter and give the path with BindPaths.

The value " tmpfs " is useful to hide home directories not relevant to the processes invoked by the unit, while still allowing necessary directories to be made visible when listed in BindPaths= or BindReadOnlyPaths= .

That’s why my new systemd unit looks like this to give access to the /home/nextcloud folder.

[Service]
ProtectHome=tmpfs
BindPaths=/home/nextcloud/

Systemd documentation used: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
I hope everything is understandable :slight_smile:

So the problem was not nextcloud 18.0.0 RC1 but update to php7.4, shoud I change the title of the post?

4 Likes

Thank you very much for this very good explanation! I learned a lot from that :slight_smile:
A change of the title sounds good. Maybe
“[NC18] Problem to access data folder after upgrade to php 7.4”?

1 Like

I had this same problem on a fresh NC18 install on php-fpm 7.4 only after I added in config/config.php the code necessary to connect to and external object storage:

  'objectstore' => 
  array (
    'class' => 'OC\\Files\\ObjectStore\\Swift',
    'arguments' => 
    array (
      'autocreate' => true,
      'user' => 
      array (
        'name' => '*****',
        'password' => '*******',
        'domain' => 
        array (
          'name' => 'Default',
        ),
      ),
      'scope' => 
      array (
        'project' => 
        array (
          'name' => '*******',
          'domain' => 
          array (
            'name' => 'Default',
          ),
        ),
      ),
      'tenantName' => '*******',
      'serviceName' => 'swift',
      'region' => 'GRA',
      'bucket' => 'mybucket',
      'url' => 'https://auth.cloud.ovh.net/v3',
    ),
  ),

any suggestion?

PHP is the most popular programming language for developing the website. For instant support related to the AOL Desktop Gold Not Responding please contact our team for instant help.