New occ line installation success but receiving "directory is readable by other users" error

Hi,

Apologies in advance as I’m new to nextCloud and may not use proper terminology, etc. Similarly, please let me know if I can provide additional information.

I’m Attempting to install nextcloud on a Ubuntu apache web server, and then point the data directory to shared network location stored on a Synology NAS shared folder. I’ve followed instruction of installation guide for occ line installation. The installation states that it was successful in the terminal. However, when I navigate to http://localhost/nextcloud, I receive the following error message "
Error
Your data directory is readable by other users
Please change the permissions to 0770 so that the directory cannot be listed by other users.
"
I’ve tried following the instructions found here, but neither of the solutions have resolved the issue.

Does anyone have any suggestions for what the problem might be and how I can resolve it? I’m at a loss of where investigate/troubleshoot.

Thank you

Could you paste the output of your /etc/fstab, you can just paste the part pertaining to your NAS drive.

The /etc/fstab entry for the NAS shared folder is below:
IPADDRESS:/volume1/nextCloudData /media/ncShare/ ntfs-3g quiet,defaults,permissions,locale=en_US.utf8

What I’m attempting to do is mount the /volume1/nextCloudData folder in the NAS and mount to local folder /media/ncShare.

If this isn’t what you requested, please elaborate.

So in your NC config file, where is the data directory pointing to? I presume /media/ncShare ?

Correct,
from nextcloud/config/config.php
‘datadirectory’ => ‘/media/ncShare’,

What is the output of ls -la /media/ncShare ? Does the permissions actually resemble 0770 is what I am wondering.

There is some definite strangeness happening to this. I rebooted and was periodically given an error that the nfs was no longer accessible on reboot. After repeated attempts I was able to remount in terminal only (fstab was no longer working) using the following command:
mount -t nfs IPADDRESS:/volume1/nextCloudData /media/ncShare/

with that mounted and running ls -la /media/ncShare/ I get following output:
drwxrwxrwx 1 root root 144 Sep 3 00:45 .
drwxr-xr-x 4 root root 4096 Sep 2 23:12 …
drwxrwxrwx 1 1029 users 18 Sep 3 00:45 appdata_octz043ij6jv
-rwxrwxrwx 1 1029 users 324 Sep 3 00:44 .htaccess
-rwxrwxrwx 1 1029 users 0 Sep 3 00:44 index.html
drwxrwxrwx 1 1029 users 10 Sep 3 00:44 ncAdmin
-rwxrwxrwx 1 1029 users 8546 Sep 3 01:26 nextcloud.log
-rwxrwxrwx 1 1029 users 0 Sep 3 00:44 .ocdata

After remount and I run following, permissions seem to change.
sudo chown -R www-data:www-data /media/ncShare/

ls -la /media/ncShare/
total 20
drwxrwxrwx 1 www-data www-data 144 Sep 3 00:45 .
drwxr-xr-x 4 root root 4096 Sep 2 23:12 …
drwxrwxrwx 1 www-data www-data 18 Sep 3 00:45 appdata_octz043ij6jv
-rwxrwxrwx 1 www-data www-data 324 Sep 3 00:44 .htaccess
-rwxrwxrwx 1 www-data www-data 0 Sep 3 00:44 index.html
drwxrwxrwx 1 www-data www-data 10 Sep 3 00:44 ncAdmin
-rwxrwxrwx 1 www-data www-data 8546 Sep 3 01:26 nextcloud.log
-rwxrwxrwx 1 www-data www-data 0 Sep 3 00:44 .ocdata

However, the error I receive when loading localhost/nextcloud has changed to below:
Internal Server Error
"
The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the server log.
"

Update following code produces error below:
sudo mount IPADDRESS:/volume1/nextCloudData/ /media/ncShare/
sudo chown -R www-data:www-data /var/www/html/nextcloud/
sudo chown -R www-data:www-data /media/ncShare/
sudo chmod 0770 -R /media/ncShare/
sudo -u www-data php occ maintenance:install --database “mysql” --database-name “nextcloud” --database-user “ncUser” --database-pass “pw” --admin-user “ncAdmin” --admin-pass “pw” --database-host “IPADDRESS:PORT” --data-dir “/media/ncShare/”

error = “Can’t create or write into the data directory /media/ncShare/”

Anyone have any guidance for what might be going on here? I’m stuck.

If you only do those commands, not the chmod 0770 one, and then try to write something there as apache/www-data, what happens?

Maybe try this solution as well?

Thank you for your help.

  1. I’ve tried restarting the machine, and running the commands as you have above. When I try to load nextcloud, I now receive the following error:
    Internal Server Error
    "
    The server encountered an internal error and was unable to complete your request.
    Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
    More details can be found in the server log.
    "
    Opening up the nextcloud.log, I see an entry of:
    {“reqId”:“I4sMD8yNOUnIzAFcJhwl”,“level”:3,“time”:“2018-09-03T16:49:34+00:00”,“remoteAddr”:“127.0.0.1”,“user”:"–",“app”:“PHP”,“method”:“GET”,“url”:"/nextcloud/index.php",“message”:“chmod(): Operation not permitted at /var/www/html/nextcloud/lib/private/legacy/util.php#1007”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0”,“version”:“13.0.5.2”}

  2. after doing the ```
    sudo chown -R yourname:www-data /media/ncShare
    sudo chmod -R g+s /media/ncShare

commands the error message changes on page load, 
"
Error
    Your data directory is not writable
    Permissions can usually be fixed by giving the webserver write access to the root directory. See https://docs.nextcloud.com/server/13/go.php?to=admin-dir_permissions.
"

I’ve decided to try a new reinstall. I get the same permissions error on /media/ncShare, but now it’s happening when attempting to install.

entry in Fstab = IPADDRESS:/volume1/nextCloudData /media/ncShare nfs auto,noatime,nolock,bg,intr,tcp 0 0

sudo chown -R www-data:www-data /var/www/html/nextcloud/
sudo chown -R www-data:www-data /media/ncShare/
sudo -u www-data php occ maintenance:install --database “mysql” --database-name “nextcloud” --database-user “user” --database-pass “pq” --admin-user “admin” --admin-pass “pw” --database-host “HOST” --data-dir “/media/ncShare/”

Terminal RESULT:
Nextcloud is not installed - only a limited number of commands are available
Can’t create or write into the data directory /media/ncShare/

Is it possible that this is something to be setup on the NAS side? Or is the fact that it mounts mean that everything is working properly on that end?

I have confirmed that at least part of the issue is/was on the synology NAS side. I have successfully mitigated the ‘can’t create or rwite into the data dictionary’ error I was receiving by changing NFS permissions on the folder in disk station by going to Control Panel > Shared Folder>nextCloudData (shared folder). Click Edit, NFS Permissions, Create permission where SQUASH: = ‘Map All users to root’.

After doing this, I’m able to install nextcloud successfully.

However, when loading in the web browser, I again receive the
Error
Your data directory is readable by other users
Please change the permissions to 0770 so that the directory cannot be listed by other users.

Does anyone know how to set this permission for the nextCloudData folder in Disk Station or through ssh to set the 0770 permission for admin?

I am sorry I cannot be of any more help :pensive: Just a thought, on Thecus you can ssh the machine, then these shared folders are normally mounted under /volumeX/ with the same name you set up in the gui. Most Linux based NAS systems has the limited functionalities like chmod and chown built in. You can do it this way if you want.

NP. I’ve identified the cause but do not have a solution or full understanding of why. A bit of context for others who may happen to have the same problem in the future. I have found a way to test the problem.

SSH/Putty, I run chown and chmod for the guest:users (user:group) on the NAS system. Next in Synology disk station edit Shared FOlder’s permissions with the following:
Set NFS Permission Squash = ‘Map all users to guest’
Set Permissions for Guest user = Custom (checking all administration, read and write check boxes and applying to all folders)
Set permissions for users Group = Read/Write.

When I do this the application works perfectly…for a single sign into nextcloud. For some reason, the permissions on this folder are changed(either by nextcloud or by synology) on logout. Specifically, the ‘Delete’ permission under Write is removed(unchecked) for users group and the Administration check boxes are all removed(unchecked) for the Guest user. If I re-check these, I get another logon’s worth of functionality.

Do you or anyone else know if this is likely Nextcloud or Synology changing the permissions? If the latter, it may mmake more sense for me to post on the Synology forums…

I personally feel this is something synology does. Easy way to test, is to install Nextcloud to a local folder setting the same permissions. If the same happens, it is Nextcloud and we have to troubleshoot some more, but if it works, it must be your DS.

I have confirmed that it is something with either the permissions in Synology NAS or the way the nfs is being mounted. Will continue to investigate and update this thread with result. Thanks again.

I was not of much help, sorry! But I am now curious regarding those permissions. Also, is there a reason you don’t install NC directly onto the NAS?

https://forum.synology.com/enu/viewtopic.php?t=127995

I was thinking performance and security might be better if having a web server in front of the NAS, which would hold the raw data. IDK if you have thoughts about that one way or the other.

Regarding security, I have a friend who hosts a web server directly on his Synology. The Apps/Bundles/whatever-it-is called is well written for DS. I ran Nextcloud on my Thecus for a while, but stopped (for various reasons), mainly due to the little RAM I had in there. So performance wise most of these things like Nextcloud is very lightweight, especially if there is a pre-built app that you can just “enable”. Is this the case with Synology? Or do you physically have to install all the components? Thecus was just an app you enabled, and it installed mysql and php as dependencies by itself. Security wise, whether you have it running directly on the NAS or have something in front of it, if the overall security sucks, it won’t matter. If you mount the drive to DS and something goes bad, data is still gone. So having proper overall security would rather be the thing to look at here.