Nexctcloud-aio-nextcloud container not starting - permission issue

twaananen · February 24, 2023, 1:48am

The logs on the container are just a loop of this:

+ '[' -f /dev-dri-group-was-added ']'
+ set +x
Configuring Redis as session handler...
Setting php max children...
The www-data user doesn't seem to have access rights in the datadir.
Most likely are the files located on a drive that does not follow linux permissions.
Please adjust the permissions like mentioned below.
The found permissions are:
33:0 750
(userID:groupID permissions)
but they should be:
33:0 750
(userID:groupID permissions)

My system is fresh and up to date Ubuntu 22.04.
I use mergerfs to tie multiple hard drives into a single mount point.

I’m attempting the install with docker compose, using a datadir on the host. That datadir points to a mergerfs mounted directory with the correct permissions (33:0 750) which the nextcloud installation created.

The mergerfs people seem pretty certain that these kind of issues are no their cause because the permissions are handled by the kernel.

Another test with installing a standalone nextcloud docker, it worked if I pointed it to the underlying disk mount, but not when I pointed it at the mergerfs mount. Mounted directories inside the container showed d??? as the permissions for the bind mounted volumes.

Has anyone come across this or any idea what’s causing this?
Many people seem to be running this setup just fine, but somehow I just can’t. I’ve been trying for at least a week now.

KarlF12 · February 24, 2023, 3:07am

Doesn’t that show that this mergefs is probably the issue?

I have seen some cases where an odd filesystem (like when people put it on a CIFS mount) caused issues, even if the permissions appeared to be valid.

twaananen · February 24, 2023, 7:30am

That’s what i thought also, but they seem to be really adamant about this on the mergerfs side.
And on the other hand, I do have multiple other containers using bind mounts to the same mergerfs filesystem and successfully working with files.
So maybe there is something on the nextcloud side after all.

Or maybe there is just some configuration that have not been documented or I’ve missed on either side.

szaimen · February 24, 2023, 9:45am

Hi, can you check that your merger fs is not mounted as read only on your host?

twaananen · February 24, 2023, 1:23pm

I think its read-write as writing to it from other containers and host works.
Here is my mergefs line in fstab:
/mnt/disk* /mnt/storage fuse.mergerfs defaults,nonempty,allow_other,use_ino,cache.files=partial,moveonenospc=true,dropcacheonclose=true,minfreespace=10G,fsname=mergerfs 0 0

twaananen · February 25, 2023, 12:04pm

I had the thought that maybe having my system partition as btrfs filesystem was the problem so I reinstalled Ubuntu 22.04 with ext4 filesystem, installed docker from docker repository, setup mergerfs again, but all of that fixed nothing.

I also added override for docker service to start only after the mount has completed.

# /etc/systemd/system/docker.service.d/override.conf
[Unit]
After=mnt-storage.mount
Requires=mnt-storage.mount

I duplicated the nextcloud-aio-nextcloud container with portainer to look into it.
At root user everything looked allright, but as www-data user things look messed up.
As root I ran

stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR"
33:0 750

Then I ran the same as www-data user

sudo -u www-data stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR"
stat: cannot stat '/mnt/ncdata': No such file or directory

Then I ran ls -la as www-data

sudo -u www-data ls -la /mnt
ls: cannot access '/mnt/ncdata': No such file or directory
total 8
drwxr-xr-x 1 root root 4096 Feb 17 11:36 .
drwxr-xr-x 1 root root 4096 Feb 25 11:17 ..
d????????? ? ?    ?       ?            ? ncdata

Looks like it sees the folder per se, but doesn’t understand it?

id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data),33(www-data)

Odd that www-data has the www-data group twice.

cat /etc/passwd | grep www-data
www-data:x:33:33:Linux User,,,:/home/www-data:/sbin/nologin

The same thing on the host:

cat /etc/passwd | grep www-data
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin

To my understanding the uid and guid are what should matter here or is there something else?

twaananen · February 25, 2023, 3:11pm

Eh, I tried mounting the mergerfs mount on another image and the same happens with the www-data user. But I still don’t understand what the underlying permission issue is.

docker run --rm -it -v /mnt/storage/nextcloud-data/:/mnt/data -u 33 ubuntu:20.04
www-data@c09e46564e05:/$ ls -la /mnt/
ls: cannot access '/mnt/data': No such file or directory
total 8
drwxr-xr-x 1 root root 4096 Feb 25 14:56 .
drwxr-xr-x 1 root root 4096 Feb 25 14:56 ..
d????????? ? ?    ?       ?            ? data

szaimen · March 3, 2023, 1:42pm

Possibly this helps?

twaananen · March 3, 2023, 2:20pm

Hi, I was able to fix the issue by changing the permissions of the parent folders of the nextcloud bind mount on the host. So my device mount directories underlying the mergefs mount had too restrictive 700 permissions (not sure why). I changed them to 755 or 775 and the issue went away.