Nextcloud version (eg, 20.0.5): 20.0.5
Operating system and version (eg, Ubuntu 20.04): Raspbian GNU/Linux 10 (buster)
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.38
PHP version (eg, 7.4): 7.3.19-1
Hello,
I have a rather generic question. Quite a long time ago I set up Nextcloud on my RaspberryPi, using a separate directory for Nextcloud data: /nextcloudfiles (i.e. subfolder in root).
In there I see one sub-folder per user, as well as some log files. They’er all owned by www-data:www-data with drwxr-xr-x (755) permissions.
Now, doing something else I just realised this, and wondered if it’s OK that the ‘other’ users and groups on the system have access? I mean, in theory nobody but me should have access to those, as there’s no ‘normal’ users and I followed other security instructions in the NC documentation.
But still - would it be better to change the existing permissions and update the umask settings in apache (to 027) to cover future files & directories?
Here I saw that (quite some years ago) the default permissions would be set to 600 when updating. Is that still true? If so, and given that my permissions are different, should I correct this?
Hi @glotzbach,
if you want to have more security, set the folder permission to 770 or 700( the owner and the group are the same ) the other user cannot have access to the data although they have permission on the file because they haven’t permissions on the parent folder.
hi @rodinux, this is not a real issue unless you have a permissions problem.
The current permissions are good
the x is for execute a file but you can’t execute a pdf file
you can change the permissions but you must let the nextcloud user as a group or user of files and folder and let read and write permissions (rw) for the user or group on it.
For going forward: Nextcloud creates folders and files with the default permissions on the system, obeying the umask setting mentioned in the first post. The yunohost packagers may have changed the way they run Nextcloud and inadvertently changed that setting too. I see those user folders alternate back and forth between the two permissons settings, so I’d have to assume they did so multiple times, or else something else on your system did.
If you’re concerned about what’s there (or plan on giving SSH access to someone that shouldn’t have access to these users’ folders), then you can change the permissions with chmod. Don’t take my word for it, but I think sudo chmod -R o-a /home/yunohost.app/nextcloud/data is the right command for your setup.