I have setup Nextcloud on an Ubuntu server 16.04.3, with Nginx and Redis as cache. And MariaDB as database.
I also have data folder placed outside the Nextcloud folder, but I have recently discovered something alarming in my view.
For some reason, the data folder, where all my user’s data are stored, is written as root?
Isn’t that supposed to be written as www-data?
So, when my users and myself, upload new files and folders, they get created as root.
I have looked through all my setup guides, but haven’t found any indicators for what could be misconfigured.
I have also gone through several google searches, but without luck.
Can anyone help me with this? Or is it supposed to be the root that manages the Nextcloud data?
You are right, your php processes should normally run as non-root user like www-data. In most setups and most default configurations, this should be the default solution (it should be difficult to change this to root). I’d start with you php-fpm-configuration.
I did a little searching around the php-fpm-configuration and can confirm the config file, says www-data as user.
However, when I do an: ps aux | grep php command, I get this output:
I did a little more reading about the master process being root.
Some posts online say that this is not something I should be worried about, but when the files in my Nextcloud data folder is being written as root, I worry.
And down in the bottem, where it says “Finish the Installation in your Web Browser” it creates the data folder and talks about nginx is the one that needs access using the www-data account.
Could it be nginx thats running as root?
The master process of apache2 is also running as root, where there are 4 sub processes running as www-data. If I change some folder permissions to root, I get errors. So this should be totally fine. How did you check that data is accessed/written as root? Did you check to limit write permissions of some other test file/folder and try to access, e.g. of apps folder and try to install some new app?
Thanks for the response.
When I do a ls -la command in the nginx folder I got and output showing that me nextloud configuration was indeed www-data as user and group. But right below, I have the nextcloud-data folder, where the user and group are root.
Do I did a test, shutdown php and nginx, did a chown -R back to www-data on the nextcloud-data folder, then started Nextcloud and php again.
Then, from the web interface of my non-admin Nextcloud account, I created a new test folder.
Then from my SSH console, I navigated to, /usr/share/nginx/nextcloud-data/Frands/files and did an ls -l and can now see that the new folder is created as root.
Here you can see the folder: Ny Mappe is created as root.
The same happens, when I create new files.
And since you can also create files inside this folder, nextcloud here definitely uses root user, as no one else has permissions to do this.
I do not use nginx and have no right clue how this could happen. But for further help please provide your nginx and also php config files. As you already stated at the beginning, this is alarming and we should find out how it could happen and e.g. provide some warning on nextcloud admin panel e.g. in case.
Your Nextcloud/webserver/… should never be able to create folder/files with the owner “root” and permissions for root! This means that (at least) one of your applications used with Nextcloud has root permissions!!! That is not good at all!
In my opinion It is not a Nextcloud problem on your machine. I think you messed up with something general on your server! For example you did wrong configurations (e.g. init, process management, cron, …) with some application you use! I definitely recommend you to fix this! And I would say that you have to go deeper, because I think it is not a Nextcloud problem, but a problem which only shows its symptoms in nextcloud!
Thanks for the reply.
The thought of reinstalling the system had crossed my mind a couple of times, to see if I could replicate the problem. Your post confirms that. I am going to make a clean install and see what happens.
However I will keep the current server snapshot so I can troubleshoot on it in the future.
Thanks for all the help. I will post an update on this thread when I have news.
I have found the cause of the problem.
I am using an NFS mounted share on the data folder, so I can run backup jobs of the data on my Synology.
Turns out I was mounting the NFS all wrong and that caused the root permissions when something needed to be stored in the data folder.
Thank you all for your help.
sorry to reopen the thread, but would you be so kind to elaborate your solution. Having the exact same problem and was wondering what you meant with “mounting the nfs all wrong”.
