Nextcloud datafolder permissions

What are the best permissions for the Nextcloud data folder? Mine is 700 for www-data:www-data. -> Read write execute for Webserver User other users don’t have permission to read etc.

Hi

Please be carefule with your premissions

to check that your data safe: https://cloud.DOMAIN.com/apps/files/
you should became an error 403

please check this out: https://docs.nextcloud.com/server/9.0/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions

you can copie the text into a script.sh file and run it with bash script.sh -> That script set all right premission that you need

Hope that can help

1 Like

Yeah. I have run this Skript before. But my Nextcloud root is under /var/www/nextcloud and the data folder is under /home/www-data/nextcloud_data and I just copied the data folder because my server was down for just some time and I had to recover the server. But I didn’t want to loose my data. So I just removed the old folder and replaced with the new one. But I got a few strange errors like Your server is not connected to the internet and I couldn’t upload files. There was a “Forbidden” message. So I just chowned the nextcloud data folder recursively to www-data:www-data. But the permissions were not right I think. Thanks for your comments.

Hi

— sorry for my english :slight_smile: —

That premission can be ok. Because the script set it too.
Did you set ownership like: chown -R www-data:www-data data/ ?

So you can set the premisson like “grouchysysadmin” written.

chmod 0750 /your/data/directory/ -> ( 7|5|0 mean => user: rwx | group: rx | other: - )
w = write / r=read / x=execute / - = no premissions

In your case: chmod 0750 /home/www-data/nextcloud_data/
maybe you have to set the same premission to every subdirectory.
find /home/www-data/nextcloud_data/ -type d -print0 | xargs -0 chmod 0750
And every file in the data folder
find /home/www-data/nextcloud_data/ -type f -print0 | xargs -0 chmod 0640
-> exept: .htaccess
chown root:www-data .htaccess
chmod 0644 .htaccess
to check: ls -la -> should get like: -rw-r–r-- root www-data .htaccess


It could be, that you have to set another config into the config.php:

  • Path: /var/www/nextcloud/config/config.php
  • Edit: ‘datadirectory’ => ‘/home/www-data/nextcloud_data/’,

scan all files to base: sudo -u www-data php -f /var/www/html/nextcloud/console.php files:scan --all


or with cron: crontab -e -u www-data
file scan 04:00 AM:
( * 4 * * * php -f /var/www/html/nextcloud/console.php files:scan --all ) -> without '( )'
cronjob for nextcloud - every 15 minutes:
( */15 * * * * php -f /var/www/html/nextcloud/cron.php ) -> without ‘( )’

Hope that can help

3 Likes

Thanks very much for your answer. I’ve set it like this now. :wink: and I do get a 403.

Good afternoon everybody.

I use this post because is similar to my question but can be changed if you feel it for a new one.

First question:

  1. is it just me that can not find the ‘Setting strong directory permissions’ on admin installation manual versions higher of 9.0 or it is nested somewhere else? I’ve checked the 11, 11.0, 12, 12.0 versions with no success.

  2. if this is not listed anymore does it means it is wrong/obsolete/ not required anymore?

  3. I have the data directory on a NAS which I mount on the linux server as follow:
    ‘drwxr-x— 2 www-data www-data 0 Jul 21 22:07 next/’ accordingly to the directory permission suggestion find on 9.0 admin guide. I do not use the External storage app. Do you know if and how I can change owner and permissions to the .htaccess file in the next/ directory?

Thanks a lot

I run:
ubuntu 16.4
nextcloud 12.0.0

@gipsea you are right on nr 2 - we don’t recommend setting these permissions as it has caused more issues than it increases security. If an attacker can replace files with the rights of the web server, you’re in big trouble anyway.

I suggest to stick to default permissions. Nextcloud will automatically set them to ‘600’ upon running the update script.