The Basics
- Nextcloud Server version (e.g., 29.x.x):
32.0.1
- Operating system and version (e.g., Ubuntu 24.04):
Debian GNU/Linux 13.1 (trixie)
- Web server and version (e.g, Apache 2.4.25):
Server version: Apache/2.4.65 (Debian)
Server built: 2025-07-29T17:52:31
- Reverse proxy and version _(e.g. nginx 1.27.2)
nginx version: openresty/1.27.1.1
- PHP version (e.g, 8.3):
PHP 8.3.27 (cli) (built: Oct 24 2025 19:16:28) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.27, Copyright (c) Zend Technologies
with Zend OPcache v8.3.27, Copyright (c), by Zend Technologies
- Is this the first time you’ve seen this error? (Yes / No):
Yes, its been there since then
- When did this problem seem to first start?
idk, whenever I first installed it, been there forever
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
podman commands (container)
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
Yes, but this has nothing to do with the issue itself
Summary of the issue you are facing:
Context:
- I have a raspberry-pi server running Debian (Raspberry-pi OS, doesn’t matter)
- main Linux “default” user is named server-user
- am running Nextcloud inside of the PODMAN CONTAINER
- Nextcloud podman container has the following mounts/folder mappings:
-v {$PWD}/container_share/nextcloud/html:/var/www/html
-v {$PWD}/container_share/nextcloud/data:/var/www/html/data
-v {$PWD}/container_share/nextcloud/config:/var/www/html/config
-v {$PWD}/container_share/nextcloud/nx-share:/var/www/nx-share
-v {$PWD}/container_share/media:/var/www/media-share
-v /media/server-user/extend256:/extend256
- When the Nextcloud conatiner writes files to the filesystem, they apper (on the host system) as though they are owned by a user ID 100032 + GID 100032. Exact output for one example file that has been uploaded through nextcloud client:
-rw-r--r-- 1 100032 100032 5755776 Oct 29 10:36 PXL_20251029_083636954.jpg
Same file, but from within the container looks like this:
-rw-r--r-- 1 www-data www-data 5755776 Oct 29 08:36 PXL_20251029_083636954.jpg
- www-data user has ID 33 inside of the container
The issue here is:
- that when I write a file to this share ON A HOST it is owned by server-user (ID 1000 GID 1000) which creates a permission conflict whenever I try to edit/delete files that have been created on the host via a web server (typically on my android phone).
My task is:
- to make files created BY THE CONTAINER (via the Nextcloud’s web interface) appear as though they are owned NOT by the user ID 100032 (which doesn’t even exist on the host system), but server-user (ID 1000 GID 1000) to avoid perm conflicts.
Steps to replicate it (hint: details matter!):
-
Install Nextcloud server app inside of the podman container.
-
Connect external storage to the server.
-
Create a file on this external storage via Nextcloud a web interface.
-
Create a file on disk using the OS methods (either touch or via GUI
File > New). -
Try to edit/delete file/folder that has been created BY THE MEANS OF THE HOST OS ITSELF via Nextcloud web interface (or an Android/iOS app, it is irrelevant).
-
Witness error that has something to do with the denial of permissions (I don’t remember its exact text).
Configuration
Nextcloud
The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):
{
"system": {
"htaccess.RewriteBase": "\/",
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"overwriteprotocol": "https",
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"upgrade.disable-web": true,
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"***REMOVED SENSITIVE VALUE***",
"192.168.1.102"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "32.0.1.2",
"overwrite.cli.url": "https:\/\/localhost",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"allow_web_updater": true,
"loglevel": 2,
"maintenance": false,
"filelocking.enabled": false
}
}
Apps
The output of occ app:list (if possible).
Enabled:
- activity: 5.0.0-dev.0
- app_api: 32.0.0
- bruteforcesettings: 5.0.0-dev.0
- calendar: 6.0.2
- circles: 32.0.0
- cloud_federation_api: 1.16.0
- comments: 1.22.0
- contactsinteraction: 1.13.1
- dashboard: 7.12.0
- dav: 1.34.2
- deck: 1.16.0
- federatedfilesharing: 1.22.0
- federation: 1.22.0
- files: 2.4.0
- files_downloadlimit: 5.0.0-dev.0
- files_external: 1.24.0
- files_pdfviewer: 5.0.0-dev.0
- files_reminders: 1.5.0
- files_sharing: 1.24.0
- files_trashbin: 1.22.0
- files_versions: 1.25.0
- firstrunwizard: 5.0.0-dev.0
- integration_giphy: 2.1.0
- logreader: 5.0.0-dev.0
- lookup_server_connector: 1.20.0
- news: 27.0.1
- nextcloud_announcements: 4.0.0-dev.0
- notes: 4.12.3
- notifications: 5.0.0-dev.0
- oauth2: 1.20.0
- password_policy: 4.0.0-dev.0
- photos: 5.0.0-dev.1
- privacy: 4.0.0-dev.0
- profile: 1.1.0
- provisioning_api: 1.22.0
- recognize: 10.0.4
- recommendations: 5.0.0-dev.0
- related_resources: 3.0.0-dev.0
- serverinfo: 4.0.0-dev.0
- settings: 1.15.1
- sharebymail: 1.22.0
- support: 4.0.0-dev.0
- survey_client: 4.0.0-dev.0
- systemtags: 1.22.0
- text: 6.0.1
- theming: 2.7.0
- twofactor_backupcodes: 1.21.0
- updatenotification: 1.22.0
- user_status: 1.12.0
- viewer: 5.0.0-dev.0
- weather_status: 1.12.0
- webhook_listeners: 1.3.0
- workflowengine: 2.14.0
Disabled:
- admin_audit: 1.22.0
- encryption: 2.20.0
- suspicious_login: 10.0.0-dev.0
- twofactor_nextcloud_notification: 6.0.0-dev.0
- twofactor_totp: 14.0.0
- user_ldap: 1.23.0