Occ lacks execute permission bit

ℹ️ Support
1
Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 29.0.5): 29.0.2
Operating system and version (eg, Ubuntu 29.04): Fedora 39
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.59-2
PHP version (eg, 8.3): 8.2.20

The issue you are facing:
Trying to run “occ” directly leads to permission denied error. Often the admin is encouraged to use the program “occ” and has to find out, that it must be run explicitely with php in front or chmod +x occ is necessary. So please distribute the nextcloud package with occ having execute bits set. It is really weird to me, that this has not been done yet considering how many forum topics are related to this.

Is this the first time you’ve seen this error? (Y/N): N
It is in nextcloud since i use it (several years)

Steps to replicate it:

  1. try to run occ directly like often instructed like this: ./occ

The output of your Nextcloud log in Admin > Logging:

No log entry, cause we don't get that far. Instead as we all know, we see:

./occ: Permission denied.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

this is of no relevance

The output of your Apache/nginx/system log in /var/log/____:

this is neither of any relevance

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

not relevant
2

Hi @afluegel

There are good reasons not to do so.

Normaly one creates aliases for such tasks.

Create a file (if not yet exists) in your user directory

~/.bash_aliases

which is normaly sourced by your bash

(look if the file ~/.bashrc contains this lines:

if [ -f ~/.bash_aliases ]; then
    . ~/.bash_aliases
fi

)

and there you can enter it as an alias or even better (more stable) as a function:

NC_DIR='/var/www/nextcloud'
NC_USER='www-data'
occ() {
    sudo -u $NC_USER -f "$NC_DIR/occ" "$@"
}

If you want to use it right away, you should source it in your actual terminal session:

source ~/.bash_aliases

(it will be sourced in your bash in future automaticaly)

Now you can simply work with “occ” from your terminal.

I created a → 0 configuration wrapper for occ ← which enables you to use occ out of the box, without messing around with user and/or execution bit. It is written for Ubuntu/Debian but if you install the dependencies first, it could be that it works.
I would be hapy to get feedback about that.

These are the dependcies: curl, gnu-gpg, jq and at least php-cli in case you are running Nextcloud All-in-One

Much and good luck,
ernolf

3

So, if you have a look into the documentation, you will find out, that the syntax of the occ-command is:
sudo -u www-data php /path/to-occ/occ <command-parameter>
(if PHP is in the search-path)

So the executable flag never is needed. I Did check the documentation back to Nextcloud 12, where always “php /path/to-occ/occ” is called.

4

If you don’t want people to run e.g. ./occ upgrade
then don’t let your software tell them explicitely to do so.

There are reasons, aha, aha. I would really be interested in reading just one of them, particularly considering, that you are publishing a guidance, how to do it even easier typing occ anywhere. And if someone is interested: i’m running nextcloud as a special user for this, (who is btw not named “www-data”, but “nextcloud” what i consider more intuitive and has no sideeffect in terms of other data may be owned by “www-data” and other processes running as this user, what might interfere and be securty-relevant) and can login, so sudo is never necessary. I consider it an insane direction, that Linux users get used to become unable to imagine, that a command can be run without “sudo” in the beginning.

5

Yes, that guidance does not make use of an execution bit and can only be invoked from within a bash terminal where a user have to login with its ssh key etc.

You are overlooking the fact that nextcloud is set up in many different environments. Docker, Snap, NCP etc. It is a good practice that the files occ or console.php (occ is just a wrapper for console.php) and the updater updater/updater.phar are not packaged with the execution bit set. If you prefer that for your environment, then it is one single line that you have to execute after every update. Since you also do your backup before the update, you will probably have to execute several jobs before and after an update, so just add
chmod +x /path/to/occ
Done. Nobody is stopping you from doing that! It really isn’t a big problem, is it?

Therefore I made it as a variable, the name of the user and the path is different on many systems :wink:

Isn’t it beautiful? Everyone can configure it however they want. There are good reasons for all variants. Keep it up! :+1:

Much and good luck,
ernolf

1 Like