The Basics
- Nextcloud Server version: 33.0.5
- Operating system and version: openSUSE Leap 16.0 (6.12.0-160000.33-default)
- Web server and version: Apache/2.4.66 (Linux/SUSE)
- Reverse proxy and version: Apache/2.4.66 (Linux/SUSE)
- PHP version: PHP 8.4.21
- Is this the first time you’ve noticed this situation? Yes
- When did this problem seem to first start? Nextcloud AIO
- Installation method: AlO
- Are you using CloudfIare, mod_security, or similar? No(?)
Summary of the issue you are facing:
In the Docker instance I notice that userID 33 is used (www-data) which is not (by default) available on openSUSE. Here user wwwrun is used normally with user ID 499:
$ getent passwd | grep www
wwwrun:x:499:498:WWW daemon apache:/var/lib/wwwrun:/usr/sbin/nologin
When logging into the nextcloud-aio-nextcloud container to check the user there I ussue
$ sudo docker exec --user www-data -it $(docker ps | grep nextcloud-aio-nextcloud | awk '{print $1}') bash
$ getent passwd | grep www
www-data:x:33:33::/home/www-data:/sbin/nologin
Steps to replicate (and resolve?) it:
-
Migrate old (pre-AIO) datadir to new AIO instance (/cloud) and notice (after some time or so) that the data dir has owner 33
-
Change ownership of complete datadir with
chown -R 33:33 . * -
To allow somethings outside the docker container with this user also create it as a system user:
useradd -u 33 -M -r -U -s /sbin/nologin -c "Docker NC Web User" www-data -
getent passwd | grep www
wwwrun:x:499:498:WWW daemon apache:/var/lib/wwwrun:/usr/sbin/nologin
www-data:x:33:33:Docker NC Web User:/home/www-data:/sbin/nologin
Questions
Is it sane to manually create a passwordless www-data system user?
Is it really needed at all?
Would it be ok to use a different user (like in my case wwwrun instead of www-data)?
Additional note: afterwards I also ran
$ sudo find /wolk -type f -exec chmod 640 {} \;
$ sudo find /wolk -type d -exec chmod 750 {} \;