Suddenly my NextcloudPI (1.24.0) stopped working, probably after an auto-update being applied. This is actually a docker image running on an OMV4, running atop a RasPi4. “Stopped working” here means: database down, apache down, redis down, php down, so no access via the web at all.
When I tried to trouble-shoot the issue, I ran into the following:
root@558aaa988200:~# whoami
root
root@558aaa988200:~# cd /usr/local/bin/
root@558aaa988200:/usr/local/bin# ls
freedns.sh ncp ncp-check-version ncp-dist-upgrade ncp-provisioning.sh ncp-scan ncp-update noip2
nc-previews ncp-backup ncp-config ncp-notify-unattended-upgrade ncp-report ncp-suggestions ncp-update-nc
ncc ncp-check-updates ncp-diag ncp-notify-update ncp-restore ncp-test-updates nextcloud-domain.sh
root@558aaa988200:/usr/local/bin# ls -l ncp-report
-rwxr-xr-x 1 root root 1917 Mar 26 2020 ncp-report
root@558aaa988200:/usr/local/bin# ./ncp-report
bash: ./ncp-report: Permission denied
Same happens for all the scripts there. I could run ncp-report via bash (i.e. bash ncp-report) and saw that all major services (db, apache etc.) were down. I was able to start all services manually via /etc/init.d/ scripts and could then also see (after logging in) in the admin console that nc-check is giving an okay.
However, I still can’t trigger a backup or an upgrade because of the shown permission issue. I also see the following in the container logs (after triggering a restart of the image in OMV), which looks like I still have an issue:
/run-parts.sh: line 6: /etc/services-enabled.d/020nextcloud: Permission denied
/run-parts.sh: line 6: /etc/services-enabled.d/010lamp: Permission denied
/run-parts.sh: line 6: /etc/services-enabled.d/000ncp: Permission denied
/run-parts.sh: line 42: /etc/services-enabled.d/000ncp: Permission denied
/run-parts.sh: line 47: /etc/services-enabled.d/010lamp: Permission denied
/run-parts.sh: line 47: /etc/services-enabled.d/020nextcloud: Permission denied
I was suspecting an issue with mount options, but I don’t see a “no exec” on the root overlay:
root@558aaa988200:~# mount | head -1
overlay on / type overlay (rw,relatime,lowerdir=/var/lib/docker/overlay2/l/5RRL7ASEWQKYQFNHDHQGAH235J:/var/lib/docker/overlay2/l/B5ZDXA4W54I3PZMBXP76OLC4N3:/var/lib/docker/overlay2/l/G5SSIFEKMQJNKXC2XWR6WSACBA:/var/lib/docker/overlay2/l/LILDXKG6FBYAMXLW2Y2JZYJJBN:/var/lib/docker/overlay2/l/3GFMCRZGT3NMV2SM6PIDFEBLB4:/var/lib/docker/overlay2/l/T3ZZNN2DQ5W47DXRWJWE2W7PDC
Update
I just recognized that apparently the relevant directories are on /data, which is mounted no-exec:
root@558aaa988200:/usr/local/bin# df .
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda1 477753232 451312800 2102256 100% /data
root@558aaa988200:/usr/local/bin# mount | grep data
/dev/sda1 on /data type ext4 (rw,noexec,relatime,discard,stripe=8191,jqfmt=vfsv0,usrjquota=aquota.user,grpjquota=aquota.group)
Has maybe changed something here and what would be the appropriate corrective action to take?
Thanks in advance,
Holger
What is also unclear to me is why is this mounted as noexec in the first place? I don’t even see any entries in /etc/fstab, so it’s not obvious to me where to look next.