Permission issues with Docker installation (unable to write/read/edit, can delete)

Please start from this post – thanks!


Hi

Using the below docker-compose.yml

[...]
  nextcloud-app:
    image: nextcloud:latest
    container_name: nextcloud-app
    restart: unless-stopped
    networks:
      - nextcloud-net
    ports: ["8080:80"]
    environment:
      - MYSQL_HOST=host
      - MYSQL_DATABASE=database
      - MYSQL_USER=user
      - MYSQL_PASSWORD=password
    volumes:
      - /media/x/F/nextcloud/html:/var/www/html
    depends_on:
      - nextcloud-db
[...]

I have a dedicated /media/x/F/nextcloud/html:/var/www/html folder on a different HDD.

/nextcloud/html is owned by www-data:

ls -al /media/x/F/nextcloud/html/
total 184
drwxrwxrwx 15 www-data root  4096 Jun 12 13:52 .
drwxrwxrwx  3 www-data x     4096 Jun 12 13:52 ..
drwxrwxrwx 43 www-data root  4096 Jun 12 13:52 3rdparty
drwxrwxrwx 48 www-data root  4096 Jun 12 13:52 apps
-rwxrwxrwx  1 www-data root 19327 Jun 12 13:52 AUTHORS
drwxrwxrwx  2 www-data root  4096 Jun 12 14:08 config
-rwxrwxrwx  1 www-data root  3924 Jun 12 13:52 console.php
-rwxrwxrwx  1 www-data root 34520 Jun 12 13:52 COPYING
drwxrwxrwx 22 www-data root  4096 Jun 12 13:52 core
-rwxrwxrwx  1 www-data root  6260 Jun 12 13:52 cron.php
drwxrwxrwx  4 www-data root  4096 Jun 12 14:22 custom_apps
drwxrwxrwx  5 www-data root  4096 Jun 12 14:21 data
drwxrwxrwx  2 www-data root 12288 Jun 12 13:52 dist
-rwxrwxrwx  1 www-data root  4387 Jun 12 14:08 .htaccess
-rwxrwxrwx  1 www-data root   156 Jun 12 13:52 index.html
-rwxrwxrwx  1 www-data root  3456 Jun 12 13:52 index.php
drwxrwxrwx  6 www-data root  4096 Jun 12 13:52 lib
-rwxrwxrwx  1 www-data root   283 Jun 12 13:52 occ
drwxrwxrwx  2 www-data root  4096 Jun 12 13:52 ocm-provider
drwxrwxrwx  2 www-data root  4096 Jun 12 13:52 ocs
drwxrwxrwx  2 www-data root  4096 Jun 12 13:52 ocs-provider
-rwxrwxrwx  1 www-data root  3139 Jun 12 13:52 public.php
-rwxrwxrwx  1 www-data root  5340 Jun 12 13:52 remote.php
drwxrwxrwx  4 www-data root  4096 Jun 12 13:52 resources
-rwxrwxrwx  1 www-data root    26 Jun 12 13:52 robots.txt
-rwxrwxrwx  1 www-data root  2452 Jun 12 13:52 status.php
drwxrwxrwx  3 www-data root  4096 Jun 12 13:52 themes
-rwxrwxrwx  1 www-data root   101 Jun 12 13:52 .user.ini
-rwxrwxrwx  1 www-data root   382 Jun 12 13:52 version.php

I have executed sudo chown -R www-data:www-data nextcloud/ and sudo chmod -R 770 nextcloud/ on the host. Additionally, id www-data on the host gives 33. This matches what is in the container. Further, in the container, sudo docker exec nextcloud-app ls -al /var/www/html gives

total 184
drwxrwxrwx 15 www-data root  4096 Jun 12 11:52 .
drwxrwxr-x  1 www-data root  4096 Jun 10 03:31 ..
-rwxrwxrwx  1 www-data root  4387 Jun 12 12:08 .htaccess
-rwxrwxrwx  1 www-data root   101 Jun 12 11:52 .user.ini
drwxrwxrwx 43 www-data root  4096 Jun 12 11:52 3rdparty
-rwxrwxrwx  1 www-data root 19327 Jun 12 11:52 AUTHORS
-rwxrwxrwx  1 www-data root 34520 Jun 12 11:52 COPYING
drwxrwxrwx 48 www-data root  4096 Jun 12 11:52 apps
drwxrwxrwx  2 www-data root  4096 Jun 12 12:08 config
-rwxrwxrwx  1 www-data root  3924 Jun 12 11:52 console.php
drwxrwxrwx 22 www-data root  4096 Jun 12 11:52 core
-rwxrwxrwx  1 www-data root  6260 Jun 12 11:52 cron.php
drwxrwxrwx  4 www-data root  4096 Jun 12 12:22 custom_apps
drwxrwxrwx  5 www-data root  4096 Jun 12 12:21 data
drwxrwxrwx  2 www-data root 12288 Jun 12 11:52 dist
-rwxrwxrwx  1 www-data root   156 Jun 12 11:52 index.html
-rwxrwxrwx  1 www-data root  3456 Jun 12 11:52 index.php
drwxrwxrwx  6 www-data root  4096 Jun 12 11:52 lib
-rwxrwxrwx  1 www-data root   283 Jun 12 11:52 occ
drwxrwxrwx  2 www-data root  4096 Jun 12 11:52 ocm-provider
drwxrwxrwx  2 www-data root  4096 Jun 12 11:52 ocs
drwxrwxrwx  2 www-data root  4096 Jun 12 11:52 ocs-provider
-rwxrwxrwx  1 www-data root  3139 Jun 12 11:52 public.php
-rwxrwxrwx  1 www-data root  5340 Jun 12 11:52 remote.php
drwxrwxrwx  4 www-data root  4096 Jun 12 11:52 resources
-rwxrwxrwx  1 www-data root    26 Jun 12 11:52 robots.txt
-rwxrwxrwx  1 www-data root  2452 Jun 12 11:52 status.php
drwxrwxrwx  3 www-data root  4096 Jun 12 11:52 themes
-rwxrwxrwx  1 www-data root   382 Jun 12 11:52 version.php

As far as I can tell, this should be OK, yet I am unable to upload, view, or edit files. I can delete.

Attempting to upload a file via the interface gives “Operation is blocked by access control”. Checking logs, I get multiple errors reporting no such file or directory at /var/www/html/lib/private/Files/Storage/Local.php#395. I clearly have issues with the permissions, but I am not actually sure what I need to do.

Any guidance would be much appreciated.

Thanks!

Additional information which might be helpful:

The host is running Ubuntu 22.04.

The ext4 drive is mounted with options rw,nosuid,nodev,relatime,errors=remount-ro.

Thanks!

Friendly bump.

Friendly bump.

@uxb3 looks like your problem not very clear and you need to troubleshoot it your own :frowning:
I can give you one hint: my system (and what I aware of) - works fine once files and folder owned by www-data:ww-data (33:33) which is not the case for your system. after running

this must be right, but is not the case according to your listing… umask is wrong as well it should be 0750 and not 0777… I’m not sure if this could be a reason… after reviewing your initial post multiple times I don’t see any obvious fault… so I recommend you to start with more simple config e.g. don’t place your data folder on another drive - try a folder in your home directory - maybe there is something wrong with existing mount point…

just for the reference correct permissions can be set with (root inside container - adopt the path in the host)

chown -R www-data:www-data /var/www/html
chmod -R 0750 /var/www/html

Thanks for your response!

I can confirm that www-data has id 33 on both the host and the container.

I did this just now (connected to the container using sudo docker exec -it nextcloud-app bash) and ran the commands.

Thank you for confirming this; I feel as though I am going insane.

Also, just a follow-up on this.

  • Attempting to view a file yields Connection failed, reconnecting.
  • Attempting to upload a file yields Forbidden.
  • Attempting to view a PDF yields Unexpected server response.

… deleting files works.

did you check if the commend was successful? if this is the case your files must have changed:

drwxr-xr-x 15 www-data www-data 4096 Jun 12 11:52 .
drwxr-xr-x 1 www-data www-data 4096 Jun 10 03:31 …
-rw-r----- 1 www-data www-data 4387 Jun 12 12:08 .htaccess
-rw-r----- 1 www-data www-data 101 Jun 12 11:52 .user.ini
drwxr-xr-x 43 www-data www-data 4096 Jun 12 11:52 3rdparty
…

if not something prevents you from changing user rights… again - I can’t confirm this is an issue but could be a root cause of your problem.

Correct.

I now have the current output:

root@06d4e39b4cf1:~# ls -al /var/www/html
total 188
drwxr-x--- 15 www-data www-data  4096 Jun 12 11:52 .
drwxrwxr-x  1 www-data root      4096 Jun 17 19:39 ..
-rwxr-x---  1 www-data www-data  4387 Jun 12 12:08 .htaccess
-rwxr-x---  1 www-data www-data   101 Jun 12 11:52 .user.ini
drwxr-x--- 43 www-data www-data  4096 Jun 12 11:52 3rdparty
-rwxr-x---  1 www-data www-data 19327 Jun 12 11:52 AUTHORS
-rwxr-x---  1 www-data www-data 34520 Jun 12 11:52 COPYING
drwxr-x--- 48 www-data www-data  4096 Jun 12 11:52 apps
drwxr-x---  2 www-data www-data  4096 Jun 12 12:08 config
-rwxr-x---  1 www-data www-data  3924 Jun 12 11:52 console.php
drwxr-x--- 22 www-data www-data  4096 Jun 12 11:52 core
-rwxr-x---  1 www-data www-data  6260 Jun 12 11:52 cron.php
drwxr-x---  6 www-data www-data  4096 Jun 17 19:38 custom_apps
drwxr-x---  5 www-data www-data  4096 Jun 14 21:58 data
drwxr-x---  2 www-data www-data 12288 Jun 12 11:52 dist
-rwxr-x---  1 www-data www-data   156 Jun 12 11:52 index.html
-rwxr-x---  1 www-data www-data  3456 Jun 12 11:52 index.php
drwxr-x---  6 www-data www-data  4096 Jun 12 11:52 lib
-rwxr-x---  1 www-data www-data   283 Jun 12 11:52 occ
drwxr-x---  2 www-data www-data  4096 Jun 12 11:52 ocm-provider
drwxr-x---  2 www-data www-data  4096 Jun 12 11:52 ocs
drwxr-x---  2 www-data www-data  4096 Jun 12 11:52 ocs-provider
-rwxr-x---  1 www-data www-data  3139 Jun 12 11:52 public.php
-rwxr-x---  1 www-data www-data  5340 Jun 12 11:52 remote.php
drwxr-x---  4 www-data www-data  4096 Jun 12 11:52 resources
-rwxr-x---  1 www-data www-data    26 Jun 12 11:52 robots.txt
-rwxr-x---  1 www-data www-data  2452 Jun 12 11:52 status.php
drwxr-x---  3 www-data www-data  4096 Jun 12 11:52 themes
-rwxr-x---  1 www-data www-data   382 Jun 12 11:52 version.php

The same issue persist.

Attempting to upload a file gives the Forbidden message.

Any and all assistance on this issue is much appreciated, thank you!

do you see the “Forbidden” message on the browser?
is there something useful in the server log?
Maybe you ht some silly logical issue like exceeded quota?

I have plenty of space left; no issues with the quota. This is a new installation.

There is nothing useful in the server log beyond what is quoted in the OP.

looks you are confident everything is right… likely you don’t need any help.

And yet… This is not what I see when I look at the directory listing.

What format is this other hard drive?

Hi Willi — I very much appreciate your assistance and willingness to help.

I am, unfortunately, still facing issues.

Consequently, I am re-doing the entire installation from scratch.

Hi Karl

Thanks for your reply.

It is EXT4.

@wwe and @KarlF12:

Could you please confirm that everything looks OK in this docker-compose?

services:
  nextcloud-db:
    image: mariadb:latest
    container_name: nextcloud-mysql
    restart: unless-stopped
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - ./nextcloud-mysql/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=<pass>
      - MYSQL_PASSWORD=<pass>
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_LOG_CONSOLE=true
    networks:
      - nextcloud-net

  nextcloud-app:
    image: nextcloud:latest
    container_name: nextcloud-app
    restart: unless-stopped
    networks:
      - nextcloud-net
    ports: ["8080:80"]
    environment:
      - MYSQL_HOST=nextcloud-db
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=<pass>
    volumes:
      - /media/uxb3/F/nextcloud/:/var/www/html
    depends_on:
      - nextcloud-db

networks:
  nextcloud-net:

I have not created /media/uxb3/F/nextcloud/ yet.

Compose file ok to me, except that you really should have redis also, or you may have file locking issues.

Just as a test, could you try putting the docker mount point on your root volume instead of this external drive and see if it works? Could be an issue with the way this external drive is mounted.

I have updated as follows:

services:
  nextcloud-db:
    image: mariadb:latest
    container_name: nextcloud-mysql
    restart: unless-stopped
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - ./nextcloud-mysql/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=<pass>
      - MYSQL_PASSWORD=<pass>
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_LOG_CONSOLE=true
    networks:
      - nextcloud-net

  nextcloud-redis:
    image: redis:latest
    restart: unless-stopped
    container_name: nextcloud-redis
    volumes:
      - ./nextcloud-redis:/data
    networks:
      - nextcloud-net

  nextcloud-app:
    image: nextcloud:latest
    container_name: nextcloud-app
    restart: unless-stopped
    networks:
      - nextcloud-net
    ports: ["8080:80"]
    environment:
      - MYSQL_HOST=nextcloud-db
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=<pass>
    volumes:
      - /media/uxb3/F/nextcloud/:/var/www/html
    depends_on:
      - nextcloud-db
      - nextcloud-redis

networks:
  nextcloud-net:

Should be OK?

Sure, I will give that a go.