Permissions of Nextloud files (access from other systems)

Sorry for reviving an old thread, but I have a very similar problem.
I am almost certain its because I don’t understand correctly, but I do need to figure out how I get myself out of this mess.
I have:

  • Several NFS Shared Directories originating from OMV
    • For access to Proxmox VMs, like backup engines for example
    • Specifically for nfs mounts within NextCloud /media/nextcloud/
  • These SAME Directories are also SMB Shared to allow me access via windows

In general, all files are:

-rw-rw-r-- 1 [my user name]:users

All folders are:

drwxrwsr-x 2 [my user name]:users

My Requirement

  • I wish for new NextCloud originating files to be editable from other sources.
  • I wish for new NextCloud originating files to be deletable from other sources.

The problem:

  • Nextcloud saves all files as -rw-r–r-- 1 www-data www-data . This is giving me a headache as it wont allow modification or deletion from ‘other’ sources. Its the same for folders: drwxr-sr-x

Is there a way to at least allow NextCloud to save new files with my username? (Or the users group)? This will solve my problem
I tried adding myself [my username] to the www-data group. This isn’t working due to the default -rw- r-- r-- … Is there a way to set this to -rw- rw- r-- by default ?(this is what happens on the SMB side for newly created files)

I also investigated WebDAV. Non Starter… Rathole… Not going there. NextCloud actually does a decent job of spotting NFS sync issues (assuming this is due to its regular cron scans)

hi @fredu I split your question into new topic - as you recognize correctly there is no value in reviwing old topics especially when you have specific unrelated problem.

There is no way change the owner of the files created by Nextcloud - this always the user account of the webserver process (www-data is most common afaik). You should not directly temper with files stored in Nextcloud storage. “It’s best access files stored in Nextcloud through official interface e.g. WebDAV so the application can keep track of changes and offer functions like trashbin and versions. If you temper with Nextcloud’s storage the system might behave unexpected and data loss might occur.

As long you only desire read access take a look at Linux ACL (search for getfacl/setfacl command). I strongly recommend to avoid write access on NC storage as the system is not designed to share the storage with others…

Thanks @wwe . Seems my usecase is very rare unfortunately. its a shame I can’t figure out a way of gaining access to all my media for example directly through something like NextCloud.
I guess its no bother to just disable SMB access to protect writes outside of NC. I just need to be very careful not to spin up VMs (that have access to the NFS Shares) that write stuff in that space (I have several unfortunately; my doorbell for example writes files daily)
Perhaps I am overthinking this

I would like to backup the files that I sync between devices using NC and all the photos that I store on my home server and I access from personal computers / phones using the NC apps photos and Memories and the web interface as well.

Since all of that is on a single USB 4TB drive and I got a 5TB lifetime license of the zero-knowledge open source service Internxt, I’d like to backup files there as well to achieve 3-2-1 backups.

  • They, on one hand, offer a syncthing service, which I don’t use, since I already us my NC server for that (and I know I shouldn’t (and I don’t want to) interfere with the NC sync).

  • But they also offer a backup service for whatever folders you select that supposedly doesn’t modify your local files: you would only upload changes to the server.

I therefore wanted to backup the folders that NC manages, but instead of the rsync option to yet another drive (I already clone that drive to another one, from time to time), I’d like to upload/backup to the internxt servers (so that I have some backup outside my house).

But I get permissions errors for the folders that are owned by NC under the user www-data. The permissions are set like this:

  • Folders: drwxr-xr-x - www-data
  • Files: .rw-r--r-- www-data

Shouldn’t that be enough to be accessed from another app just to upload(read and open directories)? Or what should I do to achieve it?

I’m not too worried about the documents/files that I sync through NC between my different computers, since it’d be very unlikely that the all fail at the same time, but all the photos/videos that I store on the server me and my family only access through NC web interface and mobile apps… that’s what really worries me!

You may need to add your username to the www-data group (or the username that you are using to access this content )
On NC, there is a www-data user as well as a www-data group
Did you try that?

Yes, I did try adding my user to the www-data group, but that didn’t do it (I logged out and back in after, even rebooted). Sorry I forgot to mention it.

(The backup service app is run under the regular user)

Please copy the command and the error or a screenshot into this thread. You may also be able to perform the backup directly as www-data, e.g. with
sudo -u www-data ...

Okey, I will. Thank you.

I did also try running the app as www-data user like that, and I remembered it failed launching (not on the following syncthing part, but on the open) due to permissions errors of the app itself.

I will provide screenshots and also the log of the app (which I tried to read and it had a few lines about the drive containing those files/folders but nothing that I really considered more info relevant to the permission issues that the GUI of the app warns about).

Right now is backing app all my camera videos / RAW photos that I don’t sync using NC and the backup works, but it’s 2,5TB and didn’t finish, so I don’t want to kill the app right now.

I’ll answer back when I can do the tests and provide the logs/errors. THANKS!

Unfortunately, I have not yet fully understood how you make the backup. But I would either backup the folders within the Nextcloud client (e.g. Windows) or the Nextcloud directory structure (e.g. /path/to/nextcloud/data). In addition, you only have to upload that data to your Nextcloud what you need in your Nextcloud (e.g. to work or sharing). RAW images really don’t belong there.

I have a personal server where I have:

  • Data managed by nextcloud that I sync between devices using the nextcloud client app for desktops (my laptop and deskotp have all that data; and my girlfriend laptop has part of that data). That is in at least 3 devices (server, desktop, laptop) and therefore I don’t worry that much about loosing. But it be nice nonetheless to be able to back it up somewhere else (in case, you know, fire or flood or what ever, since those devices reside at the same home; or ramsomware, since it is all identical sync).

  • Then my RAWs photos and video files (I do a lot of photography and “film making”) that are not synchronized with nextcloud, because it is just RAW unprocessed data to save there. I can it backup to the internxt servers so it is fine.

  • 3rd: my big problem: All those thousands and thousands of RAW photos and videos mentioned, get edited/processed (usually with darktable and Davinci Resolve), and some get exported as new edited files. But those are still too many to be synchronized with my laptops/desktop/mobile client devices. But I like to be able to access them whenever I want, show them to friends, share them with family, etc, and do that with a nice interface, etc. For that I use the nextcloud photos and memories client apps and web interface.

    That is really my more precious data, “the good ones”, and the data that I can’t back up to a cloud service (zero knowledge) outside my home because of the www-data owning/permissions that NC server needs to manage them.

That last part is what I can’t backup right now, and that is really the most important.