Permissionsproblem with OCC tool

Hello Community,

I try to install Nextcloud in following configuration.
Nextcloud has a own User (nextcloud) and a own home in /srv/nextcloud.
The Nextcloud User has as default group www-data so that the Webserver can serve the application.
To set the right permissions I use ACL.

  • Default ACL for nextcloud User: rwX
  • Default ACL for www-data group inside /srv/nextcloud: rwX
    → Permissions should be 660 for Files and 775 for directories.

I verify it with a “touch test” and the test file has the right permissions.
So I run the installer with:
php occ maintenance:install
–database sqlite
–admin-user admin
–data-dir /srv/nextcloud/data

(SQLite just for testing)

After I run this and trying the page it has a 500error - so I look into the logfile and it shows that it can’t access the database. The filepermissions of all files that the command created has 640 permissions. I think it is the umask - I try to set a default umask with acl but it’s not working.
I think the problem here is the umask of the php process - but how I can modify it for the (OCC) tool - i like that updates are working as normal in future with this tool. Why has the OCC tool no option to force file permissions or umask for it’s creating files?

Can somebody help me with my problem please?

If you run from command line, there is often a specific php config file, e.g. /etc/phpxy/cli/php.ini.

Well, some prefer more restrict settings, even letting www-data not write certain files/folders, but this isn’t used officially because it’s by default not compatible with the updater-app. There is a check though that you don’t have the 777 permissions in your data folder, but much is left to the user.

The problem is the hardcoded 640 chmod in the occ tool → for example line 251 on server/Config.php at 3a30ac495bd9663ef8233aacc8ce5b21a8adce67 · nextcloud/server · GitHub
So I have no change to do this on that way - I make a extra php-fpm pool for nextcloud so it can run complete with the nextcloud user.