I have Nextcloud running via apache/postgres in Docker, and recently upgraded from 12 to 21. I’m now migrating from apache to php-fpm/nginx. The volumes are mapped from the host, so once I understood how it was supposed to work, it went pretty well and performance is great.
The problem I ran into was that some of the files apparently didn’t have the correct permissions.
This was without declaring a user in my docker-compose file, which I’m now accomplishing by using nginx-unprivileged. Before I bring this into production, I’d really like to know:
What should be the permissions, owner, and group of files in /var/www/html/?
Is there an occ command I can run? A bash script? Or just a recursive chmod/chown like my current kludge?
Sorry for the delay, I’ve finally had a chance to get back to this upgrade task.
I tried the script, and it doesn’t seem to help. I noticed two problems right away:
/var/www/nextcloud doesn’t exist, probably because this is a docker install.
sudo doesn’t exist, also because this is docker
Also, this changes owner and group of the data files, which are all already www-data:www-data. The files that are giving me permission issues are in apps/, core/, etc.
It looks like all of my install’s “app” directories currently have group root. Changing their group to www-data doesn’t resolve the problem. The directories also need to be world-executable, and the files inside them need to be world-readable. This suggests that the problem is probably related to the user being used for each container, so I tried changing the group to 101 for every directory in apps/. (101 is the gid of nginx in my nginx container serving the static files.) This appears to have resolved the permission errors for apps/, and the same change resolves the permission errors for core/.
nginx is the default user for the standard non-root nginx container, and www-data doesn’t already exist. Is it okay to assign the group for all directories (besides the data directory) to 101? Could this break NextCloud? Could it introduce security problems?
I can’t be the only person trying to run NextCloud using nginx and php-fpm docker containers without running the containers as root. Is there an official way I’ve not yet discovered? How is everyone else doing this?