Set the right permissions for SSH-user on hosted webspace

Hey everybody,

Nextcloud version: 18.0.4
Operating system and version: Gentoo Linux 5.4.57
Apache: 2.4.46
PHP version : 7.4.8

The issue you are facing:
I’ve set up a Nextcloud instance on a hosted webspace (www.manitu.de) using the “one click install”. That worked great. Now I’d like to update the Nextcloud instance and make a backup before hand. Unfortunately, my SSH-user (root_max) is missing the appropriate permissions. This is from within my nextcloud installation directory:

    root_max@ngcobalt321 /home/sites/site100019964/web/nextcloud $ ls -al
    total 164
    drwxrws--- 14 site100019964 site100019964  4096 29. Aug  00:08 .
    drwsrws---  4 site100019964 site100019964  4096 27. Aug  19:29 ..
    -rw-rw----  1 site100019964 site100019964  2629 27. Aug  19:44 .htaccess
    -rw-rw----  1 site100019964 site100019964   101 22. Apr  21:23 .user.ini
    drwxrws--- 33 site100019964 site100019964  4096 22. Apr  21:29 3rdparty
    -rw-rw----  1 site100019964 site100019964 15752 22. Apr  21:23 AUTHORS
    -rw-rw----  1 site100019964 site100019964 34520 22. Apr  21:23 COPYING
    drwxrws--- 49 site100019964 site100019964  4096 28. Aug  20:05 apps
    drwxrws---  2 site100019964 site100019964  4096 27. Aug  19:44 config
    -rw-rw----  1 site100019964 site100019964  3910 22. Apr  21:23 console.php
    drwxrws--- 23 site100019964 site100019964  4096 22. Apr  21:29 core
    -rw-rw----  1 site100019964 site100019964  5048 22. Apr  21:24 cron.php
    drwxrws--- 10 site100019964 site100019964  4096 28. Aug  22:53 data
    -rw-rw----  1 site100019964 site100019964   156 22. Apr  21:24 index.html
    -rw-rw----  1 site100019964 site100019964  2976 22. Apr  21:24 index.php
    drwxrws---  6 site100019964 site100019964  4096 22. Apr  21:24 lib
    -rw-rw----  1 site100019964 site100019964   283 22. Apr  21:24 occ
    drwxrws---  2 site100019964 site100019964  4096 22. Apr  21:24 ocm-provider
    drwxrws---  2 site100019964 site100019964  4096 22. Apr  21:24 ocs
    drwxrws---  2 site100019964 site100019964  4096 22. Apr  21:24 ocs-provider
    -rw-rw----  1 site100019964 site100019964  3056 22. Apr  21:24 public.php
    -rw-rw----  1 site100019964 site100019964  5235 22. Apr  21:24 remote.php
    drwxrws---  4 site100019964 site100019964  4096 22. Apr  21:24 resources
    -rw-rw----  1 site100019964 site100019964    26 22. Apr  21:24 robots.txt
    -rw-rw----  1 site100019964 site100019964  2381 22. Apr  21:24 status.php
    drwxrws---  3 site100019964 site100019964  4096 22. Apr  21:24 themes
    drwxrws---  2 site100019964 site100019964  4096 22. Apr  21:25 updater
    -rw-rw----  1 site100019964 site100019964   362 22. Apr  21:29 version.php

When I’m trying to turn the maintenance mode on

php occ maintenance:mode --on

I’m getting an error message complaining that the write permissions are missing. I’m not aware of having the password to the user site100019964. But all admin users are part of the group site100019964:

getent group site100019964 
site100019964:x:100019964:admin,u56913,root_max

I’m unsure how I should proceed. Should the group site100019964 (all admin users are part of) get the needed write permissions or would that be a bad idea from a security stand point?

Is this the first time you’ve seen this error?: Y

The output of your Nextcloud log in Admin > Logging:

empty -> Looks like the logging is disabled (see config.php below). Seems like a strange setting to me. I'll have to look into the logging details to find out what I'd like to have here.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'Removed',
  'passwordsalt' => 'Removed',
  'secret' => 'Removed',
  'trusted_domains' => 
  array (
    0 => 'cloud.removed.de',
  ),
  'datadirectory' => '/home/sites/site100019964/web/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '18.0.4.2',
  'integrity.check.disabled' => true,
  'default_language' => 'de',
  'default_locale' => 'de',
  'trashbin_retention_obligation' => 'auto, 30',
  'version_retention_obligation' => 'auto, 30',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'log_type' => 'file',
  'logfile' => '/dev/null',
  'overwrite.cli.url' => 'https://removed.de',
  'dbname' => 'db53286',
  'dbhost' => 'mysql07.manitu.net',
  'dbport' => '',
  'dbtableprefix' => 'nc_9348_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'u53286',
  'dbpassword' => 'Removed',
  'installed' => true,
  'maintenance' => false,
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'no-reply',
  'mail_domain' => 'removed.de',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtphost' => 'mail.manitu.de',
  'mail_smtpport' => '465',
  'mail_smtpsecure' => 'ssl',
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'nextcloud@removed.de',
  'mail_smtppassword' => 'Removed',
);

I’m looking forward to your help! :slight_smile:

M4x

Can you use “site100019964” instead of root_max? Use “sudo -u site100019964 -s” ?

Not that I’m aware of. I’ve written an e-mail to the support. I’m expecting them to answer tomorrow.

Regards
M4x

This is how I’ve to work around the problem I’ve described at the start:

It’s possible to change the ownership of files / folders from within the web interface of the administrator (siteadmin). Therefore I’ve to change the ownership of the nextcloud folder to a user I’ve full access to, do what I’d like to do (use occ, turn maintenance mode on / off, create a backup, restore from a backup, …) and change the ownership back to the webserver user (site100019964 in my case).

Another way would be to use cronjobs. I’ll look into that one regarding automatic backups.

Thank you very much!
Max