[SOLVED] External storage access suddenly denied

ℹ️ Support
#1

Nextcloud version (eg, 12.0.2): 13.0.3
Operating system and version (eg, Ubuntu 17.04): Ubuntu 16.0.4 LTS
Apache or nginx version (eg, Apache 2.4.25): don’t know
PHP version (eg, 7.1): 7.0.3

The issue you are facing:
I’ve configured an external storage (secondary HDD) to host all NC data. The volume is mounted as /media/diskext/data/nc. This location should be shared between all users. I’ve experienced a weird loop:

  • Copied some files directly via FTP as the overall weight looked too big for browser drag&drop
  • These files were visible with the FTP client, with the browser when logged as NC admin but not when logged as NC user!
  • Changed the access rights on all subfolders by chown -R nc_admin:nc_group /media/diskext/data/nc/ + chmod -R 0750 /media/diskext/data/nc

Now, trying to enter the shared storage from a user OR admin login returns “This operation is forbidden”!

Probably a system access rights, but can’t see where…

Is this the first time you’ve seen this error? (Y/N): Yes

#2

Hi,
perhaps the user running your webserver (apache?) needs acces to the folders…

regards
/bkpfast

#3

Thanks bkfast!

This is what I suspected but:

  1. if I log as user (I’m both the admin and a standard user), then I have full access to the external storage and can upload/download files seamlessly!
  2. if I log as another user (any colleague who has exactly the same rights than me), nextCloud prevents me from even accessing the storage!

I may safely suppose that Apache has the same behavior whether I log as Jean-Luc or Christophe, may I?

By the way, here’s one more clue: I’m running Plesk on my server, which adds a layer to the admin of the domains. Plesk indicates the username for NC is “ncadmin” and normally requests that ownership of the files is given to ncadmin:psacln, hence the chown command. Would you advise to change the ownership to ncadmin:www-data?

Thanks in advance for any advice.

#4

Finally tried to chown ncadmin:www-data but to no avail… I’m a bit lost now… :wink:

#5

HI all,

Any chance to get a clue on this issue? By the way, how can I determine which user/group is used by NC to run when logged as any user? I’m not really a Linux expert… :wink:

Thanks in advance for any help!

#6

Finally found that a rule was set up, preventing access to anyone out of my group… :frowning: Sorry for the disturbance, but file access rules are not that intuitive in nextCloud. Hence my other post on simple access rights mapping! :slight_smile:

Thanks to all!