[solved] Occ commands are not running

74cmonty · October 8, 2018, 4:28pm

Nextcloud version (eg, 12.0.2): 14.0.1
Operating system and version (eg, Ubuntu 17.04): Alpine Linux 3.8
Apache or nginx version (eg, Apache 2.4.25): Nginx 1.14.0
PHP version (eg, 7.1): 7.2.10

The issue you are facing:
I want to run occ command to set Nextcloud in maintenance mode:
su nginx -c "php occ maintenance:mode --on"

However validating the config-file config.php shows that the command was not successfull:

ct114-devcloud:/# tail /var/www/nextcloud/config/config.php
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.gmail.com',
  'mail_smtpport' => '587',
  'maintenance' => false,
);

I checked if occ commands are generally working w/o success:

ct114-devcloud:/# su nginx -c 'php /var/www/nextcloud/occ status'
ct114-devcloud:/# su nginx -c 'php /var/www/nextcloud/occ -h'
ct114-devcloud:/#

Is this the first time you’ve seen this error? (Y/N): Y

The output of your Nextcloud log in Admin > Logging:

<no relevant entries>

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'datadirectory' => '/var/lib/nextcloud/data',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/usr/share/webapps/nextcloud/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/lib/nextcloud/apps',
      'url' => '/apps-appstore',
      'writable' => true,
    ),
  ),
  'updatechecker' => false,
  'check_for_working_htaccess' => false,
  'installed' => true,
  'instanceid' => 'ocsd5hfatsje',
  'trusted_domains' =>
  array (
    0 => 'devcloud.domain.lan',
  ),
  'dbtype' => 'mysql',
  'version' => '14.0.1.1',
  'overwrite.cli.url' => 'https://devcloud.domain.lan',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'enable_previews' => false,
  'mail_from_address' => 'admin',
  'mail_smtpmode' => 'smtp',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_domain' => 'devcloud.domain.lan',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.gmail.com',
  'mail_smtpport' => '587',
  'mail_smtpsecure' => 'tls',
  'maintenance' => false,
);

How can I debug the occ commands to identify the root cause?

THX

eehmke · October 8, 2018, 6:26pm

So is nginx the owner of path
/path/to/nextcloud

? Do the occ commands not tell some error? Try instead

sudo -u nginx php occ maintenance:mode --on

74cmonty · October 9, 2018, 10:28am

The owner of /path/to/nextcloud is: root.www-data

ct117-nextcloud:~# ls -l /usr/share/webapps/
total 4
drwxr-x--- 15 root www-data 4096 Oct  5 20:18 nextcloud

This it recommended setting of Nextcloud documented here.

The current permissions of /path/to/nextcloud/occ are:
-rwxr-x--x 1 root www-data 283 Sep 27 14:08 occ

This means that group www-data is allowed to execute occ.
And nginx is member of www-data:

ct117-nextcloud:~# id nginx
uid=101(nginx) gid=102(nginx) groups=102(nginx),82(www-data),102(nginx)

eehmke · October 10, 2018, 10:44am

Did you anyway try to run the command as www-data? That’s what I do all the time.
sudo -u www-data php occ maintenance:mode --on

MeiRos · October 10, 2018, 7:59pm

It’s recommended for NC9.
You should not change permissions anymore.

https://github.com/nextcloud/documentation/pull/431

74cmonty · October 12, 2018, 8:41am

But then I depend on the permission configuration defined by package provider.
Therefore my question:
What is the NC recommendation regarding permissions?

74cmonty · October 12, 2018, 9:17am

Please note this:
I don’t use sudo.

To my best knowledge the HTTP user is: nginx.
Why do I think this?
Because

ct114-devcloud:/home# cat /etc/php7/php-fpm.d/www.conf | grep user
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
user = nginx

ct114-devcloud:/home# cat /etc/nginx/nginx.conf | grep user
user nginx;

ct114-devcloud:/home# ps -ef | grep nginx
  494 root      0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
  497 nginx     0:00 nginx: worker process
  633 nginx     0:05 {php-fpm7} php-fpm: pool www
 1430 nginx     0:02 {php-fpm7} php-fpm: pool www
11526 nginx     0:00 {php-fpm7} php-fpm: pool www
11549 root      0:00 grep nginx

74cmonty · October 12, 2018, 10:04am

Installing package “sudo” solved the issue.

compumatter · August 13, 2022, 6:06pm

This is indeed the answser for me. Over the years sudo -u www-data php occ maintenance… was required. However, when installing Version 23, it failed with no return errors. Simply removing the “-u www-data” caused it to work perfectly

bb77 · August 14, 2022, 9:17am

If you remove the -u www-data part on a standard linux distribution like Ubuntu, Debian etc… you are going to run the command as root, which you shouldn’t do. The occ command should always be executed in the context of the user of the web server. So unless you are logged in to the system as the web server user, which you shouldn’t do either, you should always add -u www-data, httpd, nginx, apache or whatever the name of the webserver user happens to be on your system.

The only exeptions to this rule I can think of, are web-hosting platforms with CLI access or maybe if you are using any appliances or things like the Snap package, that usually provide their own custom scripts to manage Nextcloud.