*Solved* Temp folder permissions changes from time to time

I’m using Nextcloud 11.0.2 with Nginx 1.12.0 and PHP FPM 7.1.4 on Arch Linux. Also the Nextcloud App (version 2.17) on iOS.

Problem: from time to time the permissions on the “tmp” folder gets modified but I’ve no idea why.

In the Nextcloud log I see then many errors like:

{“reqId”:“WOxJrqhyAUr4+w5fT51z”,“remoteAddr”:“62.158.144.27”,“app”:“no app in context”,“message”:“Temporary directory /srv/http/www-u02042017/tmp is not present or writable”,“level”:2,“time”:“2017-04-22T17:06:01+00:00”,“method”:“GET”,“url”:"/ocs/v1.php/apps/files_sharing/api/v1/shares",“user”:"–",“version”:“11.0.2.7”}

Then, the permissions looks like:

drwxr-x— 15 www-u02042017 http 4096 Apr 22 10:53 data
drwxr-x— 5 www-u02042017 http 4096 Apr 22 10:54 datadir
drwxr-xr-x 2 root root 4096 Apr 22 09:39 logs
drwxr-x— 2 http http 4096 Apr 22 18:41 tmp

Normally, the folder “tmp” should have the same permissions as the “data” and “datadir” folder:

drwxr-x— 2 www-u02042017 http 4096 Apr 22 18:41 tmp

When I set the permissions back to “user:webserveruser” instead of “webserveruser:webserveruser”, these permissions gets changed frequently.

PHP-FPM is configured like:

user = www-u02042017
group = www-u02042017
listen.owner = http
listen.group = http

Permissions on the folders are set like:

drwxr-x— 15 www-u02042017 http 4096 Apr 22 10:53 data
drwxr-x— 5 www-u02042017 http 4096 Apr 22 10:54 datadir
drwxr-xr-x 2 root root 4096 Apr 22 09:39 logs
drwxr-x— 2 www-u02042017 http 4096 Apr 22 18:41 tmp

But, after a while, the permissions gets changed to

drwxr-x— 2 http http 4096 Apr 22 18:41 tmp

Why can this happen? There’s no cron job or else which change the permissions, ENV is correctly set and normally, everything works fine. How can I track down the cause for this? Is Nextcloud running a job for setting permissions?

Thank you.

Daniel

OK, this is not a Nextcloud related problem :slight_smile:
Today, after I’ve updated PHP-FPM and restarted all service, the owner was again http:http instead of user:http.

The owner has changed after the restart of PHP-FPM. So it seem that, for any reason, the TMP folder in the Nextcloud dir gets used as global/system temp and the permissions gets changed.

I’ve never seen this before but I’ll look into it. Thank you.

Found the problem…

When you set “client_body_temp_path” as documented in the Nextcloud docs (https://docs.nextcloud.com/server/11/admin_manual/configuration_files/big_file_upload_configuration.html), it seems that Nginx sets permissions for this directory if it is not owned by the webserver user.

This folder should not be the same like the session temp dir.

Hi,
what do you mean by
"This folder should not be the same like the session temp dir."

How have you fixed the problem?
Thank you.

Hi,

I’ve accidentally set the Nginx “client_body_temp_path” variable to the same folder as the PHP upload tmp dir (upload_tmp_dir).

I use a folder structure for the virtual hosts like this:

/srv/http/vhost1
/srv/http/vhost1/data
/srv/http/vhost1/datadir
/srv/http/vhost1/tmp (owner: vhost_user, group http/nginx)
/srv/http/vhost1/logs

The tmp folder (upload_tmp_dir) is owned by the vhost user and the group http (Nginx). But, I’ve also set “client_body_temp_path /srv/http/vhost1/tmp” in my Nextcloud Nginx configuration for this vhost.

When you restart Nginx, then the permissions on this folder gets automatically changed by Nginx to user and group of the Nginx Webserver (http:http, nginx:http…).

That was the reason, why the upload temp folder was no longer writeable by the PHP user.

After I’ve removed “client_body_temp_path” from my Nginx configuration of the Nextcloud vhost, everything was working fine.

So, the solution was, either to use the Nginx default setting for client_body_temp_path or, use another folder which is not already used for PHP session or uploaded temp files.