This operation is forbidden - Nextcloud 18.0.3

ℹ️ Support
1
Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version: 18.0.3
Operating system and version (eg, Ubuntu 20.04): Ubuntu 18.04LTS
Apache or nginx version (eg, Apache 2.4.25): nginx 1.14.0
PHP version (eg, 7.1): 7.4

The issue you are facing:

I recently migrated data from an old server to a new one. During my testing, a user reported that they get the “This operation is forbidden” when trying to access certain files that they can access on the old system.

Is this the first time you’ve seen this error? (Y/N): Yes

Steps to replicate it:

  1. Login as non admin user
  2. try to access specific folder
  3. the system throws the error above

The output of your Nextcloud log in Admin > Logging:

OCA\DAV\Connector\Sabre\Exception\Forbidden: No read permissions
/usr/share/nginx/nextcloud/apps/dav/lib/Connector/Sabre/TagsPlugin.php - line 227:
OCA\DAV\Connector\Sabre\Directory->getChildren()
<<closure>>
OCA\DAV\Connector\Sabre\TagsPlugin->handleGetProperties()
/usr/share/nginx/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105:
call_user_func_array()
/usr/share/nginx/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 1059:
Sabre\Event\EventEmitter->emit()
/usr/share/nginx/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 981:
Sabre\DAV\Server->getPropertiesByNode()
/usr/share/nginx/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 1666:
Sabre\DAV\Server->getPropertiesIteratorForPath()
/usr/share/nginx/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 355:
Sabre\DAV\Server->generateMultiStatus()
<<closure>>
Sabre\DAV\CorePlugin->httpPropFind()
/usr/share/nginx/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105:
call_user_func_array()
/usr/share/nginx/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 479:
Sabre\Event\EventEmitter->emit()
/usr/share/nginx/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 254:
Sabre\DAV\Server->invokeMethod()
/usr/share/nginx/nextcloud/apps/dav/lib/Server.php - line 319:
Sabre\DAV\Server->exec()
/usr/share/nginx/nextcloud/apps/dav/appinfo/v2/remote.php - line 35:
OCA\DAV\Server->exec()
/usr/share/nginx/nextcloud/remote.php - line 165:
require_once("/usr/share/ ... p")

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'oc718pd0qmpn',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' => 
  array (
    0 => 'test.nextcloud@domainname',
  ),
  'datadirectory' => '/dev/sdb1/nextcloudfiles',
  'dbtype' => 'mysql',
  'version' => '18.0.3.0',
  'overwrite.cli.url' => 'https://test.nextcloud.domainname',
  'dbname' => 'nextcloud_db',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => '
  'dbpassword' => '
  'mysql.utf8mb4' => true,
  'installed' => true,
  'theme' => '',
  'loglevel' => 2,
  'maintenance' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'updater.secret' => '$2y$10$upUlwozfbHBpooiyh1.JB.Wr2x0tSicCVEeWBpUN9Io54DWx.eche',
);
2

Check file permissions on your file system.

You did not describe how you migrated data.

3

My apologies. I migrated by following the documentation in the administration manual. Basically, I took a dump of the database, rsync’d the files over, and then imported the db on the new system. The last step i took was to run a files:scan --all and here I am.

I am VERY new at Nextcloud administration as our IT Admin recently left so I inherited the duties. Any help, recommendations, or advice would be most welcomed.

Thanks!

Check file permissions on your file system.

The database and the /path/to/nextcloud is owned by www-data.

4

Recursive as well?

To make sure run the following command:

chown -R www-data.www-data /path/to/nextcloud/

What is your OS? Ubuntu? www-data is the user your webserver is running, or?

5

Yes to all. I ran it with -R. My OS is Ubuntu 18.04LTS and the ww-data is the user running the web server. Some additional information I just noticed. The user is not able to access a folder that is in their area. As an admin, i don’t see this folder.

6

There doesn’t seem to be a lot of data available on this particular error so I’m looking for anyone that might have any idea what is causing this. Thank you!

7

Anyone have any ideas? It seems to be related to the shares not coming over from the original nextcloud, but I don’t know what that means or how to troubleshoot that.

8

Really /dev/sdb1/nextcloudfiles and not the mountpoint /nextcloudfiles?

Please post
ls -al /dev/sdb1/nextcloudfiles

Perhaps rescan all files.

9

Here is the output from the command you asked as well as the output from the rescan i did last night. I removed user identifiers for obvious PII concerns.

total 14588
drwxrwx--- 83 www-data www-data     4096 Feb 27 11:45  .
drwxr-xr-x  4 ncadmin  mysql        4096 Apr 21 12:27  ..
drwxr-xr-x  4 www-data www-data     4096 Mar 11  2019  abricking
drwxr-xr-x  7 www-data www-data     4096 Aug  8  2018  Amjed.
drwxr-xr-x 12 www-data www-data     4096 Aug  8  2018  appdata_oc11g2gfpm1j
drwxr-xr-x 11 www-data www-data     4096 Apr 20 12:06  appdata_oc718pd0qmpn
-rw-r-----  1 www-data www-data      461 Mar 26  2019  audit.log
drwxr-xr-x  6 www-data www-data     4096 Dec  9 09:44  barry.
drwxr-xr-x  6 www-data www-data     4096 Aug  8  2018  Brad.
drwxr-xr-x  4 www-data www-data     4096 Mar  6  2019  brandon
drwxr-xr-x  7 www-data www-data     4096 Aug 22  2018  chn-test
drwxr-xr-x  7 www-data www-data     4096 Aug  9  2018  cindy.
drwxr-xr-x  4 www-data www-data     4096 Aug  9  2018  colin.
drwxr-xr-x  6 www-data www-data     4096 Aug  9  2018  col-test
drwxr-xr-x  6 www-data www-data     4096 Aug  9  2018  daniel.
drwxr-xr-x  5 www-data www-data     4096 Sep  3  2019  david.
drwxr-xr-x  7 www-data www-data     4096 Aug  9  2018  david.
drwxr-xr-x  7 www-data www-data     4096 Aug  9  2018  David.
drwxr-xr-x  6 www-data www-data     4096 Aug  9  2018  dawn.
drwxr-xr-x  5 www-data www-data     4096 Aug  9  2018  dev-eng
drwxr-xr-x  6 www-data www-data     4096 Aug  9  2018  dev-test
drwxr-xr-x  6 www-data www-data     4096 Feb 23  2019  eloi.
drwxr-xr-x  4 www-data www-data     4096 Mar  6  2019  Faith.
drwxr-xr-x  2 www-data www-data     4096 Apr 21 13:22  files_external
-rw-r--r--  1 www-data www-data        0 Apr 20 12:06  flow.log
drwxr-xr-x  5 www-data www-data     4096 Dec 30  2018  george.
drwxr-xr-x  5 www-data www-data     4096 May  1  2019  greg.
drwxr-xr-x 23 www-data www-data     4096 Sep 30  2019  __groupfolders
drwxr-xr-x  4 www-data www-data     4096 Sep 24  2018  guicich@
drwxr-xr-x  4 www-data www-data     4096 Oct 17  2019  hguerrero
drwxr-xr-x  4 www-data www-data     4096 Aug  9  2018  hongfei.
-rw-r--r--  1 www-data www-data      324 Mar  5  2019  .htaccess
-rw-r--r--  1 www-data www-data        0 Mar  5  2019  index.html
drwxr-xr-x  4 www-data www-data     4096 Jul 19  2019  issa.
drwxr-xr-x  4 www-data www-data     4096 Aug  1  2019  issa.
drwxr-xr-x  7 www-data www-data     4096 Aug  9  2018  iv3read
drwxr-xr-x  7 www-data www-data     4096 Aug  9  2018  Jeff.
drwxr-xr-x  6 www-data www-data     4096 Aug  9  2019  jegatheesan.
drwxr-xr-x  4 www-data www-data     4096 Aug  9  2018  jim.
drwxr-xr-x  7 www-data www-data     4096 Aug 15  2018  jonathan.
drwxr-xr-x  7 www-data www-data     4096 Aug  9  2018  Jonathan.
drwxr-xr-x  6 www-data www-data     4096 Aug  9  2018  joseph.
drwxr-xr-x  7 www-data www-data     4096 Aug  9  2018  juan.
drwxr-xr-x  6 www-data www-data     4096 May 30  2019  Justin.
drwxr-xr-x  6 www-data www-data     4096 Dec  6  2018  karen
drwxr-xr-x  5 www-data www-data     4096 Aug  9  2018  ken.
drwxr-xr-x  4 www-data www-data     4096 Aug  9  2018  kurt.
drwxr-xr-x  7 www-data www-data     4096 Aug 16  2018  Kyle.
drwxr-xr-x  6 www-data www-data     4096 Nov 19  2018 'Lance
drwxr-xr-x  4 www-data www-data     4096 Aug  1  2019  laura.
drwx------  2 www-data www-data     4096 Aug  8  2018  lost+found
drwxr-xr-x  6 www-data www-data     4096 Jun 15  2019  marcelo-
drwxr-xr-x  7 www-data www-data     4096 Feb  1  2019  Marcelo.
drwxr-xr-x  7 www-data www-data     4096 Mar  8  2019  marisol.
drwxr-xr-x  6 www-data www-data     4096 Oct 12  2018  matias.
drwxr-xr-x  5 www-data www-data     4096 Aug  9  2018  Melanye.
drwxr-xr-x  4 www-data www-data     4096 Sep 26  2018  m
drwxr-xr-x  7 www-data www-data     4096 Nov 29  2018  michael.
drwxr-xr-x  7 www-data www-data     4096 Mar  6  2019  ncadmin
drwxr-xr-x  4 www-data www-data     4096 Apr 20 12:07  ncadmin_225
-rw-r-----  1 www-data www-data  3837664 Apr 23 08:06  nextcloud.log
-rw-r-----  1 www-data www-data 10656280 Feb 27 11:44  nextcloud.log.1
-rw-r--r--  1 www-data www-data        0 Aug  9  2018  .ocdata
drwxr-xr-x  6 www-data www-data     4096 Jan 29  2019  omar.
drwxr-xr-x  4 www-data www-data     4096 Jan  6  2019  omar
drwxr-xr-x  8 www-data www-data     4096 Dec 10  2018  pawel.
drwxr-xr-x  7 www-data www-data     4096 Aug  9  2018  perryn.
drwxr-xr-x  7 www-data www-data     4096 Aug  9  2018  petr.
drwxr-xr-x  4 www-data www-data     4096 Sep 24  2018  ps
drwxr-xr-x  3 www-data www-data     4096 Aug  9  2018  rainloop-storage
drwxr-xr-x  6 www-data www-data     4096 Nov 10  2018  Rick.
drwxr-xr-x  5 www-data www-data     4096 Nov 14 12:01  Ryan.
drwxr-xr-x  7 www-data www-data     4096 Aug  9  2018  Sandra.
drwxr-xr-x  4 www-data www-data     4096 Aug 28  2018  sankrith.
drwxr-xr-x  6 www-data www-data     4096 Aug 28  2018  Sara.
drwxr-xr-x  7 www-data www-data     4096 Oct 31  2018  Satish.
drwxr-xr-x  7 www-data www-data     4096 Aug  9  2018  Scott.
drwxr-xr-x  5 www-data www-data     4096 Mar 21  2019  Sekhar.
drwxr-xr-x  4 www-data www-data     4096 Aug  9  2018  sherif.
drwxr-xr-x  6 www-data www-data     4096 Aug  9  2018  simone.
drwxrwxr-x  2 www-data www-data     4096 Nov 23  2018  sqldata
drwxr-xr-x  4 www-data www-data     4096 Aug  9  2018  steven
drwxr-xr-x  4 www-data www-data     4096 Aug  9  2018  susan.
drwxr-xr-x  6 www-data www-data     4096 Aug  9  2018  teststation1
drwxr-xr-x  6 www-data www-data     4096 Jan 18  2019  teststation2
-rw-r--r--  1 www-data www-data    86095 Mar  5  2019  updater.log
drwxr-xr-x  4 www-data www-data     4096 Mar  5  2019  updater-oc11g2gfpm1j
drwxr-xr-x  4 www-data www-data     4096 Apr 20 13:50  updater-oc718pd0qmpn
drwxr-xr-x  6 www-data www-data     4096 Aug  9  2018  webmaster
drwxr-xr-x  5 www-data www-data     4096 Aug  9  2018  William.
drwxr-xr-x  4 www-data www-data     4096 Aug  9  2018  yazan. 

+---------+----------+--------------+
| Folders | Files    | Elapsed time |
+---------+----------+--------------+
| 1505106 | 18284174 | 14:54:40     |
+---------+----------+--------------+
10

Ok. I think the names do not really end with dot (.)
You can delete the screenshot.
All looks fine.

11

No, they don’t. Thats after removing the last names and domains.

12

What type of folders and files have a problem?
Perhaps it is something with e.g. group folders and the migration goes wrong. Perhaps problem with the release and upgrades.

Can you explain the problems in detail?

13

Sure, let me try my best.

So I migrated all my nextcloud data and database from an older instance to a new one. Once I completed the transfer, I did a files:scan. I then fixed all the issues found in the Settings > Overview area as well as configuring cron. Once cron was configured, I was able to see all the files for my user and access them appropriately.

I then asked another user to help me test it. They reported that they could not access the folders that were shared with them, only group folders seems to be working. I confirmed this by impersonating that user and saw they they could not access any of the folders that were shared with them by another user. They get the message “This operation is forbidden” message.

I then tried to share one of those folders with that user but it says that there is an Error in creating the Share.

Let me know if there is an area you’d like me to elaborate more on.

14

Bueller? Bueller?