How do you run up the docker instance?
Permission errors on docker are usually due to not setting uid/gid when running up the instance. If not set docker runs the application as root which is a security concern when dealing with web-applications specifically.
You can set the user id and group id of the docker processes using the environment flags PUID / GUID. If you simply want to set it to your user run id $user
and set it accordingly.
example docker-compose and long explanation
In a docker-compose.yml file it would look something like:
---
version: "2.1"
services:
nextcloud:
image: theimage/youwant
container_name: somethingcatchy
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Amsterdam
volumes:
- /path/to/appdata:/config
- /path/to/data:/data
- /path/to/backup:/Nextcloudbackup
ports:
- 443:443
restart: unless-stopped
PID/GID 1000 is usually the id number of your main user.
You can also make a dedicated user for nextcloud(pi) and set that gid/pid with sudo userad -u 1337 -g 1337
( It could also be useful to set
stdin_open: true # docker run -i
tty: true # docker run -t
to allow you to docker attach
to the image in whichever way you prefer)
If you plan on opening up ssh from the ncp panel you should also map the port 25.
I never really use docker run
as I like the layout of yml files and being able to save all my configs that way, but if you do like it then use -e PUID=
and -e PGID=
so set the IDs.
There’s some useful info on user/group IDs here:
linuxserver.io’s “Understanding PUID & GUID”
Their docker wiki is heaps useful, highly recommended.
Tl:dr;
Set pid/gid to any other user than root because running a web application as root is a security concern
sudo useradd -g -G www-data -u 1337 -p 1337 leet-ncp-user
then add PUID & GUID environment variables to the docker stack to match leet-ncp-user
Or if you are fine running it as your standard user, say Pi
or Yourname, you can set them to 1000
in the docker-compose file. These users usually are in the sudo group which is only a security concern should you use the standard password.
Have a look at this thread regarding back/restores, might find somehting useful in there:
https://help.nextcloud.com/t/howto-change-move-data-directory-after-installation/17170
Another issue I’ve encountered not with nextcloud but with other containers using mysql/mariadb is that the database user gets mismatched between old/new containers. I’ve solved this by attaching to the image, then to the database and resetting the passwords.