Dear all,
While upgrading my Nextcloud instance from 31.0.13.1 to 32.0.6.1 , i break it. After checking i found that it was because of the restricted capabilities I add to my docker compose.
The Basics
- Nextcloud Server version (e.g., 29.x.x):
migration from 31.0.13.1 to 32.0.6.1
- Operating system and version (e.g., Ubuntu 24.04):
archlinux
- Web server and version (e.g, Apache 2.4.25):
nextcloud- stable-fpm-alpine
- Reverse proxy and version _(e.g. nginx 1.27.2)
nginx-reverse-proxy
- Is this the first time you’ve seen this error? (Yes / No):
Yes but for the previous version upgrade, capabilities where not in place.
- When did this problem seem to first start?
while upgrading from 31.0.13.1 to 32.0.6.1.
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
docker compose
Summary of the issue you are facing:
For nextcloud app and cron, I add in docker compose the following capabilities restrictions :
cap_drop:
- ALL
cap_add:
- FOWNER
- DAC_OVERRIDE
- SETUID
- SETGID
In normal service (not upgrade) it works well without any issue. But when I try to upgrade, I face a major issue that forced me to restore nextcloud with a backup yesterday. The files rights in /var/www/html/ where “broken”.
You can find below the start log of the upgrade :
févr. 20 13:07:12 serveur nextcloud-docker-app-1/4a78192510d5[961]: Initializing nextcloud 32.0.6.1 …
févr. 20 13:07:12 serveur nextcloud-docker-app-1/4a78192510d5[961]: Upgrading nextcloud from 31.0.13.1 …
févr. 20 13:07:20 serveur nextcloud-docker-app-1/4a78192510d5[961]: rsync: [receiver] chown “/var/www/html/.htaccess.jifCho” failed: Operation not permitted (1)
févr. 20 13:07:20 serveur nextcloud-docker-app-1/4a78192510d5[961]: rsync: [receiver] chown “/var/www/html/.user.ini.dCJMFA” failed: Operation not permitted (1)
févr. 20 13:07:20 serveur nextcloud-docker-app-1/4a78192510d5[961]: rsync: [receiver] chown “/var/www/html/.AUTHORS.HAjBkA” failed: Operation not permitted (1)
févr. 20 13:07:20 serveur nextcloud-docker-app-1/4a78192510d5[961]: rsync: [receiver] chown “/var/www/html/.COPYING.GFPKkA” failed: Operation not permitted (1)
…
And here after adding cap_add: CHOWN, upgrade finally ended.
févr. 20 13:29:45 serveur nextcloud-docker-app-1/378606bb4417[962]: Update app recognize from App Store
févr. 20 13:30:49 serveur nextcloud-docker-app-1/378606bb4417[962]: Starting code integrity check…
févr. 20 13:31:25 serveur nextcloud-docker-app-1/378606bb4417[962]: Finished code integrity check
févr. 20 13:31:25 serveur nextcloud-docker-app-1/378606bb4417[962]: Update successful
févr. 20 13:31:25 serveur nextcloud-docker-app-1/378606bb4417[962]: Turned off maintenance mode
But, because of permissions issues, nextcloud stop working in particular, web interface was not reachable.
Hopefully, I’ve got a recent backup that help me to restart nextcloud with a minimum of lose.
My Question is now are the following capabilities enough for nextcloud or should i add others ?
cap_drop:
- ALL
cap_add:
- CHOWN
- FOWNER
- DAC_OVERRIDE
- SETUID
- SETGID
Best regards, and thank you for your help.