Where is the "set strong permissions" script?


in ownCloud and Nextcloud < 10.0 there was a script in the documentation to set strong permissions for .htaccess/folders…

Can someone tell me what happened with it? I Upgraded yesterday from OC 9.1 to Nextcloud 10 -> 11 -> 12 and i now im working on the rework.

Is it no longer needed or can i just take the old script?


1 Like
1 Like

Thanks! I’ve searched everywhere but couldn’t find why it was removed from the documentation…

So if i read this whole story right… i should give my nextcloud-folder the following permissions…

chown -R apache:apache NEXTCLOUD-ROOT
chown -R apache:apache PATH-TO-DATA

find NEXTCLOUD-ROOT/ -type f -print0 | xargs -0 chmod 0640
find NEXTCLOUD-ROOT/ -type d -print0 | xargs -0 chmod 0750

find PATH-TO-DATA/ -type f -print0 | xargs -0 chmod 0640
find PATH-TO-DATA/ -type d -print0 | xargs -0 chmod 0750

What is with the .htaccess-files?

I’ve tested this on my demo system and it should work. But when i create/upload a new file via webinterface… the permissions are 644. Is this right?

As the main reason to finally drop the script was the block of nextcloud updates, .htaccess files should also be writeable/owned by webserver user, as they are also shipped with updates.

It blocks upgrades beacuse the permissions isn’t as safe as with root:www-data. So it’s actually worse to not use strong permissions. In the Nextcloud VM we solved that by making our own script for it: https://github.com/nextcloud/vm/blob/master/nextcloud_update.sh

1 Like

What is the current recommendation? I still use a version of the “nextcloud set strong permissions” script dated 03/2018 which still works just fine.

I think there still is a need to set those permissions from a security point of view.

Unfortunately the only official script available nowadays seems to be https://github.com/nextcloud/vm/blob/master/static/setup_secure_permissions_nextcloud.sh which obviously is for the VM versions of Nextcloud, so I´m wondering…

Update: Found https://github.com/nextcloud/documentation/issues/1353 which is still open. Seems currently there´s just no common sense in the nextcloud community bout that :tipping_hand_man: