Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External storage not writable unless manual permission change #2140

Open
MarcS1975 opened this issue Jan 7, 2024 · 14 comments
Open

External storage not writable unless manual permission change #2140

MarcS1975 opened this issue Jan 7, 2024 · 14 comments
Labels
data persistence Volumes, bind mounts, etc. question

Comments

@MarcS1975
Copy link

When mounting data folders via External storage option 'local', there is always a permission problem that causes NC to block uploads/writing to those folders. Only when manually loging into the container and changing the permissions is it possible to use those External Storage options.

Process:

  1. new installation using docker compose, file extract below
      - /srv/2T_JBOD/DockerappsHot/NC/NC_app:/var/www/html
      - /srv/BTRFS27/dataX:/var/www/html/data/dataX```

2) Inside NC, add app "External Storage"
3) In External Storage, link the mounted folder as storage type 'local'

Expected bahaviour:
The folder dataX should show up in NC as folder and the user should have r/w permissions.

Actual behaviour:
The folder dataX does show up in NC but user has **NO write permissions**.

When checking inside the container the 2 folders are owned by root:root.
The NC user cannot write to that folder.

Only by manually doing
```sudo chown -R www-data:www-data dataX
$ sudo chmod -R 0750 dataX

can the folders be made usable.
@martadinata666
Copy link

Well, "local" mean it will use whatever the docker container user run for to read/write permission to folder in this case "www-data" uid "33" *cmiiw, other way is set 755 on folder. Samba it best bet on granuled permissions.

@joshtrichards
Copy link
Member

You're using bind mounts. The permissions, when using bind mounts, aren't even under the Docker Engine's control let alone Nextcloud. That's one of the downside to using bind mounts - permissions are your problem. :-)

I'm not sure what you expect either Nextcloud Server or the Nextcloud Docker image to do about this.

If you want to avoid this, use Docker named volumes, just as most of the examples in our README do. :)

Please follow-up at the Nextcloud Help Forum - https://help.nextcloud.com/ - or the Docker Community Forum - https://forums.docker.com/ since this is more a general configuration and/or Docker Engine matter.

@joshtrichards joshtrichards closed this as not planned Won't fix, can't repro, duplicate, stale Jan 8, 2024
@joshtrichards joshtrichards added question data persistence Volumes, bind mounts, etc. labels Jan 8, 2024
@joshtrichards joshtrichards changed the title BUG: External storage not writable unless manual permission change External storage not writable unless manual permission change Jan 8, 2024
@MarcS1975
Copy link
Author

MarcS1975 commented Jan 8, 2024 via email

@MarcS1975
Copy link
Author

Samba it best bet on granuled permissions.

Unfortunately the smbclient in Nextcloud does not work. It has been buggy for years and although there are many issue reports by users about smbclient, its never been fixed (at least not in the NC community container). That's the whole reason I had to revert to the Nextcloud "local" solution.

@MarcS1975
Copy link
Author

MarcS1975 commented Jan 8, 2024
edited

this is more a general configuration and/or Docker Engine matter

I actually think its very specific to Nextcloud docker as NC is a file sharing system and currently mounting External data sources is inherently buggy, i.e. smbclient doesnt work and 'local' causes permission problems. It would be great if NC inside Docker could be fixed to work for its main purpose (file sharing). :)

@MarcS1975
Copy link
Author

just quickly closing tickets doesn't help improve the application for sure

@joshtrichards
Copy link
Member

volumes:
- /srv/MyLocalPath/LIVE180:/var/www/html/data/nmax/live

The left side has a slash in front - that means the source is an actual folder on your underlying host rather than a Docker Engine managed volume.

https://docs.docker.com/compose/compose-file/compose-file-v3/#short-syntax-3

@MarcS1975
Copy link
Author

But how else should I integrate my existing data? I need to somehow bring in that path. That path holds 1TB of existing files which I want to utilise, share and manage in Nextcloud.

@joshtrichards
Copy link
Member

I actually think its very specific to Nextcloud docker as NC is a file sharing system and currently mounting External data sources is inherently buggy, i.e. smbclient doesnt work and 'local' causes permission problems. It would be great if NC inside Docker could be fixed to work for its main purpose (file sharing). :)

I'm not sure what smbclient has to do with this Issue you opened about mounting a local host folder and expecting the image to fix the permissions.

I'm merely suggesting maybe getting some feedback from the forums before you assume things are a bug. :)

@MarcS1975
Copy link
Author

MarcS1975 commented Jan 8, 2024
edited

Well NC has several ways of integrating existing data via the External Storage app. One option in that app is SMB which requires smbclient to run inside the container. This is not working (as reported). An alternative to bring in data is via the type "local" which requires a path into the container as per my volume. That caused the permission errors so its also not working. Bug or not bug, both ways are not fully implemented.
Ok, maybe remove the Bug from the titel and leave the ticket open so I can get more feedback here.

@martadinata666
Copy link

martadinata666 commented Jan 9, 2024
edited

Technically docker or not, the "local" will use the permission of the Apache user. What ever it is.
Then there is docker image issue about SMB that is not working ootb, thus require user to rebuild the image themselves.

@joshtrichards joshtrichards reopened this Jan 9, 2024
@MarcS1975
Copy link
Author

MarcS1975 commented Jan 9, 2024
edited

Technically docker or not, the "local" will use the permission of the Apache user. What ever it is. Then there is docker image issue about SMB that is not working ootb, thus require user to rebuild the image themselves.

Yes, local will use the existing permissions but that does not work for a file sharing application. Thus, I think there should be a permanent fix, possible via PUID/PGID (see below). The fix is not smbclient because it does not work. Even the rebuild or manual installation of smbclient inside the container does not work and fiddling with packages inside the container is totally against the concept of a container. After installing smbclient , there a plenty of errors in the NC log files and this has been reported many times by many users. Smbclient is not a stable solution to share files in NC Docker with.

Yes, that is the fix that I described in my initial post. But again, its a manual workaround and should not be part of a docker container (IMHO). The real solution could maybe be implemented with PUID and PGID settings as described here, but I am not a Docker expert to know exactly how that works. If this is really the solution to the permission problems, then should these settings not be part of every NC Docker container.

@martadinata666
Copy link

Yes, there are many of tedious talk of this smb thing or other thing that not supported ootb as expected to be, then there is also https://github.com/nextcloud/all-in-one, that call for "the complete" ultimate nextcloud docker image. Maybe you want to try that.

@MarcS1975
Copy link
Author

MarcS1975 commented Jan 9, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
data persistence Volumes, bind mounts, etc. question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joshtrichards @martadinata666 @MarcS1975