Search code examples
dockerpermissionsstoragefedoranextcloud

Nextcloud Docker on Fedora: Data Directory Permissions Issue After Changing Mount Path


I deployed a Nextcloud Docker image on Fedora (uname -a outputs: 'Linux localhost.localdomain 6.8.7-300.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 19:21:08 UTC 2024 x86_64 GNU/Linux'). Initially, it worked well with the storage path '/mnt/nextcloud_storage'. However, after changing the mount structure to '/mnt/storages/nextcloud_storage', the Nextcloud web control panel shows the error:

"Your data directory is not writable. Permissions can usually be fixed by giving the web server write access to the root directory. See https://docs.nextcloud.com/server/20/go.php?to=admin-dir_permissions."

Below are some relevant details:

docker-compose.yml

(I only changed the volumes path after copying the files):

version: '3.7'

services:
  nextcloud:
    image: my-custom-nextcloud
    volumes:
      - /opt/nextcloud:/var/www/html:rw
      - /mnt/storages/nextcloud_storage:/var/www/html/data:rw
      - /dev/bus/usb:/dev/bus/usb
    networks:
      - nextcloud-network
    depends_on:
      - db
    restart: always

  db:
    image: mariadb
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - /opt/nextcloud/mysql:/var/lib/mysql
    networks:
      - nextcloud-network
    environment:
      - MYSQL_ROOT_PASSWORD=LetMePass!123
      - MYSQL_PASSWORD=letmepass
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    restart: always

  nginx-proxy:
    image: nginx:latest
    container_name: nginx-proxy
    ports:
      - "88:443" # HTTPS Only
    volumes:
      - /etc/web_certs/nancunchild.zapto.org:/etc/nginx/certs
      - ./nginx:/etc/nginx/conf.d
    depends_on:
      - nextcloud
    networks:
      - nextcloud-network

networks:
  nextcloud-network:
    driver: bridge

Docker container status:

nancunchild@localhost:~/dockers_container_configs/nextcloud$ docker ps -a
CONTAINER ID   IMAGE                   COMMAND                   CREATED        STATUS        PORTS                                         NAMES
c7f3af2eb1e0   nginx:latest            "/docker-entrypoint.…"   10 hours ago   Up 10 hours   80/tcp, 0.0.0.0:88->443/tcp, :::88->443/tcp   nginx-proxy
039703cb2894   my-custom-nextcloud     "/entrypoint.sh /ent…"   10 hours ago   Up 10 hours   80/tcp                                        nextcloud_nextcloud_1
8f67ae247fd7   mariadb                 "docker-entrypoint.s…"   10 hours ago   Up 10 hours   3306/tcp                                      nextcloud_db_1
b9603e60865b   stashapp/stash:latest   "stash"                   11 hours ago   Up 11 hours   0.0.0.0:9999->9999/tcp, :::9999->9999/tcp     stash

Nextcloud docker configs:

nancunchild@localhost:~/dockers_container_configs/nextcloud$ ls -al
总计 16
drwxr-xr-x. 3 nancunchild nancunchild  106  7月 8日 13:02 .
drwxr-xr-x. 6 nancunchild nancunchild   69  7月 7日 21:28 ..
-rw-r--r--. 1 nancunchild nancunchild 1022  7月 8日 03:15 docker-compose.yml
-rw-r--r--. 1 nancunchild nancunchild  807  5月 7日 18:53 Dockerfile
-rw-r--r--. 1 nancunchild nancunchild  229  4月 7日 13:13 entrypoint.sh
-rw-r--r--. 1 nancunchild nancunchild   91  4月 7日 13:21 nextcloud-cron
drwxr-xr-x. 2 nancunchild nancunchild   55  7月 8日 01:53 nginx
nancunchild@localhost:~/dockers_container_configs/nextcloud$ tree ./
./
├── docker-compose.yml
├── Dockerfile
├── entrypoint.sh
├── nextcloud-cron
└── nginx
    ├── nextcloud.conf
    └── nextcloud.conf.bak1

2 directories, 6 files

Part of nextcloud docker logs:

[Sun Jul 07 18:22:44.835355 2024] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
[Sun Jul 07 18:22:48.913583 2024] [php:notice] [pid 29] [client 192.168.114.4:0] {"reqId":"SRKGypi238QwBBgr5iC5","level":3,"time":"2024-07-07T18:22:48+00:00","remoteAddr":"192.168.114.4","user":"--","app":"PHP","method":"GET","url":"/","message":"fopen(/var/www/html/data/data_dir_writability_test_668adcf8de8ea.tmp): Failed to open stream: Permission denied at /var/www/html/lib/private/legacy/OC_Util.php#579","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"28.0.4.1","data":{"app":"PHP"}}

Storage directory

root@localhost:/mnt/storages/nextcloud_storage# ls -al
总计 152192
drwxr-xr-x. 12 root root      4096  7月 8日 03:19 .
drwxrwx---.  4   33 tape      4096  7月 8日 01:58 ..
drwxr-xr-x. 13 root root      4096  4月11日 17:29 appdata_ocwqmnttf9hg
drwxr-xr-x.  6 root root      4096  4月 7日 00:01 fengyuwuzu211
drwxr-xr-x.  2 root root      4096  5月 7日 18:28 files_external
-rwxr-xr-x.  1 root root       542  4月 5日 14:29 .htaccess
drwxr-xr-x.  2 root root      4096  5月 2日 12:07 images
-rwxr-xr-x.  1 root root         0  4月 5日 14:29 index.html
drwxr-xr-x.  7 root root      4096  4月 8日 15:37 nancunchild
drwxr-xr-x.  5 root root      4096  4月13日 01:52 naoh
-rwxr-xr-x.  1 root root 155756644  7月 8日 03:18 nextcloud.log
-rwxr-xr-x.  1 root root         0  4月 5日 14:29 .ocdata
-rwxr-xr-x.  1 root root       101  4月 5日 13:50 .user.ini
drwxr-xr-x.  5 root root      4096  4月 6日 22:57 xie
drwxr-xr-x.  6 root root      4096  4月 9日 17:40 YeYuXueSheng
drwxr-xr-x.  7 root root      4096  4月 8日 20:20 ZhangYujie
drwxr-xr-x.  5 root root      4096  4月 9日 23:10 zhiyu

Config directory

root@localhost:/opt/nextcloud# ls -al
总计 1216
drwxrwxrwx. 15 root             root                4096  7月 8日 02:50 .
drwxr-xr-x.  4 root             root                  41  5月 7日 17:45 ..
drwxrwxrwx. 44 root             root                4096  5月 2日 19:40 3rdparty
drwxrwxrwx. 51 root             root                4096  5月 2日 19:41 apps
-rwxrwxrwx.  1 root             root               23796  5月 2日 19:40 AUTHORS
-rwxrwxrwx.  1 root             root                1906  5月 2日 19:40 composer.json
-rwxrwxrwx.  1 root             root                3140  5月 2日 19:40 composer.lock
drwxrwxrwx.  2 root             root                4096  7月 8日 01:54 config
-rwxrwxrwx.  1 root             root                4124  5月 2日 19:40 console.php
-rwxrwxrwx.  1 root             root               34520  5月 2日 19:40 COPYING
drwxrwxrwx. 24 root             root                4096  5月 2日 19:41 core
-rwxrwxrwx.  1 root             root                6317  5月 2日 19:40 cron.php
drwxrwxrwx. 33 root             root                4096  6月10日 13:36 custom_apps
drwxrwxrwx.  2 root             root                   6  5月 2日 19:40 data
drwxrwxrwx.  2 root             root               12288  5月 2日 19:41 dist
-rwxrwxrwx.  1 root             root                5159  5月 2日 19:40 .htaccess
-rwxrwxrwx.  1 root             root                 156  5月 2日 19:40 index.html
-rwxrwxrwx.  1 root             root                4403  5月 2日 19:40 index.php
drwxrwxrwx.  6 root             root                 125  5月 2日 19:41 lib
drwxrwxrwx.  6 systemd-coredump systemd-coredump    4096  7月 8日 03:22 mysql
-rwxrwxrwx.  1 root             root                   0  5月 2日 19:40 nextcloud-init-sync.lock
-rwxrwxrwx.  1 root             root                 283  5月 2日 19:40 occ
-rwxrwxrwx.  1 root             root                  90  5月 2日 19:42 occ_shell.sh
drwxrwxrwx.  2 root             root                  55  5月 2日 19:41 ocs
drwxrwxrwx.  2 root             root                  23  5月 2日 19:41 ocs-provider
-rwxrwxrwx.  1 root             root                7073  5月 2日 19:40 package.json
-rwxrwxrwx.  1 root             root             1048494  5月 2日 19:40 package-lock.json
-rwxrwxrwx.  1 root             root                3187  5月 2日 19:40 public.php
-rwxrwxrwx.  1 root             root                5597  5月 2日 19:40 remote.php
drwxrwxrwx.  4 root             root                 133  5月 2日 19:41 resources
-rwxrwxrwx.  1 root             root                  26  5月 2日 19:40 robots.txt
-rwxrwxrwx.  1 root             root                2452  5月 2日 19:40 status.php
drwxrwxrwx.  3 root             root                  35  5月 2日 19:42 themes
-rwxrwxrwx.  1 root             root                 101  5月 2日 19:40 .user.ini
-rwxrwxrwx.  1 root             root                 403  5月 2日 19:42 version.php

Permissions in docker

nancunchild@localhost:~/dockers_container_configs/nextcloud$ docker exec -it nextcloud_nextcloud_1 /bin/bash

root@039703cb2894:/var/www/html# ls -al
total 1220
drwxrwxrwx. 15 root     root               4096 Jul  7 17:50 .
drwxrwxr-x.  1 www-data root                 30 Apr 24 16:59 ..
-rwxrwxrwx.  1 root     root               5159 May  2 10:40 .htaccess
-rwxrwxrwx.  1 root     root                101 May  2 10:40 .user.ini
drwxrwxrwx. 44 root     root               4096 May  2 10:40 3rdparty
-rwxrwxrwx.  1 root     root              23796 May  2 10:40 AUTHORS
-rwxrwxrwx.  1 root     root              34520 May  2 10:40 COPYING
drwxrwxrwx. 51 root     root               4096 May  2 10:41 apps
-rwxrwxrwx.  1 root     root               1906 May  2 10:40 composer.json
-rwxrwxrwx.  1 root     root               3140 May  2 10:40 composer.lock
drwxrwxrwx.  2 root     root               4096 Jul  7 16:54 config
-rwxrwxrwx.  1 root     root               4124 May  2 10:40 console.php
drwxrwxrwx. 24 root     root               4096 May  2 10:41 core
-rwxrwxrwx.  1 root     root               6317 May  2 10:40 cron.php
drwxrwxrwx. 33 root     root               4096 Jun 10 04:36 custom_apps
drwxr-xr-x. 12 root     root               4096 Jul  7 18:19 data
drwxrwxrwx.  2 root     root              12288 May  2 10:41 dist
-rwxrwxrwx.  1 root     root                156 May  2 10:40 index.html
-rwxrwxrwx.  1 root     root               4403 May  2 10:40 index.php
drwxrwxrwx.  6 root     root                125 May  2 10:41 lib
drwxrwxrwx.  6      999 systemd-journal    4096 Jul  7 18:22 mysql
-rwxrwxrwx.  1 root     root                  0 May  2 10:40 nextcloud-init-sync.lock
-rwxrwxrwx.  1 root     root                283 May  2 10:40 occ
-rwxrwxrwx.  1 root     root                 90 May  2 10:42 occ_shell.sh
drwxrwxrwx.  2 root     root                 55 May  2 10:41 ocs
drwxrwxrwx.  2 root     root                 23 May  2 10:41 ocs-provider
-rwxrwxrwx.  1 root     root            1048494 May  2 10:40 package-lock.json
-rwxrwxrwx.  1 root     root               7073 May  2 10:40 package.json
-rwxrwxrwx.  1 root     root               3187 May  2 10:40 public.php
-rwxrwxrwx.  1 root     root               5597 May  2 10:40 remote.php
drwxrwxrwx.  4 root     root                133 May  2 10:41 resources
-rwxrwxrwx.  1 root     root                 26 May  2 10:40 robots.txt
-rwxrwxrwx.  1 root     root               2452 May  2 10:40 status.php
drwxrwxrwx.  3 root     root                 35 May  2 10:42 themes
-rwxrwxrwx.  1 root     root                403 May  2 10:42 version.php

I have verified that the permissions on the new directory are set to allow read/write access, and I truned the SELinux off, but I am still encountering the issue. Can anyone suggest what might be wrong or how to troubleshoot this further?

Thank you in advance for your help!

What I have tried:

Changed Ownership and Permissions:

sudo chown root:root /mnt/storages/nextcloud_storage
sudo chmod 755 /mnt/storages/nextcloud_storage

Did not work.

Applied SELinux Context:

sudo chcon -Rt svirt_sandbox_file_t /mnt/storages/nextcloud_storage

Did not work.

Manual File Creation Inside Docker:

  • Entered the Docker container and successfully created a file in the /var/www/html/data directory.
root@039703cb2894:/var/www/html/data# ls
YeYuXueSheng  ZhangYujie  appdata_ocwqmnttf9hg  fengyuwuzu211  files_external  images  index.html  nancunchild  naoh  nextcloud.log  xie  zhiyu
root@039703cb2894:/var/www/html/data# echo write > ./writable_test
root@039703cb2894:/var/www/html/data# ls
YeYuXueSheng  ZhangYujie  appdata_ocwqmnttf9hg  fengyuwuzu211  files_external  images  index.html  nancunchild  naoh  nextcloud.log  writable_test  xie  zhiyu
root@039703cb2894:/var/www/html/data# cat writable_test
write

And there is something shouled be pay attention: there is no www-data user in my machine, it only exists in docker.


Solution

  • Sorry, it is a config error. There is no 'www-data' user in my machine, but there be in docker. So we should use this in docker:

    chown -R www-data:www-data ./
    

    All Solved.