FS#69730 - [nextcloud] Problems with writable apps directory
Attached to Project:
Community Packages
Opened by Luca Weiss (z3ntu) - Sunday, 21 February 2021, 17:19 GMT
Last edited by David Runge (dvzrv) - Sunday, 21 February 2021, 18:13 GMT
Opened by Luca Weiss (z3ntu) - Sunday, 21 February 2021, 17:19 GMT
Last edited by David Runge (dvzrv) - Sunday, 21 February 2021, 18:13 GMT
|
Details
Description:
I'm running apache httpd & php-fpm with the latest nextcloud package 21.0.0-6. Everything's running fine but apache can't access the contents of the extra installed apps, as apache is running with the http user and /var/lib/nextcloud/apps is owned by the nextcloud user. 1. Install e.g. bookmarks app from the store, everything works fine there. 2. See that most things with the app don't work because static assets are failing with HTTP 403, as those are served by apache Accessing https://example.org/wapps/bookmarks/img/bookmarks.svg fails with a Apache Forbidden site; $ sudo -u http ls /var/lib/nextcloud/apps/ ls: cannot access '/var/lib/nextcloud/apps/': Permission denied I don't see anything on the wiki page about having to run apache as a different user or something. A user in the forum also writes about similar symptoms https://bbs.archlinux.org/viewtopic.php?pid=1957661#p1957661 Thanks for the work, I'm glad that Nextcloud is running as a separate user now :) |
This task depends upon
Closed by David Runge (dvzrv)
Sunday, 21 February 2021, 18:13 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with nextcloud 21.0.0-7
Sunday, 21 February 2021, 18:13 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with nextcloud 21.0.0-7
I'm not sure how to fix this. Would it hurt to make /var/lib/nextcloud + /var/lib/nextcloud/apps readable by everyone? I mean, /usr/share/webapps/nextcloud/apps is also readable by everyone. This would include the http user and fix the problems.
/var/lib/nextcloud/data can stay as it is, of course.
When this gets fixed I think the package is finally working pretty much out of the box again.
I have the suspicion, that it is related to /var/lib/nextcloud/apps/ being installed 770.
For /var/lib/nextcloud/data/ this seems to be correct (the application itself changes it to that mode), but for the apps directory it is too restrictive.
You can try to adjust the ownership temporarily: chmod 755 /var/lib/nextcloud/apps
Maybe we can also do this with user: nextcloud, group: http ownership? Then we can keep the 'others' permissions to a minimum
chmod 755 /var/lib/nextcloud/apps
This fixes it for me, but I needed both.
btw: If you have any suggestions for https://bugs.archlinux.org/task/69726 I could imagine the reporter would be happy about any pointers!