FS#69911 - [nextcloud] user creation and correct permissions set for resources
Attached to Project:
Community Packages
Opened by Łukasz Buśko (str0gg) - Monday, 08 March 2021, 06:41 GMT
Last edited by David Runge (dvzrv) - Sunday, 28 March 2021, 10:46 GMT
Opened by Łukasz Buśko (str0gg) - Monday, 08 March 2021, 06:41 GMT
Last edited by David Runge (dvzrv) - Sunday, 28 March 2021, 10:46 GMT
|
Details
Package is missing critical configuration files so we do not
need to create user and adjust permissions on every
installation.
file nextcloud.sysuser -> "$pkgdir/usr/lib/sysusers.d/nextcloud.conf" u nextcloud - - /var/lib/nextcloud file nextcloud.tmpfiles -> "$pkgdir/usr/lib/tmpfiles.d/nextcloud.conf" d /var/lib/nextcloud 0750 nextcloud nextcloud - - d /usr/share/webapps/nextcloud 0750 nextcloud root - - d /usr/share/webapps/nextcloud/data 0750 nextcloud nextcloud - - d /usr/share/webapps/nextcloud/tmp 0750 nextcloud nextcloud - - d /etc/webapps/nextcloud 0750 nextcloud root - - |
This task depends upon
Closed by David Runge (dvzrv)
Sunday, 28 March 2021, 10:46 GMT
Reason for closing: Not a bug
Additional comments about closing: Please read the nextcloud wiki article.
If data is placed correctly and the web application is properly configured, no changes to the file system are required.
Sunday, 28 March 2021, 10:46 GMT
Reason for closing: Not a bug
Additional comments about closing: Please read the nextcloud wiki article.
If data is placed correctly and the web application is properly configured, no changes to the file system are required.
What would be the benefit of assigning a home directory to the nextcloud user though?
The other changes you propose weaken the integrity of /etc/webapps/nextcloud and /usr/share/webapps/nextcloud by giving ownership to the nextcloud user, which effectively enables a defective or compromised app to modify its own core components).
The data directory should be located in /var/lib/nextcloud/data, not in /usr/share/nextcloud/data as the latter neither exists nor should be a writable. This is configurable in the configuration file (see the wiki article: https://wiki.archlinux.org/index.php/Nextcloud#Data_directory).
The mode change of /var/lib/nextcloud does not make much sense, as no private data is located directly below it. The user data is stored below /var/lib/nextcloud/data which has a sufficient mode set to guard against other users accessing it.
What is the directory /usr/share/webapps/nextcloud/tmp used for in your use-case?
Please read https://www.systutorials.com/docs/linux/man/5-sysusers.d/
Its up to package maintainer to setup permissions i pass only proof of concept. What have to be taken care of is that most users whats to have permissions "write" to apps, data and config.
tmp folder is require for some nextcloud apps and operations so its need to be create in directory accessible by nextcloud.
Its really annoying that after each nextcloud update i same as other community members have to adjust permissions. Currently we have forum topic 5 pages long with 3 pages only on permissions issue. What i just propose going to solve it once and for all. If I had pull/merge request instruction i would fix it my self and send for review.
That did not answer my question as to why the user requires a home directory in this use case.
> What have to be taken care of is that most users whats to have permissions "write" to apps, data and config.
I am not really sure what you mean by that. All of this is already implemented.
> tmp folder is require for some nextcloud apps and operations so its need to be create in directory accessible by nextcloud.
I have not come across that being a requirement and it should definitely not be created below /usr/share/webapps/nextcloud.
Additionally, the general temporary directory used by the application is configurable: https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#all-other-configuration-options (see the `tempdirectory` parameter for the configuration file).
> Its really annoying that after each nextcloud update i same as other community members have to adjust permissions. Currently we have forum topic 5 pages long with 3 pages only on permissions issue.
I suggest to read the wiki article, especially the configuration section (https://wiki.archlinux.org/index.php/Nextcloud#Configuration) and the troubleshooting section for upgrades from 20.0.x to 21.0.0 (https://wiki.archlinux.org/index.php/Nextcloud#Issues_with_permissions_and_setup_after_upgrade_to_%3E=_21.0.0) and to make sure to also read relevant sections of the upstream documentation, such as installation (https://docs.nextcloud.com/server/latest/admin_manual/installation/index.html) and configuration (https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/index.html) (which partly of course targets a different kind of setup).
> What i just propose going to solve it once and for all. If I had pull/merge request instruction i would fix it my self and send for review.
No. Your changes will in fact not solve *anything* besides fixing your specific use-case, that you refuse to adapt to changes in packaging.
If you would like to continue to change the permissions in your file system after the installation of the package, because you strongly believe that it is necessary, you are of course free to do so.
Please note, that if configured correctly *no changes* to the file system permissions/ownerships are necessary and that the information on where things are supposed to go and how to configure those basic things are all in the wiki article.
Whatever you are trying to achieve is not a supported use-case and I will now close this issue, which seems to be rooted in a user ignoring the documentation and being unwilling to properly configure the web application.