Access to nextcloud data folder

Christian · October 20, 2023, 4:11pm

Hi,

I have installed jellyfin and want to point it to a Nextcloud folder, where I’ve uploaded all my videos (via Nextcloud obviously). The folder in question is: /home/yunohost.app/nextcloud/data/christian/Movie’

The problem is that despite setting all the right permissions I cannot get beyond ‘/home/yunohost.app/nextcloud’ Even though I did a desperate chmod -R 777 on the ‘/home/yunohost.app/nextcloud/data’ directory, no one except sudo can access the folder. There seems to be some additional security layer at work that I haven’t been able to defeat yet. Guidance would be appreciated.

wbk · October 20, 2023, 9:30pm

Hi Christian,

I think ACLs are to blame.

What is the exact reaction you got to a specific command?

In my case:

# ls -l /home/ |grep wbk
drwxrwxr-x+  5 wbk             wbk             4096 Jan  5  2023 wbk
# ls -l /home/yunohost.app/nextcloud/data/ |grep wbk
drwxr-x---+  8 nextcloud nextcloud      4096 Jul  9  2020 wbk

Notice the + behind the permissions. It indicates additional permissions via ACL are active.

# getfacl /home/yunohost.app/nextcloud/data/wbk/
getfacl: Removing leading '/' from absolute path names
# file: home/yunohost.app/nextcloud/data/wbk/
# owner: nextcloud
# group: nextcloud
user::rwx
group::r-x
group:fusers:rwx               #effective:r-x
mask::r-x
other::---
default:user::rwx
default:group::r-x
default:group:13362:rwx
default:mask::rwx
default:other::---

I don’t have a direct answer which changes to make to ACL in your case, but I found an old thread where there is a similar situation, Getting Jellyfin and NextCloud on the same page - #13 by tituspijean

tituspijean got a suggestion there with an intermediate group for those files, of which Nextcloud as well as Jellyfin are members.

When changing ACL with setfacl, take care that there is one option to change the current files, and another to change new files added in the future.

Good luck!

Christian · October 21, 2023, 8:05am

Thanks for trying to help me out. I actually tried to change the ACLs and it shows me this, after I did a:
getfacl /home/yunohost.app/nextcloud/data/

file: home/yunohost.app/nextcloud/data/
owner: nextcloud
group: nextcloud
user::rwx
group::r-x
other::r–
default:user::rwx
default:group::rwx
default:other::r–

So everyone should have at least read access, but no dice. (Permissions are also set via chmod 754) It still shows a “permission denied”. Any further pointers would be appreciated.

Edit: This is weird: If I do a sudo chmod 754 /home/yunohost.app/nextcloud/data and then a ls -l the output is this:
drwxr-xr–+ 6 nextcloud nextcloud 4096 Apr 20 2023 data

If I want to cd into the the folder it still says “permission denied”. If I the do ls -l again I get this:
drwxrwx—+ 6 nextcloud nextcloud 4096 Apr 20 2023 data

The read permissions are automatically removed for the “Other” category. WTF? Is there a background process that resets permissions on certain folders?

system · November 20, 2023, 8:06am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.