Cannot generate Pelican blog after mounting it in Nextcloud (permission issue)

Support apps
, ,
1

:uk:/:us: (english)

My YunoHost server

Hardware: Old laptop or computer
YunoHost version: 11.2.9.1 (stable)
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | … (all of it)
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes
If yes, please explain: The only tweak I did was to add /var/www/pelican/comment as an External Mount on Nextcloud following this comment and referring to the pelican-themes and pelican-plugins in my home directory.
If your request is related to an app, specify its name and version: pelican 4.9.1~ynh1

Description of my issue

A permission issue that I fixed myself, while writing this. Keeping it here in case anyone else uses folders for categories in Pelican and gets permission issues.

There seems to be a permission issue triggered by the this method to share the Pelican content folder with Nextcloud, which causes pelican to fail to generate the blog.

If I check systemctl status pelican.service and journalctl --unit pelican.service there is a lot of:

WARNING  Cannot get modification stamp for /var/www/pelican/content/{$category_dir}/{$file}

and

[Errno 13] Permission denied: /var/www/pelican/content/{$category_dir}/{$file}
ERROR    Could not process /var/www/pelican/content/{$category_dir}/{$file}

It then ends with (for reference, there should be >400 articles):

Done: Processed 1 article, 0 drafts, 0 hidden articles, 0 pages, 0 hidden pages
Dec 28 21:47:58 monolith.wheremymonkeyis.at pelican[204458]: and 0 draft pages in 1.26 seconds.

I get the same issue if I run /var/www/pelican/venv/bin/pelican /var/www/pelican/content from the shell.

In addition to that, on Nextcloud I can see the files in the /var/www/pelican/content mountpoint, but if I click on one I get an error claiming that the file does not exist.

2

I actually solved this issue myself while writing it, so I went ahead and recorded it regardless, together with the solution, in case anyone else runs into the same problem.

What seems to have been the actual issue is that I use folders for categories in Pelican, which is supported by default and documented:

[…] the category can be determined by the directory in which the file resides. For example, a file located at python/foobar/myfoobar.rst will have a category of foobar. If you would like to organize your files in other ways where the name of the subfolder would not be a good category name, you can set the setting USE_FOLDER_AS_CATEGORY to False.

So my /var/www/pelican/content/ looks like this:

.
β”œβ”€β”€ Anima/
β”œβ”€β”€ Ars/
β”œβ”€β”€ documents/
β”œβ”€β”€ images/
β”œβ”€β”€ Ius/
β”œβ”€β”€ pages/
β”œβ”€β”€ Tehne/
└── theme/

The solution therefore was to:

  1. chmod 770 every folder within /var/www/pelican/content/
  2. remove and re-add the mountpoint within Nextcloud

…and then it worked as expected again.

In my case this was:

cd /var/www/pelican/content/
chmod 770 Anima Ars documents images Ius pages Tehne theme
3

OK, I take it back. This is only partially fixed.

I am running into the problem that some files in content apparently have wrong permissions:

sudo yunohost app shell pelican
source venv/bin/activate
cd /var/www/pelican/content/images
ls -la slimbook

ls: cannot access 'slimbook/.': Permission denied
ls: cannot access 'slimbook/dracut_complaint_2.jpg': Permission denied
ls: cannot access 'slimbook/slimbook_conant_gasket.jpg': Permission denied
ls: cannot access 'slimbook/dracut_complaint_1.jpg': Permission denied
ls: cannot access 'slimbook/..': Permission denied
total 0
d????????? ? ? ? ?            ? ./
d????????? ? ? ? ?            ? ../
-????????? ? ? ? ?            ? dracut_complaint_1.jpg
-????????? ? ? ? ?            ? dracut_complaint_2.jpg
-????????? ? ? ? ?            ? slimbook_conant_gasket.jpg

… but on the other hand, if I check it as root, it looks fine:

 sudo ls -la /var/www/pelican/content/images/slimbook

drw-rwS--- 2 pelican pelican    4096 Dec 28 00:51 .
drwxrws--- 6 pelican pelican    4096 Dec 28 00:51 ..
-rw-rw---- 1 pelican pelican 5324375 Sep 22 11:52 dracut_complaint_1.jpg
-rw-rw---- 1 pelican pelican 3616450 Sep 22 11:52 dracut_complaint_2.jpg
-rw-rw---- 1 pelican pelican  740581 Sep  1 16:16 slimbook_conant_gasket.jpg

I am confused again.

4

OK, to answer my own issue again, it was again just the case of having to chmod ug+x the folders that were complaining.

5

They should be owned by www-data group and no chmod should be required.

6

But that is not enough for Nextcloud to RW mount it, is it?

The trick in the above linked (for me partial) solution was to add www-data and nextcloud to the pelican group.

7

Yeah, probably not.

8

The full solution for me therefore was as follows.

It is heavily borrowed from this post and assuming Fish shell, as I much prefer scripting in that:

sudo -s
cd /var/www/pelican
# Make sure the whole Pelican home / work directory is owned by group `pelican`
chown --recursive pelican:pelican .
# Add `nextcloud` and `www-data` users to the group `pelican`
usermod --append --groups pelican nextcloud
usermod --append --groups pelican www-data
# Force all (sub)folders created by Nextcloud to inherit the group `pelican`
chmod g+s content
# Authorise users `nextcloud` (and  `www-data`) to write in `content/` folder
chmod 770 content # a.k.a. ug+rwx
chmod --recursive 660 content/* # a.k.a. ug+rw
for folder in (find content/ -type d) # find all (sub)folders within `content/`
    chmod 770 $folder # a.k.a. ug+rwx
end
# Restart nginx (only needed the first time)
systemctl restart nginx
# Restart PHP (only needed the first time)
systemctl restart php8.2-fpm

NB: php8.2-fpm could be of different version on your machine.

1 Like
9

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.