Cannot generate Pelican blog after mounting it in Nextcloud (permission issue)

:uk:/:us: (english)

My YunoHost server

Hardware: Old laptop or computer
YunoHost version: (stable)
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | … (all of it)
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes
If yes, please explain: The only tweak I did was to add /var/www/pelican/comment as an External Mount on Nextcloud following this comment and referring to the pelican-themes and pelican-plugins in my home directory.
If your request is related to an app, specify its name and version: pelican 4.9.1~ynh1

Description of my issue

A permission issue that I fixed myself, while writing this. Keeping it here in case anyone else uses folders for categories in Pelican and gets permission issues.

There seems to be a permission issue triggered by the this method to share the Pelican content folder with Nextcloud, which causes pelican to fail to generate the blog.

If I check systemctl status pelican.service and journalctl --unit pelican.service there is a lot of:

WARNING  Cannot get modification stamp for /var/www/pelican/content/{$category_dir}/{$file}


[Errno 13] Permission denied: /var/www/pelican/content/{$category_dir}/{$file}
ERROR    Could not process /var/www/pelican/content/{$category_dir}/{$file}

It then ends with (for reference, there should be >400 articles):

Done: Processed 1 article, 0 drafts, 0 hidden articles, 0 pages, 0 hidden pages
Dec 28 21:47:58 pelican[204458]: and 0 draft pages in 1.26 seconds.

I get the same issue if I run /var/www/pelican/venv/bin/pelican /var/www/pelican/content from the shell.

In addition to that, on Nextcloud I can see the files in the /var/www/pelican/content mountpoint, but if I click on one I get an error claiming that the file does not exist.

I actually solved this issue myself while writing it, so I went ahead and recorded it regardless, together with the solution, in case anyone else runs into the same problem.

What seems to have been the actual issue is that I use folders for categories in Pelican, which is supported by default and documented:

[…] the category can be determined by the directory in which the file resides. For example, a file located at python/foobar/myfoobar.rst will have a category of foobar. If you would like to organize your files in other ways where the name of the subfolder would not be a good category name, you can set the setting USE_FOLDER_AS_CATEGORY to False.

So my /var/www/pelican/content/ looks like this:

β”œβ”€β”€ Anima/
β”œβ”€β”€ Ars/
β”œβ”€β”€ documents/
β”œβ”€β”€ images/
β”œβ”€β”€ Ius/
β”œβ”€β”€ pages/
β”œβ”€β”€ Tehne/
└── theme/

The solution therefore was to:

  1. chmod 770 every folder within /var/www/pelican/content/
  2. remove and re-add the mountpoint within Nextcloud

…and then it worked as expected again.

In my case this was:

cd /var/www/pelican/content/
chmod 770 Anima Ars documents images Ius pages Tehne theme

OK, I take it back. This is only partially fixed.

I am running into the problem that some files in content apparently have wrong permissions:

sudo yunohost app shell pelican
source venv/bin/activate
cd /var/www/pelican/content/images
ls -la slimbook
ls: cannot access 'slimbook/.': Permission denied
ls: cannot access 'slimbook/dracut_complaint_2.jpg': Permission denied
ls: cannot access 'slimbook/slimbook_conant_gasket.jpg': Permission denied
ls: cannot access 'slimbook/dracut_complaint_1.jpg': Permission denied
ls: cannot access 'slimbook/..': Permission denied
total 0
d????????? ? ? ? ?            ? ./
d????????? ? ? ? ?            ? ../
-????????? ? ? ? ?            ? dracut_complaint_1.jpg
-????????? ? ? ? ?            ? dracut_complaint_2.jpg
-????????? ? ? ? ?            ? slimbook_conant_gasket.jpg

… but on the other hand, if I check it as root, it looks fine:

 sudo ls -la /var/www/pelican/content/images/slimbook
drw-rwS--- 2 pelican pelican    4096 Dec 28 00:51 .
drwxrws--- 6 pelican pelican    4096 Dec 28 00:51 ..
-rw-rw---- 1 pelican pelican 5324375 Sep 22 11:52 dracut_complaint_1.jpg
-rw-rw---- 1 pelican pelican 3616450 Sep 22 11:52 dracut_complaint_2.jpg
-rw-rw---- 1 pelican pelican  740581 Sep  1 16:16 slimbook_conant_gasket.jpg

I am confused again.

OK, to answer my own issue again, it was again just the case of having to chmod ug+x the folders that were complaining.

They should be owned by www-data group and no chmod should be required.

But that is not enough for Nextcloud to RW mount it, is it?

The trick in the above linked (for me partial) solution was to add www-data and nextcloud to the pelican group.

Yeah, probably not.

The full solution for me therefore was as follows.

It is heavily borrowed from this post and assuming Fish shell, as I much prefer scripting in that:

sudo -s
cd /var/www/pelican
# Make sure the whole Pelican home / work directory is owned by group `pelican`
chown --recursive pelican:pelican .
# Add `nextcloud` and `www-data` users to the group `pelican`
usermod --append --groups pelican nextcloud
usermod --append --groups pelican www-data
# Force all (sub)folders created by Nextcloud to inherit the group `pelican`
chmod g+s content
# Authorise users `nextcloud` (and  `www-data`) to write in `content/` folder
chmod 770 content # a.k.a. ug+rwx
chmod --recursive 660 content/* # a.k.a. ug+rw
for folder in (find content/ -type d) # find all (sub)folders within `content/`
    chmod 770 $folder # a.k.a. ug+rwx
# Restart nginx (only needed the first time)
systemctl restart nginx
# Restart PHP (only needed the first time)
systemctl restart php8.2-fpm

NB: php8.2-fpm could be of different version on your machine.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.