is it safe to add "www" as owner for primary dataset ?

S

sulfy

Cadet
Joined
Feb 17, 2020
Messages
9
Hello All, Im new to FreeNAS and i would like to use my primary dataset with sensitive data to be accessible as external storage for nextcloud. May i know is it a safe practice to add www as owner for my primary dataset / is it safe to use primary dataset as external storage for nextcloud ?

Any help will be highly appreciated, Thank you.
 
garm

garm

Wizard
Joined
Aug 19, 2017
Messages
1,556
Sounds like a bad idea all around.. just migrate your stuff to Nextcloud proper
 
S

sulfy

Cadet
Joined
Feb 17, 2020
Messages
9
again is it okey to keep primary datas inside a jail ? may be a newbie question
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
What's a primary dataset? If you dedicate a dataset to nextcloud it makes perfect sense to set the owner to "www" and mount it inside your nextcloud jail, then configure it as the nextcloud data directory.

HTH,
Patrick
 
S

sulfy

Cadet
Joined
Feb 17, 2020
Messages
9
Patrick M. Hausen said:
What's a primary dataset? If you dedicate a dataset to nextcloud it makes perfect sense to set the owner to "www" and mount it inside your nextcloud jail, then configure it as the nextcloud data directory.

HTH,
Patrick
Click to expand...

yes that's exactly what I'm doing right now. my concern is regarding safety of a folder when its group / owner set to "www" , only nextcloud will access the folder or any web application can ?
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
This is not a FreeNAS specific question and depends entirely on the correct configuration of the web server you use for the Nextcloud installation. You can find templates for Apache and Nginx here:


I use Nginx and Nextcloud in a jail and it works great.

HTH,
Patrick

P.S. The key part of the config is this - denying access to the data directory (which is where your dataset would probably be mounted.
Code:
location / {
    rewrite ^ /index.php;
}

location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
    deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
}
 
S

sulfy

Cadet
Joined
Feb 17, 2020
Messages
9
Thank you , may I know what group www means ? Who will be able to access those files ?
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
Group "www" is a system group with the user "www" as the only member by default. It's there so you can add additional users to have more granular access rights. If you did not do that, you are probably fine.
 
You must log in or register to reply here.

Similar threads

T
Changing dataset owner from root to www?
Replies
2
Views
2K
thatflashcat
T
R
Is it safe for me to expand my pool?
2
Replies
25
Views
11K
kappclark
kappclark
W
  • Locked
Recover snapshot from backup server
Replies
9
Views
6K
Johnny Fartpants
Johnny Fartpants
R
  • Locked
Dataset not working after importing volume
Replies
2
Views
1K
Ericloewe
Ericloewe
N
  • Locked
Separate slices and pool for System Dataset?
Replies
6
Views
2K
Ericloewe
Ericloewe
Top