Permission for having nextcloud and share access the same dataset

[macx979]

Hi,

there are already a lot of questions into to same direction, however I still can't get it work nor do I saw anybody being successful.

my setup:
running FreeNAS 11.3 I created datasets for two users. lets call them user1 and user2. For both datasets I created NFS shares which are being mounted to the linux machines of these users. This works as it's supposed to be.
Furthermore I installed the Nextcloud plugin (v17.1) and would like to use these datasets as local external storage dedicated for each user.

I created mount points in nextcloud jail to /mnt/userX
In nextcloud webui I created user accounts for them and activated external storage as well as connected these local external storages. So far this does work. However I am struggeling with permissions.

The user datasets in FreeNAS have permissions like userX:usergroup.
In nextcloud I add the mount points under /mnt as local external storage. In the nextcloud jail these folder have owner 1000 and group 1000.

This does work but I don't have the permissions to write via from nextcloud webui or nextcloud desktop client.

I tried the following solution:
pw groupadd -n usergroup -g 1001 <- 1001 is the same GID as the dataset in FreeNAS has.
pw groupmod usergroup -m www

On the dataset permissions wrx is give to user and group.

But which user and group should the folders in nextcloud jails be.
www:1001?
www:usergroup?
root:usergroup?
...

Can someone shed some light on this to help me understand it?

Best
macx

 

[Heracles]

Hey Mac,

Nextcloud's access is from user www (or www-data) and so, this user must be the owner with proper permissions. Also, I recommend you not to bypass Nextcloud as you try to do right now. Nextcloud maintains a database of all files and their status. Whenever a change happen in the backend, Nextcloud ends up de-sync and must re-sync itself. Such a permanent break-N-fix is not recommended. Once it will break in a way that can not be fixed.

 

[macx979]

Hi Heracles,

I read about this issue of bypassing nextcloud but I thought integrating datasets as local external storage circumvents this issue. apparently it doesn't.
So what is the best way then to have access to a dataset via nfs (or any other sharing protocol) as well as nextcloud the same time? if there is any.

and what is the purpose of external storage integration in nextcloud then?

 

[Heracles]

External storage are useful for different cases, like read-only access to some data, to use Nextcloud as the single frontend for all storages like Google drive or to put backups in a different storage so they are protected against an incident on the main storage.

Considering that Nextcloud presents your files and directory to the local system, there are no real point mounting them a second time with NFS... The other option is to work from the WebUI. I do it all the time here : I edit all my docs directly in the cloud with OnlyOffice, I manage them from there, ...

Why would you bypass the Frontend with NFS ? What is it that you try to achieve ?

 

[macx979]

I am using the datasets for each user on FreeNAS to have dedicated snapshots and replication tasks. These users get access to the datasets via NFS shares from their linux machines. The reason I am trying to set up nextcloud with additional access to these shares is that nextcloud is more convenient, especially due to the android and ios apps.

Maybe I misunderstand the concept as well as the issue:
1. so, in general accessing a freenas dataset via any share protocol and nextcloud the same time isn't a good idea due to syncing issues data corruption possibilities?
2. I should consider either NFS or Nextcloud but not both?

I am actually not trying to bypass the nextcloud frontend, I only like to have to different way to access the same data in my user datasets.

 

[Heracles]

Hi again,

For your setup, what you can do is have your root Nextcloud dataset as /mnt/pool/root_cloud
After that, you create sub datasets as /mnt/pool/root_cloud/user1 and /mnt/pool/root_cloud/user2.
With that, you will have different datasets for different users without the need for external storage.

But again, this is not really a good idea. As said, Nextcloud is using a database in which all files are listed with their properties. Should you rollback only one dataset, the database can not be sync by definition. Either you rollback your entire Nextcloud instance or not at all. To rollback only half of it is not good. It will be even more important if you chose to turn on Encryption. To rollback one part to one moment in time and another to another moment is not any better.

So indeed, I recommend not to access Nextcloud's backend with any other protocol to avoid desyncing its database.
And Yes, I recommend you do either NFS or Nextcloud but not both.

As for having different ways to reach your data, Nextcloud offers you to do it over Web, over the mobile App as well as direct file access from a computer running the desktop client. That is already pretty good. Considering NFS is only for direct from a computer, that channel is already covered by Nextcloud...

 

[macx979]

thanks for your explanation.

I see your point of using nextcloud as the main (and one and only) way of accessing the dataset. The drawbacks I see, are:

- all data of all users has to be in one dataset on freenas. So, there is no way of having individual snapshot, replication and cloud tasks for each user. All rules apply for all users. -> that's something I could maybe live with

- Currently I use a bash script for installing all user machines. This script mounts the user nfs share and downloads some data and settings I need for finalizing the installation -> While creating this script I was able to install the nextcloud desktop app and restore the settings incl. server ip and login user. Unfortunately I couldn't automize syncing the right folder straight away. This still needs manual input via the nextcloud desktop client program window. However I could solve this by creating a dedicated dataset only for these kind of installation data and settings and connect it via nfs as before.

In case I go for just a single nextcloud dataset for all users which is not being accessed by other protcols, and I mount it in e.g. /mnt/pool/root_cloud, do I run into the same issues when rolling back this dataset (instead of the entire nextcloud iocage) or is this a safe way of using nextcloud in FreeNAS?

 

[macx979]

After rethinking my setup, honestly I still have a couple of question marks how to use nextcloud in a proper way.
I am talking about nextcloud as a plugin in FreeNAS which creates a jail on the FreeNAS machine.

Option I currently see:
1. install the nextcloud plugin and use the regular data directory as it was set up during installation. This is /usr/local/www/nextcloud/data/ in this jail.
drawbacks:
- your iocage dataset on FreeNAS is inflating like hell when adding data to nextcloud
- you can't use the existing datasets for users on FreeNAS and you need to somehow double data for user datasets and nextcloud user accounts
- many people do not recommend to use the root folder in Nextcloud for user data

2. mount several existing FreeNAS datasets to /mnt/xxx in nextcloud jail and connect it to nextcloud via "local" external storage app.
drawbacks:
- issues in case you rollback one datasets, it could or will screw up the nextcloud database

3. mount a single existing FreeNAS dataset (e.g. nextclouddata) as the data-directory in /mnt/xxx for nextcloud and set up users in nextcloud who all save their data in this dataset.
drawbacks:
- no way to separate the way snapshots and replication are being handled in FreeNAS
- There seems no simple and safe way to change the data directory after installation - when installation nextcloud manually you can specifiy the data directory but you can't do this if you install the plugin.


Either I miss something or running nextcloud on FreeNAS doesn't make to much of a sense, since whatever road you take, there are some drawbacks which are not recommended for using nextcloud.

Best

 

[Heracles]

Hi again,

Nextcloud is a service and is meant to be managed as a service. It is not meant to be managed in one way for UserA and another way for UserB. What Nextcloud offers on a per user basis are quotas and some privilege. Backup plans are not on a per user basis.

Here, I take snapshots of my Nextcloud dataset on a 5 generation model :
Every 15 minutes, snapshot is kept for 3 days.
Every hour, snapshot is kept for 1 week
Every day, snapshot is kept for 4 months
Every week, snapshot is kept for 18 months
Every 4 weeks, snapshot is kept for 5 years.

This is perfect for everyone. If one do many changes, it will have a maximum of them not only in FreeNAS versioning and undelete, but also in snapshots. If another is not as active, there is no harm and most snapshots will just not contain anything related to him because he has no changes. All these snapshots are then replicated to my 2 other FreeNAS servers, Hades and Thanatos.

Most of the time, users can recover their own files by using Nextcloud's builtin undelete and versioning features. By the way, not to bypass Nextclout's frontend is also important for not bypassing these 2 features...

Here, I do not use the plugin. I run Nextcloud from a Docker host in my ESXi server. I mapped an NFS share from FreeNAS into that Docker host and that path is then mounted locally in the container by Docker. Datasets are meant to be flexible in size and ZFS is meant to manage even the largest space you can imagine. As such, to have a big dataset is not to worry at all.

Should you wish to mount a single dataset for your Nextcloud data, you can :
--Create that dataset
--Mount it anywhere in your Nextcloud jail
--Put your Nextcloud in maintenance mode
--Copy everything under the actual "data" directory to that single dataset
--Ensure that everything is owned by the proper user for Nextcloud to operate (www or www-data or whatever you use)
--Unmount the multiple datasets from your jail as you use them now
--Remount that single dataset as the "data" directory
--Put back your Nextcloud in regular mode
--Confirm everything has been transferred properly

Once comfortable and confident that everything has been migrated properly, you can delete these independent datasets.

But I confirm that Nextcloud is clearly not meant to be bypassed and be backed up differently on a per user basis.

 

[echelon5]

I had nextcloud issues after updating to 11.3. The shares worked fine before upgrading. I've set unix "extensions = no" to the share's aux parameters.

 

[Heracles]

Hey Echelon,

First, your situation is not related to this thread. Second, it is not clear if you still have the problem or if what you did fixed it. Third, by upgrading in a hurry to the latest version, this is the kind of trouble you are explicitly looking for.

So should you need help, I suggest you open a thread on that subject and you provide all the details about your case. The hardware, software, config, symptoms, error messages, etc.

 

[echelon5]

Hey Echelon,

First, your situation is not related to this thread. Second, it is not clear if you still have the problem or if what you did fixed it. Third, by upgrading in a hurry to the latest version, this is the kind of trouble you are explicitly looking for.

So should you need help, I suggest you open a thread on that subject and you provide all the details about your case. The hardware, software, config, symptoms, error messages, etc.

Yes, you are correct with your first assessment. I misread the topic and didn't notice it was a NFS related issue. My apologies.

On your third point, piss off. What you're saying there is that we should all hold off with upgrading until... what? Till we get a green light from you? How can you tell I've upgraded in a hurry? I've actually went over the docs several times since RC1 was announced. Furthermore, upgrading a basic FreeNAS install shouldn't create any issues so don't start randomly blaming people for unexpected issues due to updates.

 

[macx979]

On your third point, piss off.

Jesus, calm down man! He's helping a lot if you don't act like a prick!


regarding the topic:
I'm definitely fine now with using a single FreeNAS dataset as the main source for Nextcloud.

Should you wish to mount a single dataset for your Nextcloud data, you can :
--Create that dataset
--Mount it anywhere in your Nextcloud jail
--Put your Nextcloud in maintenance mode
--Copy everything under the actual "data" directory to that single dataset
--Ensure that everything is owned by the proper user for Nextcloud to operate (www or www-data or whatever you use)
--Unmount the multiple datasets from your jail as you use them now
--Remount that single dataset as the "data" directory
--Put back your Nextcloud in regular mode
--Confirm everything has been transferred properly

--Create that dataset ->
I did

--Mount it anywhere in your Nextcloud jail
-> I did too. it's under /mnt/nextclouddata

--Put your Nextcloud in maintenance mode
-> not sure how to do this but I guess I can figure it out

--Copy everything under the actual "data" directory to that single dataset
-> that's actually not needed since it's a clean install and there's no data in this directory yet

--Ensure that everything is owned by the proper user for Nextcloud to operate (www or www-data or whatever you use)
-> so I do a chown www:www /mnt/nextclouddata

--Unmount the multiple datasets from your jail as you use them now
-> no datasets there yet, since it's a clean install

--Remount that single dataset as the "data" directory -> I guess that's where I am struggling right now, since I am using the nextcloud plugin from FreeNAS. And unlike the nextcloud plugin from FreeNAS 11.2 you don't have the option to set up the path of the data directory right after installation. With this new Plugin, the data directory is automatically set to /usr/local/www/nextcloud/data/ within the nextcloud jail.
Is there any way to change it after installation?

--Put back your Nextcloud in regular mode
--Confirm everything has been transferred properly
-> copy that

I mapped an NFS share from FreeNAS into that Docker host and that path is then mounted locally in the container by Docker

just to double check that I got you right: After mounting the NFS share locally in your docker container you are NOT adding it to nextcloud via "local external storage app" but you remap the regular nextcloud data directory which usually sits at /usr/local/www/nextcloud/data/ to the directory where your NFS share is mounted?

If I got you right, the "only" thing I need to do is to remap the original nextcloud data directory to my NFS share within the jail. (which I don't know how to do yet).


thanks in advance
macx

 

[Heracles]

Hey MacX

just to double check that I got you right: After mounting the NFS share locally in your docker container you are NOT adding it to nextcloud via "local external storage app" but you remap the regular nextcloud data directory which usually sits at /usr/local/www/nextcloud/data/ to the directory where your NFS share is mounted?

Detailed setup here is :
FreeNAS server is Atlas
Docker Host is Castor
Container is NC-Prod

In Atlas, I create a dataset (/mnt/pool/nextcloud_dataset)

Because I am a bit crazy about security, I do not share the root of the dataset to ensure hidden directories like snapshots are out of reach from Nextcloud. So in Atlas, I create a directory :
mkdir /mnt/pool/nextcloud_dataset/NFSRoot

Because Nextcloud is running from UID 33, I chown that directory, also in Atlas:
chown 33:33 /mnt/pool/nextcloud_dataset/NFSRoot

In Atlas, I share /mnt/pool/nextcloud_dataset/NFSRoot and squash all accesses to www-data (uid 33)
You do it from the GUI...

From Castor, I mount that NFS share in /mnt/atlas

When creating the NC-Prod container, I remap /mnt/atlas as /var/www/html/data because in that docker container, that is the default path for the data. (Out of scope but important, I also have docker volumes for /var/www/html/config ; /var/www/html/custom_apps ; /var/www/html/themes and /var/www/html itself. That way, it is trivial to upgrade the container without affecting anything installed or configured).

So for you to start from a clean install and a fixed path for your data directory, that ends up to (if you don't wish to go crazy as I do...) :
Create the dataset
Change ownership and permissions to your Nextcloud id which you said is www
Create that Nextcloud jail with the plugin and mounting that dataset in the right path for Nextcloud to use it as data (you said it is /usr/local/www/nextcloud/data)

From there, your brand new and vanilla empty Nextcloud service should be ready and every data you save in it should end up in that dedicated dataset (except for data that do not go to files, likes contacts and calendars which are in the database instead).

About maintenance mode : you enter maintenance mode using the occ command inside the Nextcloud jail. Command is occ maintenance:mode --on
And
occ maintenance:mode --off

But because you are not migrating from a live service, you wont need that one here.

Once you get there, you will be ready to populate your private cloud with your data. Yes, they will be on a very solid system, but remember that no system is perfect and backups are always required. So once done, I recommend you start working on your backup / restore procedure. The data part should be very easy thanks to FreeNAS, but the database will be important and that one will need to be developped.

Here, I did a complete restore test last month... and failed it. I discovered why, fixed it and did a second restore test the next day. That one succeeded.

Remember the 3-copies rules and that a backup as no value until you managed to restore it successfully.... By being aware of that, you reduce your risk of loosing data to the absolute minimum.

Good luck in your setup,

 

[macx979]

So for you to start from a clean install and a fixed path for your data directory, that ends up to (if you don't wish to go crazy as I do...) :
Create the dataset
Change ownership and permissions to your Nextcloud id which you said is www
Create that Nextcloud jail with the plugin and mounting that dataset in the right path for Nextcloud to use it as data (you said it is /usr/local/www/nextcloud/data)

Problem being is the fact, that after installation of the nextcloud plugin there's already the folder /usr/local/www/nextcloud/data populated with the default admin "ncadmin" and some other data.
When trying to mount my FreeNAS dataset to this location I get an error saying "folder to mount to has to be empty".
Same thing as in this video: https://www.youtube.com/watch?v=ETdlrNUGjZk at minute 6:13.
Mounting to another folder like data2 doesn't work either since nextcloud doesn't recognize this folder at all.

The old nextcloud plugin in FreeNAS 11.2 (which the video is refering to) had the option to change the database folder at first boot. This apparently has been changed for the ease of use. However it prevents me of using my own mounted dataset as the data folder.

I guess I gotta do it the hard way and install nextcloud not as a plugin but manually. This way I can decide on which folder is supposed to be my nextcloud data directory.

Thanks a lot for your extensive help in order to make me understand the logic of nextcloud.

Best
macx

 

[Heracles]

Hi again MacX,

I suggest you do a kind of half and half here. Go with the Docker container instead of a manual install. It will not be as single click as a jail, but not as demanding as a manual install.

1-Create your docker host

You need a linux system running docker. Should be pretty easy.

2-Confirm your docker setup is working by running Hello-World

docker run hello-world

3-Mount the dataset you wish to use for storing Nextcloud

Put it in /mnt/nextcloud_data

Ensure that this share is mounted automatically at boot by putting it in /etc/fstab. Check also your permission and be sure that UID 33 can write in it (this is the default UID for Nextcloud in that container)

4-Install Portainer as a container manager platform

Their documentation is pretty good and simple.

5-Using Portainer (or manually if you prefer doing your docker things over cli)
--Create 4 docker volumes named
cloud_root ; cloud_apps ; cloud_themes ; cloud_config

6-Download the Nextcloud docker image

docker pull nextcloud:latest from CLI or using Portainer

7-Create your container

Mount the volumes like this :
cloud_root = /var/www/html
cloud_aps = /var/www/html/custom_apps
cloud_config = /var/www/html/config
cloud_themes = /var/www/html/themes
/mnt/nextcloud_data = /var/www/html/data

Expose the port as required, here i do
8080 -> 80

Also configure the restart condition :
Restart = always

Also give a name to the container :
Name = PrivateCloud

8-Deploy the container

From there, you should be good for a first shot.

Because the volumes and paths are mounted before Nextcloud starts running, everything will end up in the right place.

Whenever you wish to do an update, just throw away the container and re-create it with the same options (do not discard the corresponding volumes of course...)

Here, your Nextcloud will run from the default local database. Possible but not ideal. If you wish, you can create yourself a MariaDB container on that host and point Nextcloud to it.

I never really liked the jails because they are too rigid, like you experience here. I consider Docker containers as the best of both world : ease of use and restricted context of a jail with the flexibility of a manual system.

Good luck setting your service,

 

[Jagdeep]

directory

Problem being is the fact, that after installation of the nextcloud plugin there's already the folder /usr/local/www/nextcloud/data populated with the default admin "ncadmin" and some other data.
When trying to mount my FreeNAS dataset to this location I get an error saying "folder to mount to has to be empty".
Same thing as in this video: https://www.youtube.com/watch?v=ETdlrNUGjZk at minute 6:13.
Mounting to another folder like data2 doesn't work either since nextcloud doesn't recognize this folder at all.

The old nextcloud plugin in FreeNAS 11.2 (which the video is refering to) had the option to change the database folder at first boot. This apparently has been changed for the ease of use. However it prevents me of using my own mounted dataset as the data folder.

I guess I gotta do it the hard way and install nextcloud not as a plugin but manually. This way I can decide on which folder is supposed to be my nextcloud data directory.

Thanks a lot for your extensive help in order to make me understand the logic of nextcloud.

Best
macx

Hi Macx, I am having the same problem that you have mentioned in this. Were you able to solve this problem and if yes how? Could you please help me out here.
Thanks.

 

[Patrick M. Hausen]

Login into the jail, rename the folder, configure your mount point, copy the data from the renamed folder to the new one, restart jail ...

 

[Jagdeep]

Login into the jail, rename the folder, configure your mount point, copy the data from the renamed folder to the new one, restart jail ...

Hi Patrick,
I did follow your instructions. I did access my server threw the tool called WinSCP, renamed the folder, created new folder "data", configured the mount points, copied the data from original folder, and restarted the jail. Now I am having this issue. I did set the same permissions for the "data" folder that I created and copied the files to. What is the solution for this error.

Thanks.

 

[Patrick M. Hausen]

You need to copy the .ocdata file as well as the others. Use an SSH login and the command line, not WinSCP.