Docker: Permission denied error for config directory in examples

Created on 22 May 2017  路  14Comments  路  Source: nextcloud/docker

I used the examples docker compose file and with some small modifications (domain name set) I get the following errors from the nextcloud page:

`Can't write into config directory!

This can usually be fixed by giving the webserver write access to the config directory.`

The following errors are shown on the nextcloud-fpm container console:

PHP message: {"reqId":"J8dbbzhk41yQ6bR4\/K\/+","remoteAddr":"172.18.0.6","app":"PHP","message":"fopen(\/var\/www\/html\/config\/config.php): failed to open stream: No such file or directory at \/var\/www\/html\/lib\/private\/Config.php#230","level":3,"time":"2017-05-18T19:09:06+00:00","method":"GET","url":"\/","user":"--","version":""} PHP message: {"reqId":"J8dbbzhk41yQ6bR4\/K\/+","remoteAddr":"172.18.0.6","app":"PHP","message":"chmod(): No such file or directory at \/var\/www\/html\/lib\/private\/Config.php#233","level":3,"time":"2017-05-18T19:09:06+00:00","method":"GET","url":"\/","user":"--","version":""}" while reading response header from upstream, client: 172.18.0.6, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://172.18.0.3:9000", host: "[...].ddns.net" 2017/05/18 19:09:06 [error] 5#5: *1 FastCGI sent in stderr: "PHP message: {"reqId":"J8dbbzhk41yQ6bR4\/K\/+","remoteAddr":"172.18.0.6","app":"PHP","message":"chmod(): No such file or directory at \/var\/www\/html\/lib\/private\/Log\/File.php#119","level":3,"time":"2017-05-18T19:09:06+00:00","method":"GET","url":"\/","user":"--","version":""}" while reading upstream, client: 172.18.0.6, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://172.18.0.3:9000", host: "[...].ddns.net" 2017/05/18 19:11:08 [error] 5#5: *56 FastCGI sent in stderr: "PHP message: {"reqId":"tJuu66dEOjjKrdvZuVC3","remoteAddr":"172.18.0.1","app":"PHP","message":"touch(): Unable to create file \/var\/www\/html\/config\/config.php because Permission denied at \/var\/www\/html\/lib\/private\/Config.php#229","level":3,"time":"2017-05-18T19:11:08+00:00","method":"GET","url":"\/","user":"--","version":""} PHP message: {"reqId":"tJuu66dEOjjKrdvZuVC3","remoteAddr":"172.18.0.1","app":"PHP","message":"fopen(\/var\/www\/html\/config\/config.php): failed to open stream: No such file or directory at \/var\/www\/html\/lib\/private\/Config.php#230","level":3,"time":"2017-05-18T19:11:08+00:00","method":"GET","url":"\/","user":"--","version":""} PHP message: {"reqId":"tJuu66dEOjjKrdvZuVC3","remoteAddr":"172.18.0.1","app":"PHP","message":"chmod(): No such file or directory at \/var\/www\/html\/lib\/private\/Config.php#233","level":3,"time":"2017-05-18T19:11:08+00:00","method":"GET","url":"\/","user":"--","version":""}" while reading response header from upstream, client: 172.18.0.1, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://172.18.0.3:9000", host: "172.18.0.2"

This looks like wrong permissions inside the container. (I usually would spend more time with it but I think your docker experience is better than mine and I think others would also profit from this information)

Can you help me on that and extend the readme file or an examples documentation for the things which cannot be found in an existing manual (like setting correct env vars)

question
Source
picture topas-rec

Most helpful comment

sudo docker-compose exec app chown -R www-data:www-data /var/www/html/config/

Seemed to fix it.

picture cromulus on 23 May 2017
👍7

All 14 comments

Can you try check the permissions for the mounted folder inside the container by running the following commands?

The container has to be running while you try this.

docker-compose exec app ls -al /var/www/html
docker-compose exec app ls -al /var/www/html/config
SnowMB picture SnowMB on 22 May 2017

I'll check that. (I already did this but cannot remember what the output was)

topas-rec picture topas-rec on 23 May 2017

Got it:

sudo docker-compose exec app ls -al /var/www/htmltotal 168
drwxr-x--- 15 root     www-data  4096 May 23 04:56 .
drwxr-xr-x  3 root     root      4096 May 13 00:22 ..
-rw-r-----  1 root     www-data  2635 Apr 22 06:27 .htaccess
-rw-r-----  1 root     www-data   163 Apr 22 06:27 .user.ini
drwxr-x--- 29 root     www-data  4096 Apr 22 06:29 3rdparty
-rw-r-----  1 root     www-data  8868 Apr 22 06:27 AUTHORS
drwxr-x--- 41 root     www-data  4096 Apr 22 06:27 apps
drwxr-xr-x  2 root     root      4096 May 23 04:56 config
-rw-r-----  1 root     www-data  3638 Apr 22 06:27 console.php
drwxr-x--- 16 root     www-data  4096 Apr 22 06:29 core
-rw-r-----  1 root     www-data  5353 Apr 22 06:27 cron.php
drwxr-x---  2 www-data www-data  4096 May 13 04:05 custom_apps
drwxr-xr-x  2 root     root      4096 May 23 04:55 data
-rw-r-----  1 root     www-data 40622 Apr 22 06:27 db_structure.xml
-rw-r-----  1 root     www-data   179 Apr 22 06:27 index.html
-rw-r-----  1 root     www-data  2471 Apr 22 06:27 index.php
drwxr-x---  3 root     www-data  4096 Apr 22 06:27 l10n
drwxr-x---  6 root     www-data  4096 Apr 22 06:27 lib
-rwxr-x--x  1 root     www-data   283 Apr 22 06:27 occ
drwxr-x---  2 root     www-data  4096 Apr 22 06:27 ocs
drwxr-x---  2 root     www-data  4096 Apr 22 06:27 ocs-provider
-rw-r-----  1 root     www-data  3184 Apr 22 06:27 public.php
-rw-r-----  1 root     www-data  5431 Apr 22 06:27 remote.php
drwxr-x---  4 root     www-data  4096 Apr 22 06:27 resources
-rw-r-----  1 root     www-data    26 Apr 22 06:27 robots.txt
drwxr-x--- 11 root     www-data  4096 Apr 22 06:27 settings
-rw-r-----  1 root     www-data  2110 Apr 22 06:27 status.php
drwxr-x---  3 www-data www-data  4096 Apr 22 06:27 themes
-rw-r-----  1 root     www-data   380 Apr 22 06:29 version.php

sudo docker-compose exec app ls -al /var/www/html/config
total 12
drwxr-xr-x  2 root root     4096 May 23 04:56 .
drwxr-x--- 15 root www-data 4096 May 23 04:56 ..
-rw-rw-r--  1 root root      377 May 13 04:02 apps.config.php
topas-rec picture topas-rec on 23 May 2017

I think it the ownership has to be changed to www-data as in the apache dockerfile.

topas-rec picture topas-rec on 23 May 2017

Strange is that the dockerfile of 11.0-fpm has commands for owning the nextcloud directories.

topas-rec picture topas-rec on 23 May 2017

I have the same error.

cromulus picture cromulus on 23 May 2017 
sudo docker-compose exec app chown -R www-data:www-data /var/www/html/config/

Seemed to fix it.

cromulus picture cromulus on 23 May 2017
👍7

Also had to do this:
sudo docker-compose exec app chown -R www-data:www-data /var/www/html/data/

cromulus picture cromulus on 23 May 2017

Thanks for testing.
Doing that in addition seems the wrong way. I ask myself how this can be already done in the compose or docker file?

topas-rec picture topas-rec on 23 May 2017

It seems to be a problem with the mounted folders. By default in docker folders are mounted as root:root.

We recently changed the entrypoint script and removed the a chown statement. That might cause the trouble. For now use @cromulus workaround.

We'll have to double check this, because the example directory is also outdated.
If you just started using nextcloud in docker please read the persitant data section of #53 carefully. You have to add the whole /var/www/html folder as volume/mount, too.

SnowMB picture SnowMB on 23 May 2017

Okay thank you for explaining I'll work with the workaround and looking forward to see how this can be fixed. Perhaps I'll give it a try in the entry point script by merging from older versions.

topas-rec picture topas-rec on 24 May 2017

So I just reproduced this bug. It is indeed the problem of mounting the directories.

Can you have a look @tilosp ?

SnowMB picture SnowMB on 26 May 2017

I also ran the example from https://github.com/nextcloud/docker/blob/master/.examples/docker-compose.yml and got the same permission denied error. Interestingly, the error disappeared as soon as i mounted the database volume from another directory outside the nextcloud folder. I changed this

db:
...
  volumes:
    - ./nextcloud/db:/var/lib/mysql

into 

db:
...
  volumes:
    - ./db:/var/lib/mysql

Unfortunately, now i get a warning from the mariadb container, which i think didn't come up before:

db                       | 2017-06-08  7:52:11 140698246444800 [Note] InnoDB: Dumping buffer pool(s) not yet started
db                       | 
db                       | PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
db                       | To do so, start the server, then issue the following commands:
db                       | 
db                       | '/usr/bin/mysqladmin' -u root password 'new-password'
db                       | '/usr/bin/mysqladmin' -u root -h  password 'new-password'

Apparently the root password isn't set anymore, even i provided one in the docker-compose file.
Even if i reset and delete all mounted volume folders, this message persists.
Any ideas?

malteneuss picture malteneuss on 8 Jun 2017

Just ran into this issue.

A typical solution in this scenario is to map the UID and GID of the www-data user in the container to the UID and GID of the user that owns the file on the host.

cwilby picture cwilby on 3 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mahnunchik picture mahnunchik  路  3Comments
pierreozoux picture pierreozoux  路  3Comments
all-the-good-ones-are-gone picture all-the-good-ones-are-gone  路  3Comments
nthack picture nthack  路  3Comments
k1ngf15h3r picture k1ngf15h3r  路  3Comments