Permission issues using mounts for app data storage

3246

I've got the following setup and would like to use an external share mounted locally on the root file system of Cloudron for the data folder of an app:

• VirtualBox host
• Ubuntu 20.04 guest with Cloudron
• Sharing folders from VBox to Cloudron and mounting via fstab
• The share is mounted on /mnt/test and is owned by yellowtent

I tried moving the data folder for both NextCloud and Cubby, which results in the data being successfully moved to the new home.

However, in NextCloud's case it is unable to start the app as it fails to set a symlink:
ln: failed to create symbolic link '/app/data/core': Operation not permitted

In Cubby, the app runs but you cannot create or edit anything:
POST /api/v1/files?path=%2Ftest&access_token=<redacted>&directory=true 500 Internal Server Error EACCES: permission denied, mkdir '/app/data/data/axel/test'

Cubby looks ace by the way and I am looking to use it instead NextCloud

3246

I've also tried to mount an external hard disk, rather than a network share (CIFS or VBox), which worked. Not sure what I am doing wrong

I used the Volumes GUI to mount the EXT4 HDD and then changed the NextCloud app data folder to /mnt/volumes/<IDofDisk> as shown in the Volumes list. No issues starting the app.

This is great, however, I want to mount my local RAID instead of plumbing in an external disk.

3246

Tried a manually mounted CIFS share with Cubby and while I can create folders and files from the GUI, I cannot upload anything:

[Error: EPERM: operation not permitted, copyfile '/tmp/YFfTJOFQlEjjf-s25ipOWhAM.png' -> '/app/data/data/axel/test/wordpress.png'] { errno: -1, code: 'EPERM', syscall: 'copyfile', path: '/tmp/YFfTJOFQlEjjf-s25ipOWhAM.png', dest: '/app/data/data/axel/test/wordpress.png' }

The share was mounted using this:
mount -t cifs -o username=<user>,password="<password>",rw,iocharset=utf8,file_mode=0666,dir_mode=0777,uid=yellowtent,gid=yellowtent //192.168.2.3/test /mnt/test

Anything I upload directly via Samba shows in Cubby, I can create folders but not files using the Cubby interface and uploading anything results in an error.

Me creating a text file using the GUI and failing:
POST /api/v1/files?path=%2Ftest.txt&access_token=<redacted> 500 Internal Server Error EPERM: operation not permitted, copyfile '/tmp/XVKWw1b47ceh3aTgzcJPEIxe' -> '/app/data/data/axel/test.txt'

Should I be filing this in the git repo as a defect instead of posting here

nebulon

@3246 this is the correct place, the team is just not very active over the holidays at the moment we will get to it.

Maybe one pointer for you to further investigate if you want, the users and groups from the host system (yellowtent) are not usually mapped the same way in the app containers, so I suspect this causing some issue. Most apps have a chown command in the start.sh but this usually only refers to /app/data within the app, not the volumes...which might be the main issue, but I would have to take more time here.

girish

Wondering where we are with this. @3246 do you need help on this?

Jan Macenka

Having a similar issue right now and would need help getting my setup to work.

My Setup:

Everything is running on my physical Server with 2xSSD and 1x NVMe.

Proxmox as Virtualzation pattform running "bare-metal" on the Server taking the NVMe Disk.

1x VM operating TrueNAS as a virtualized NAS wich recieves the 2xSSDs as pass-through and serves these out via NFS + SMB (CIFS), Intention is that the NAS is accessable as such in my Home-Network and can also hold the "slower" kind of data of the Cloudron-Space.

1x VM operating Cloudron, my intention is to have NextCloud inside Cloudron and mount the "Networkshares" to have the data there.
Have declared the Networkshares as Shares directly in Cloudron and am able to move the data-partitions of some other Apps (not NextCloud) over there.

For the NextCloud-App, I mounted the Data-Networkshare as a volume to the app, so its visible under /media/myNASdataShare but "obviously" its owned by rootand not yellowtent or www-data. Inside the NextCloud App, I can declare it as an External-Storage of type local, can see alt he data and can read from it but can not manipulate these. I was wondering wether this was due to a root_squash flag inside Cloudron for the mount but then it should not be possible to move other App-Data to the NFS-Share.

Maybe there is something similar happening inside the NextCloud-App-Container.

My goal:
Being able to use (read/write) the NFS-Shares which are properly configured to be consumed by other clients inside NextCloud.

Any Ideas on what I could do or where I should look?

Thanks in advance for your support!

girish

@Jan-Macenka for permission related issues, I had created https://docs.cloudron.io/volumes/#sharing perviously. Can you check that section ?

Jan Macenka

@girish said in Permission issues using mounts for app data storage:

@Jan-Macenka for permission related issues, I had created https://docs.cloudron.io/volumes/#sharing perviously. Can you check that section ?

Thanks for the quick answer. Will look into the suggested work-around tomorrow!

3246

@girish thanks for your patience... only just noticed this! All is good on my end and moved to a cloud-based node for my Cloudron.

Jan Macenka

@girish since it worked with my other NAS, I am pretty confident now that it is rather a Permission-Issue on the TrueNAS-Side which I dont understand well enough as of yet.

Thanks for the link!