Setting strong permissions. Questions about OC Guide

strapt · November 4, 2016, 9:18pm

Please help us by providing the following info. Before posting please also check the pinned "Known issues" threads and make sure that you're running the latest available version for your oC release: https://owncloud.org/changelog/

Now I know that permissions is Ubuntu related ... but this is more clarification about the OC guide about permissions.

Steps to reproduce
1. run chmod 0750 for the data dir
2. the permissions change to drwxr-x---

Expected behaviour
Tell us what should happen

https://doc.owncloud.org/server/9.0/admin_manual/installation/installation_wizard.html#strong-perms-label

as in the guide is says this:

 All directories should be executable (because directories always need the executable bit set), read-write for the directory owner, and read-only for the group owner

but when I run the chmod 0750 it changes permissions to drwxr-x---

This doesnt seem right? at least not by what the guide says anyhow for the directories.

shouldnt it be chmod 740 for the directories?

since it sets the permissions to drwxr-----

isnt this one the one that matches what the guide says the directories should be?

so my questions are:

is the guide wrong on the permissions?

should I be using chmod 740 for the directories in owncloud?

also when changing the permissions for the directory is it only supposed to change the permissions for the directory itself or for the contents of the directory too?

Server configuration
Operating system: Ubuntu 16.0.4 server
Web server:
Database: Mysql
PHP version: 7
ownCloud version (see ownCloud admin page): 9.1.1
Updated from an older ownCloud or fresh install: fresh install
Special configuration (external storage, external authentication, reverse proxy, server-side-encryption): none except HTTPS

Integrity status for oC9+

Login as admin user into your ownCloud and access
http://example.com/index.php/settings/integrity/failed
paste the results here.

No errors found

anon30676603 · November 4, 2016, 9:52pm

Hi,

750 permissions are fine (read-write-execute for user, read-execute for group) and the documentation is absolutely correct. You can read into linux permissions here to understand why 750 is used:

strapt · November 4, 2016, 10:11pm

@RealRancor

Thanks for the link. I have been looking at that one and others since last night.

Maybe I am taking that guide too literal. When it says that all directories should be drwxr--- does it really mean every directory in /ownclod?

on my test system I have run the find /var/www/owncloud -type d -exec chmod 750 {} +

and this kills the system and prevents access.

however if I run 755 I get access to the website back

so it seems like the other users need at least a 5 in order for the website to work

but the guide says that the others need to be set to nothing .. so this is why I am confused

also when i run

find /var/www/owncloud -type d -print0 | xargs -0 chmod 0750

it also kills access to owncloud

anon30676603 · November 4, 2016, 10:38pm

Hi,

if 755 is needed then you have used the wrong user in the permission script.

strapt · November 4, 2016, 10:58pm

oh ok so its the user in the script then.

well that post from yesterday is why I was asking where I could find the htuser and htgroup to make sure I was doing it right.

I have looked online and I cant find where to find that information at. Do you by chance have any idea? other than the phhinfo.info route since that for whatever reason does not work.

anon30676603 · November 4, 2016, 11:01pm

The phpinfo.php route is the most reliable one so try to get this to work. I think the people at http://www.apachelounge.com/ or https://ubuntuforums.org/ might help you further

strapt · November 4, 2016, 11:36pm

ok thanks again for the help @RealRancor

I just found this in /etc/apache2/envvars

export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data

now if this is accurate that is what I was using for the htuser and htgroup in the script

its interesting because when i ran that script with the www-data www-data and changed my ocdata path

It said a whole bunch of dir couldnt be found.. But yet im looking straight at them in Terminal at that path

my owncloud path is

/var/www/owncloud

this is where apps, assets, config, data, themes, .htaccess and updater are at

also /owncloud/data is where .htaccess is at

However when I run the script I get that apps, assests, config, data, themes, updater: no such file or directory.

Here is what I ran

#!/bin/bash
ocpath='/var/www/owncloud'
htuser='www-data'
htgroup='www-data'
rootuser='root'
printf "Creating possible missing Directories\n"
mkdir -p $ocpath/data
mkdir -p $ocpath/assets
mkdir -p $ocpath/updater
printf "chmod Files and Directories\n"
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
printf "chown Directories\n"
chown -R ${rootuser}:${htgroup} ${ocpath}/
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
chown -R ${htuser}:${htgroup} ${ocpath}/assets/
chown -R ${htuser}:${htgroup} ${ocpath}/config/
chown -R ${htuser}:${htgroup} ${ocpath}/data/
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
chown -R ${htuser}:${htgroup} ${ocpath}/updater/
chmod +x ${ocpath}/occ
printf "chmod/chown .htaccess\n"
if [ -f ${ocpath}/.htaccess ]
 then
  chmod 0644 ${ocpath}/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
fi
if [ -f ${ocpath}/data/.htaccess ]
 then
  chmod 0644 ${ocpath}/data/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
fi

This looks right to me for where the directories are at along with the .htaccess

is there something that I am missing here?