Your Data directory is not writable by ownCloud


#1

Hi,

Since a restore serveur Owncloud 10.0.4 on my VMware solution. I have this message in the index page :

Your Data directory is not writable by ownCloud
Le problème de permissions peut généralement être résolu en donnant au serveur web un accès en écriture au répertoire racine
(I'm french, nobody is perfect !:wink:

The data folder is on the second hard disk. It's mount correctly, The user "apache" can read/write on it.

[root@ocloud odata]# ll
total 20
drwxrwx---. 31 apache apache 4096 30 mars 14:11 data
drwx------. 2 apache apache 16384 24 janv. 11:38 lost+found

Do you have a idea ?

Thanks in advance.


#2

Hi,

how did you change the data dir?

did you follow this:

https://doc.owncloud.com/server/10.0/admin_manual/maintenance/manually-moving-data-folders.html?highlight=data%20directory

what is your config.php?

what is in your oc_storages table?

Can you look in your owncloud.log file and check what directory owncloud is trying to access and failing?


#3

Hi,
Thanks for your awnser.
No, I don't move the directory.

The folder ocdata is a mount :

/dev/sdb1 /media/odata ext3 defaults 0 0

The log file is on the ocdata ? how I can move it ?


#4

well, default dir is /owncloud/data - > so you had to move the data dir :slight_smile:


#5

Yes, when a setup owncloud.
History:
1/Setup VM centos and install owncloud with data on /media/odata. and it worked perfectly
2/Stop vm
3/Export vm
4/ exployed vm / Start it and I have this message in my browser : Your Data directory is not writable by ownCloud.

The config.php

<?php
$CONFIG = array (
'updatechecker' => false,
'instanceid' => 'oc7vnt828mdn',
'passwordsalt' => 'oukSZdymAX/M5I0b7kAETSEtDbOO9QVx',
'secret' => 'H2BskcGMz+HkofHHu8UZKfUoId79fR36ubbe70Z19FWj1n2vAn',
'trusted_domains' =>
array (
0 => 'ocloud',
),
'datadirectory' => '/media/odata/data',
'overwrite.cli.url' => 'https://ocloud/owncloud',
'dbtype' => 'mysql',
'version' => '10.0.4.4',
'dbname' => 'oclouddb',
'dbhost' => 'localhost',
'dbtableprefix' => 'oc_',
'dbuser' => 'oclouddbuser',
'dbpassword' => 'XXXXXXX',
'logtimezone' => 'UTC',
'installed' => true,
'ldapIgnoreNamingRules' => false,
'loglevel' => 3,
);


#6

can you execute this command to be sure:

chown -R apache:apache <and your data dir>

also this:

what is in your oc_storages table?

Can you look in your owncloud.log file and check what directory owncloud is trying to access and failing?


#7

After chown it is the same thing

MariaDB

The log file is in the oc data directory, It doesn't update since the issu.
I try with this parameters in the config.php

'log_type' => 'syslog',
But, I saw no log from owncloud..
I tried :
'logfile' => '/var/log/owncloud.log',
No file was create when a restart apache and try to acces on onwcloud.

I don't understand why my VM backup daosn't work...


#8

Can you tell me how you installed ownCloud and how you exported and imported the vm?

Maybe I would be able to recreate your setup and find the error


#9

For export/import VM I used the vsphere client, VM shutdown.

there are this error in the message.log

Apr 5 09:59:27 ocloud setroubleshoot: SELinux is preventing httpd from write access on the directory data. For complete SELinux messages run: sealert -l 50a3a6d4-4d85-431b-9718-b10c7314c7b4
Apr 5 09:59:27 ocloud python: SELinux is preventing httpd from write access on the directory data.#012#012***** Plugin catchall_labels (83.8 confidence) suggests *******************#012#012If you want to allow httpd to have write access on the data directory#012Then you need to change the label on data#012Do#012# semanage fcontext -a -t FILE_TYPE 'data'#012where FILE_TYPE is one of the following: abrt_retrace_spool_t, apcupsd_cgi_ra_content_t, apcupsd_cgi_rw_content_t, awstats_ra_content_t, awstats_rw_content_t, bugzilla_ra_content_t, bugzilla_rw_content_t, cert_t, cifs_t, collectd_ra_content_t, collectd_rw_content_t, cvs_ra_content_t, cvs_rw_content_t, dirsrv_config_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_config_t, dirsrvadmin_ra_content_t, dirsrvadmin_rw_content_t, dirsrvadmin_tmp_t, dspam_ra_content_t, dspam_rw_content_t, git_ra_content_t, git_rw_content_t, httpd_cache_t, httpd_log_t, httpd_squirrelmail_t, httpd_sys_content_t, httpd_sys_ra_content_t, httpd_sys_rw_content_t, httpd_tmp_t, httpd_tmpfs_t, httpd_user_content_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_var_lib_t, httpd_var_run_t, ipa_cert_t, ipa_var_run_t, jetty_cache_t, jetty_log_t, jetty_var_lib_t, jetty_var_run_t, keystone_cgi_ra_content_t, keystone_cgi_rw_content_t, krb5_host_rcache_t, man2html_ra_content_t, man2html_rw_content_t, mediawiki_ra_content_t, mediawiki_rw_content_t, mediawiki_tmp_t, mirrormanager_var_run_t, mojomojo_ra_content_t, mojomojo_rw_content_t, munin_ra_content_t, munin_rw_content_t, mythtv_ra_content_t, mythtv_rw_content_t, nagios_ra_content_t, nagios_rw_content_t, nutups_cgi_ra_content_t, nutups_cgi_rw_content_t, openshift_ra_content_t, openshift_rw_content_t, passenger_tmp_t, passenger_var_run_t, pki_ra_etc_rw_t, pki_ra_log_t, pki_ra_var_lib_t, pki_tps_etc_rw_t, pki_tps_log_t, pki_tps_var_lib_t, prewikka_ra_content_t, prewikka_rw_content_t, smokeping_cgi_ra_content_t, smokeping_cgi_rw_content_t, squid_ra_content_t, squid_rw_content_t, squirrelmail_spool_t, systemd_passwd_var_run_t, tmp_t, tmpfs_t, user_tmp_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_t, w3c_validator_ra_content_t, w3c_validator_rw_content_t, webalizer_ra_content_t, webalizer_rw_content_t, zarafa_var_lib_t, zoneminder_ra_content_t, zoneminder_rw_content_t, zoneminder_var_lib_t.#012Then execute:#012restorecon -v 'data'#012#012#012***** Plugin catchall (17.1 confidence) suggests **************************#012#012If you believe that httpd should be allowed write access on the data directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'httpd' --raw | audit2allow -M my-httpd#012# semodule -i my-httpd.pp#012

And

[root@ocloud /]# sealert -l 50a3a6d4-4d85-431b-9718-b10c7314c7b4
SELinux is preventing httpd from write access on the directory data.

***** Plugin catchall_labels (83.8 confidence) suggests *******************

If you want to allow httpd to have write access on the data directory
Then l'étiquette sur data doit être modifiée.
Do

semanage fcontext -a -t FILE_TYPE 'data'

où FILE_TYPE est l'une des valeurs suivantes : abrt_retrace_spool_t, apcupsd_cgi_ra_content_t, apcupsd_cgi_rw_content_t, awstats_ra_content_t, awstats_rw_content_t, bugzilla_ra_content_t, bugzilla_rw_content_t, cert_t, cifs_t, collectd_ra_content_t, collectd_rw_content_t, cvs_ra_content_t, cvs_rw_content_t, dirsrv_config_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_config_t, dirsrvadmin_ra_content_t, dirsrvadmin_rw_content_t, dirsrvadmin_tmp_t, dspam_ra_content_t, dspam_rw_content_t, git_ra_content_t, git_rw_content_t, httpd_cache_t, httpd_log_t, httpd_squirrelmail_t, httpd_sys_content_t, httpd_sys_ra_content_t, httpd_sys_rw_content_t, httpd_tmp_t, httpd_tmpfs_t, httpd_user_content_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_var_lib_t, httpd_var_run_t, ipa_cert_t, ipa_var_run_t, jetty_cache_t, jetty_log_t, jetty_var_lib_t, jetty_var_run_t, keystone_cgi_ra_content_t, keystone_cgi_rw_content_t, krb5_host_rcache_t, man2html_ra_content_t, man2html_rw_content_t, mediawiki_ra_content_t, mediawiki_rw_content_t, mediawiki_tmp_t, mirrormanager_var_run_t, mojomojo_ra_content_t, mojomojo_rw_content_t, munin_ra_content_t, munin_rw_content_t, mythtv_ra_content_t, mythtv_rw_content_t, nagios_ra_content_t, nagios_rw_content_t, nutups_cgi_ra_content_t, nutups_cgi_rw_content_t, openshift_ra_content_t, openshift_rw_content_t, passenger_tmp_t, passenger_var_run_t, pki_ra_etc_rw_t, pki_ra_log_t, pki_ra_var_lib_t, pki_tps_etc_rw_t, pki_tps_log_t, pki_tps_var_lib_t, prewikka_ra_content_t, prewikka_rw_content_t, smokeping_cgi_ra_content_t, smokeping_cgi_rw_content_t, squid_ra_content_t, squid_rw_content_t, squirrelmail_spool_t, systemd_passwd_var_run_t, tmp_t, tmpfs_t, user_tmp_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_t, w3c_validator_ra_content_t, w3c_validator_rw_content_t, webalizer_ra_content_t, webalizer_rw_content_t, zarafa_var_lib_t, zoneminder_ra_content_t, zoneminder_rw_content_t, zoneminder_var_lib_t.
Puis exécutez :
restorecon -v 'data'

***** Plugin catchall (17.1 confidence) suggests **************************

If vous pensez que httpd devrait être autorisé à accéder write sur data directory par défaut.
Then vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Do
allow this access for now by executing:

ausearch -c 'httpd' --raw | audit2allow -M my-httpd

semodule -i my-httpd.pp

Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context unconfined_u:object_r:unlabeled_t:s0
Target Objects data [ dir ]
Source httpd
Source Path httpd
Port
Host ocloud
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-166.el7_4.7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name ocloud
Platform Linux ocloud
3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4
01:06:37 UTC 2018 x86_64 x86_64
Alert Count 19
First Seen 2018-04-05 09:30:57 CEST
Last Seen 2018-04-05 10:01:17 CEST
Local ID 50a3a6d4-4d85-431b-9718-b10c7314c7b4

Raw Audit Messages
type=AVC msg=audit(1522915277.192:225): avc: denied { write } for pid=11888 comm="httpd" name="data" dev="sdb1" ino=5701633 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=dir

Hash: httpd,httpd_t,unlabeled_t,dir,write


#10

Can you have a look in the owncloud.log?

It should be in your data directory


#11

The owncloud.log is enpty, apache can't write.

Your Data directory is not writable by ownCloud


#12

If SELinux is the issue then i think you can try to disable it temporary:

https://central.owncloud.org/t/unable-to-create-folder-redis-server-went-away/12718/3

If that works and ownCloud can write into it again then you probably need to find some one helping you to correct the SELinux rules like e.g. suggested here:

https://central.owncloud.org/t/unable-to-create-folder-redis-server-went-away/12718/6


#13

Thanks Tom42

After "setenforce 0" I can again acces on my owncloud.

Where I can find the log of selinux ?


#14

I think for such questions you should have a look at the manual / man pages of your linux distro. Those doesn't look like related to ownCloud.


#15

I try :
chcon -t httpd_sys_rw_content_t /media/odata -R
and "setenforce 1". and it's working !!!

But the Ldap authentification doen't work !


#16

I don't think that it is advised to start with a new problem in the same thread.

Doesn't work is something which i think is also no good issue description.