I followed your youtube video exactly. and I have it all working (for the most part).
i have a raspberry pi with ubuntu server installed on and a qnap nas on the same network. i also have a web domain name all setup properly as well as a next cloud account that is accessible via the web domain name outside my local netowork.
what i cannot do is from within the next cloud app or next cloud web browser interface is create new folders or add files onto the qnap. its gives me errror 403, you dont have permission.
i am using a qnap nas drive. i can move files to the directories via terminal window from the PI. and they do show up in the next cloud browser and app. and i can view and download the files.
i just cant move anything into the qnap drive from the next cloud browser or NC app. it just errors and wont allow me to create a new folder.
I have all the permissions set in the qnap to allow the raspberry pi IP address access to NFS.
the other strange thing is when i try to mount the qnap folder directories in a terminal i get a error saying the folder doesn’t exist. i have the mount commands in the /etc/fstab file. So when I type “sudo mount -a” the qnap directories are mounted just fine and i can navigate through them and see files etc… in a terminal, this also makes them available to NC so they then will show up on NC browser and app
i have searched everywhere for a solution but im at the end of the internet at this point. and i dont have enough linux experience yet, so maybe im asking the wrong question, the wrong way? thanks for the help.
I think the issue is permissions-related, specifically ownership. On the QNAP itself, it’s going to most likely have a user that is the owner of the folder that Nextcloud is trying to write to. For example, if you created a “nextcloud” user on the QNAP and that user has read/write access, then generally that same user would need to exist on the Nextcloud device itself - or you can try to edit idmapd.conf on the Nextcloud server to try and map the user on the Nextcloud server to the appropriate user on the QNAP. Otherwise, it’s likely going to use user ID numbers, which are almost never able to match.
Nextcloud is typically running as the webserver user, typically the “www-data” user most of the time. If the www-data user had an UID number of 456 (for example) the NFS server is receiving a request to write to the folder from a user ID of 456, and if it doesn’t recognize that user (and/or that user doesn’t even exist) it’s going to fail.
idmapd is a way to try to map user ID numbers to match, it’s a config file you can edit. Perhaps the easiest way to solve it, is to create a “nextcloud” user on the QNAP, give it full rights to that share, and ensure the user ID mapping on the Nextcloud server is mapping the www-data user to the nextcloud user on the QNAP.
Alternatively, in the NFS settings to the QNAP you can get around this by allowing full read/write permission by everyone, but lock it down to the IP of the Nextcloud server. That way, even though it’s wide open, only the Nextcloud server can write to the share. It’s not the preferred approach, as there are still a few security issues with this, but if your Nextcloud server is not public, it should be fine.
thanks for the reply. i think i understand what you are saying. what is a bit perplexing is that you can mount the qnap as a external drive on the server and access it with no fooling around. but when next cloud wants to access it then it becomes a permissions problem. i dont think i’ll mess with the user ID’s that just seems like alot of extra work. its almost as though you should add another user on the ubuntu server solely for NC to login as. but im new and getting to this point was above my experience as it is.
that said your video was informative enough to get a person like myself with zero linux expierience up and running.
I would like to add that I did stumble around with domain setup and port forwarding etc… which was not covered in the video. this i feel is a very important for people to understand, possibly it would be a good topic for you to cover along with NC setup so people arent setting up servers that have high risk security. I had to piece together this info from multiple sources and I still am unsure if im secure at this point
I agree that port forwarding and external access is a good topic, but it’s somewhat difficult to cover - most people have different routers or firewalls, so the difficult part is covering it in a way that it would work for most people. There’s so few standards in network device user interfaces.
I do plan on covering it, I have to find the best angle that would be the most helpful.