Restoring file permissions for the Nextcloud container

Running Nextcloud as a container has some quirks, but it’s an easy task. One thing you have to keep in mind is that the Nextcloud container isn’t 100% stateless. That’s the reason why you should mount a volume to the container under a /var/www/html path.

Making a backup for such an installation isn’t complicated. Often, it’s just creating a copy from that volume. You can also choose to compress that data before uploading it to another server or S3. Restoring such data has one problem – you can lose original file permissions.

My recent case

Recently I decided to move an entire OS to the SSD on my RPi 4B. As a system administrator, my preferred way of changing things is to remove everything and bring it back with scripts that created everything in the first place. All services (MySQL database is an exception) are inside containers that are provisioned by Terraform.

resource "docker_container" "nextcloud_fpm" {
  name    = "nextcloud-fpm"
  image   = "nextcloud:24-fpm"
  restart = "always"

  networks_advanced { ... }

  host { ... }

  volumes {
    container_path = "/var/www/html"
    read_only      = false
    host_path      = "/home/pi/nextcloud/html"

  env = [ ... ]
Fragment of code defining volume mount for the Nextcloud container

To keep things simple, I copied the entire /home/pi/nextcloud/html catalog to my PC with rsync. After bringing back the MySQL database on a new disk, I copied those files back to the same path on the RPi and started the Nextcloud container.

However, the Nextcloud container was responding only with an internal server error. There were no logs from Nextcloud, and php-fpm showed only "GET /index.php" 500. File ownership was lost for all files during the creation of the copy of Nextcloud data from one computer to another.

By default, Nginx, apache, and php-fpm (and probably any other HTTP server software) use a www-data user in Linux. It’s a long-going standard, mainly for security reasons. So, to repair my Nextcloud, I had to restore that file ownership. Freshly started Nextcloud container assigns entire /var/www/html directory to the www-data user and www-data user group.

Final solution/tl;dr

# Depends on the container image you are using

CONTAINER="$(docker ps | grep $IMAGE_NAME | awk '{ print $1 }')"

docker exec -it $CONTAINER chown -R www-data:www-data /var/www/html

Other problems

  1. If you created a new database user or changed the password to the database remember to change it also inside /var/www/html/config/config.php the configuration file.