Nextcloud: External Samba or Home Path Mountpoints Not Accessible Due to Permission Overwrite Behavior
Problem
In some environments, Nextcloud users cannot access external Samba shares or Home paths.
The following error message may appear in the web interface:
Mountpoint unaccessible, check the settings for the mountpoints
This issue typically occurs when the Nextcloud permissions_overwrite app or related permission-handling features interfere with the interpretation of external storage permissions.
Background Information
Nextcloud includes several mechanisms that affect how permissions are evaluated on internal and external storage.
Understanding these mechanisms helps to diagnose access problems.
Permissions Overwrite
The Permissions Overwrite feature (provided by the permissions_overwrite app) allows administrators to override how Nextcloud interprets file and folder permissions, especially for external storage such as Samba shares.
Note:
This feature does not modify the actual permissions on the external storage server.
It only affects how Nextcloud interprets those permissions internally.
Key Concepts for Permission Overwrites
1. Group Folders with Advanced Permissions
- The Group Folders app provides fine-grained permission management within shared folders.
- Enabling Advanced Permissions allows administrators to define detailed access rights for users and groups.
Default Behavior:
- A deny permission set at the group folder level cannot be overridden by advanced permissions.
Exception:
- If a user belongs to multiple groups with conflicting advanced permissions, an allow permission may override a deny.
2. permissions_overwrite App
- A separate app designed to override Nextcloud’s detection of external storage permissions.
- Useful in cases where Nextcloud incorrectly interprets the permissions reported by external systems (e.g., Samba shares, NFS mounts).
- It only changes how Nextcloud sees the permissions; it does not alter the actual filesystem permissions on the remote server.
3. Access Control Rules
The Files Access Control app can restrict file access based on:
- IP address,
- user group membership,
- tags, or
- other criteria.
These rules are separate from file permissions and can independently deny access to certain resources.
Workaround
If external mounts such as Samba shares or Home paths become inaccessible due to permission overwrites, temporarily disabling the permissions_overwrite app may resolve the issue.
-
Enter the Nextcloud app container:
univention-app shell nextcloud -
Disable the
permissions_overwriteapp:sudo -u www-data /var/www/html/occ app:disable permissions_overwriteExample output:
permissions_overwrite 0.1.15 disabled
After disabling the app, reload the Nextcloud web interface and re-test access to the external storage mountpoints.
Additional Information
If needed, the permissions_overwrite app can later be reinstalled and re-enabled:
sudo -u www-data /var/www/html/occ app:install permissions_overwrite
Example output:
permissions_overwrite 0.1.15 installed
permissions_overwrite enabled
Summary
| Situation | Recommended Action |
|---|---|
| External Samba shares or home paths show “Mountpoint unaccessible” | Disable the permissions_overwrite app |
| Need to reapply permission overrides after issue resolution | Reinstall or re-enable permissions_overwrite |
| Conflicts in Group Folder permissions | Review advanced permissions and group membership |