[Solved] Folder and file access denied...so fail2ban cannot view log

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
SpookyWatcher
Level 3
Level 3
Posts: 182
Joined: Fri May 10, 2013 4:06 pm

[Solved] Folder and file access denied...so fail2ban cannot view log

Post by SpookyWatcher »

I know it's going to be a simple fix...but I cannot find the answer after 4 hours of search.

I have nextcloud running on a little server that was installed by snap. The nextcloud.log is NOT located in the /var/log/ It is located in /var/snap/nextcloud/common/nextcloud/data/nextcloud.log The second "nextcloud" directory is where the access denied begins. So I cannot get fail2ban to access that log because I have to be sudo -s just to get into those directories.

How can I get the log file accessible to fail2ban?

Code: Select all

ls -l

Code: Select all

total 4
drw-r----- 4 root root 4096 Nov 30 09:06 nextcloud

Code: Select all

ls -l

Code: Select all

total 8
drw-rw---- 7 root root 4096 Nov 30 14:58 data
drwxr-x--- 2 root root 4096 Jan  3 09:35 tmp

Code: Select all

ls -l

Code: Select all

total 144
drwxr-xr-x 10 root root   4096 Dec 19 09:05 appdata_oc1rz26caw2b
drwxr-xr-x  6 root root   4096 Nov 30 12:50 user1
drwxr-xr-x  2 root root   4096 Dec 12 19:45 files_external
-rw-r--r--  1 root root      0 Dec 12 19:45 index.html
drwxr-xr-x  4 root root   4096 Nov 30 09:14 user2nextcloudadmin
-rw-r-----  1 root root 119034 Jan  5 16:04 nextcloud.log
drwxr-xr-x  6 root root   4096 Nov 30 15:44 user3
I changed the user accounts to generic "userX" for privacy

*** Edit ***
Solved it by
making the offending directories executable to others. Then the file as read only to others. Knew it was simple..just a case of too much overthinking and researching.

*** Edit 2 ***
The first solution did NOT actually solve the problem. The snap install of nextcloud has a cron job and goes through the files and folders and resets them to the correct permissions. So after 15 mins I was back at square one.

After A LOT of research I finally found the solution and posting it here in case someone comes across it.

Snap installs CANNOT write to the file system other than in their snap wrapper. So changing the nextcloud.log location to /var/log/nextcloud.log did not work because it snap nextcloud can't write to normal file system. It can however write to the /var/snap/nextcloud/ folder(s). So I changed the nextcloud.log location to there and changed it's permissions to chown www-data:www-data nextcloud.log This still was not quite enough and I had to chmod o+w nextcloud.log and chmod o+r nextcloud.log for "others" group. I really don't care if others can read and write to that log...so I thought it ok.

I had no idea that snaps could not write outside of "their" snap file system. Hope it helps someone.

Spooky

Post Reply

Return to “Newbie Questions”