[Bug]: Warning - `AppManger::checkAppForUser - can't decode group IDs` - Update to 29.0.2

[Joly0]

⚠️ This issue respects the following points: ⚠️

• [X] This is a bug, not a question or a configuration/webserver/proxy issue.
• [X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• [X] I agree to follow Nextcloud's Code of Conduct.

Bug description

My log is spammed with this error "Warning - no app in context" (like 10-20 per second)

Steps to reproduce

1. Update from Nextcloud-AIO latest to Beta
2. Update from 29.0.0 to 29.0.2
3. Nothing else

Expected behavior

Should work without any issues

Installation method

Official All-in-One appliance

Nextcloud Server version

29

Operating system

Other

PHP engine version

PHP 8.3

Web server

Apache (supported)

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

Updated from a MINOR version (ex. 22.1 to 22.2)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• [X] Default user-backend (database)
• [ ] LDAP/ Active Directory
• [ ] SSO - SAML
• [ ] Other

Configuration report

/var/www/html # sudo -u www-data php occ config:list system

Warning: Failed to set memory limit to 0 bytes (Current memory usage is 2097152 bytes) in Unknown on line 0
The current PHP memory limit is below the recommended value of 512MB.
{
    "system": {
        "one-click-instance": true,
        "one-click-instance.user-limit": 100,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "appsallowlist": false,
        "check_data_directory_permissions": false,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "overwritehost": "nextcloud.example.com",
        "overwriteprotocol": "https",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "nextcloud.example.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "29.0.2.2",
        "overwrite.cli.url": "https:\/\/nextcloud.example.com\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "updatedirectory": "\/nc-updater",
        "loglevel": "2",
        "app_install_overwrite": [
            "nextcloud-aio"
        ],
        "log_type": "file",
        "logfile": "\/var\/www\/html\/data\/nextcloud.log",
        "log_rotate_size": "10485760",
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "jpeg_quality": "60",
        "enabledPreviewProviders": {
            "1": "OC\\Preview\\Image",
            "2": "OC\\Preview\\MarkDown",
            "3": "OC\\Preview\\MP3",
            "4": "OC\\Preview\\TXT",
            "5": "OC\\Preview\\OpenDocument",
            "6": "OC\\Preview\\Movie",
            "7": "OC\\Preview\\Krita",
            "0": "OC\\Preview\\Imaginary"
        },
        "enable_previews": true,
        "upgrade.disable-web": true,
        "mail_smtpmode": "smtp",
        "default_phone_region": "DE",
        "trashbin_retention_obligation": "auto, 30",
        "versions_retention_obligation": "auto, 30",
        "activity_expire_days": "30",
        "simpleSignUpLink.shown": false,
        "share_folder": "\/Shared",
        "one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
        "upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
        "maintenance_window_start": 100,
        "allow_local_remote_servers": true,
        "davstorage.request_timeout": 3600,
        "htaccess.RewriteBase": "\/",
        "dbpersistent": false,
        "auth.bruteforce.protection.enabled": true,
        "ratelimit.protection.enabled": true,
        "files_external_allow_create_new_local": false,
        "defaultapp": "files",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
        "preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
        "mail_sendmailmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl"
    }
}
/var/www/html #

List of activated Apps

/var/www/html # sudo -u www-data php occ app:list

Warning: Failed to set memory limit to 0 bytes (Current memory usage is 2097152 bytes) in Unknown on line 0
The current PHP memory limit is below the recommended value of 512MB.
Enabled:
  - activity: 2.21.1
  - admin_audit: 1.19.0
  - app_api: 2.6.0
  - bruteforcesettings: 2.9.0
  - calendar: 4.7.6
  - circles: 29.0.0-dev
  - cloud_federation_api: 1.12.0
  - comments: 1.19.0
  - contacts: 6.0.0
  - contactsinteraction: 1.10.0
  - dav: 1.30.1
  - deck: 1.13.0
  - federatedfilesharing: 1.19.0
  - federation: 1.19.0
  - files: 2.1.0
  - files_antivirus: 5.5.4
  - files_downloadlimit: 2.0.0
  - files_fulltextsearch: 29.0.0
  - files_pdfviewer: 2.10.0
  - files_reminders: 1.2.0
  - files_sharing: 1.21.0
  - files_trashbin: 1.19.0
  - files_versions: 1.22.0
  - firstrunwizard: 2.18.0
  - fulltextsearch: 29.0.0
  - fulltextsearch_elasticsearch: 29.0.1
  - logreader: 2.14.0
  - lookup_server_connector: 1.17.0
  - nextcloud-aio: 0.6.0
  - nextcloud_announcements: 1.18.0
  - notes: 4.10.0
  - notifications: 2.17.0
  - notify_push: 0.6.12
  - oauth2: 1.17.0
  - password_policy: 1.19.0
  - photos: 2.5.0
  - privacy: 1.13.0
  - provisioning_api: 1.19.0
  - recommendations: 2.1.0
  - related_resources: 1.4.0
  - richdocuments: 8.4.2
  - serverinfo: 1.19.0
  - settings: 1.12.0
  - sharebymail: 1.19.0
  - support: 1.12.0
  - systemtags: 1.19.0
  - tasks: 0.16.0
  - text: 3.10.0
  - theming: 2.4.0
  - twofactor_backupcodes: 1.18.0
  - twofactor_totp: 11.0.0-dev
  - user_status: 1.9.0
  - viewer: 2.3.0
  - workflowengine: 2.11.0
Disabled:
  - dashboard: 7.9.0 (installed 7.9.0)
  - encryption: 2.17.0
  - files_external: 1.21.0
  - survey_client: 1.17.0 (installed 1.17.0)
  - suspicious_login: 7.0.0
  - user_ldap: 1.20.0
  - weather_status: 1.9.0 (installed 1.9.0)
/var/www/html #

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

{"reqId":"Ordq5zzFFNmHrP0obP3M","level":2,"time":"2024-06-08T20:15:04+00:00","remoteAddr":"192.168.178.174","user":"admin","app":"no app in context","method":"GET","url":"/apps/logreader/api/poll?lastReqId=Bz9O15lkiaQRmW3LZE6R","message":"AppManger::checkAppForUser - can't decode group IDs: Console has to be executed with the user that owns the data directory\nCurrent user id: 33\nOwner id of the data directory: 99\nTry adding 'sudo -u nextcloud/server#99' to the beginning of the command (without the single quotes)\nIf running with 'docker exec' try adding the option '-u 99' to the docker command (without the single quotes) - json error code: 4","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0","version":"29.0.2.2","data":[],"id":"6664bbc8b7e68"}

Additional info

Have opened an issue report already over at the nextcloud-aio github page with additional information: https://github.com/nextcloud/all-in-one/issues/4794

[joshtrichards]

Please provide the output of occ config:list so that we can check the enabled field for each of your apps (I believe that's the field this is coming from).

Also, I note you're running occ commands incorrectly for the AIO image:

/var/www/html # sudo -u www-data php occ config:list system

Warning: Failed to set memory limit to 0 bytes (Current memory usage is 2097152 bytes) in Unknown on line 0
The current PHP memory limit is below the recommended value of 512MB.

Please see: https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-run-occ-commands

Details

The enabled key for at least of your apps appears to be populated with the output of a console command. Adding to the mystery, the value had to have been set prior to the upgrade, since that console command was modified and doesn't actually contain that output in current 29.0.2. Finally, I have no idea how the output of a console command could have ended up in that variable (well I can come up with a few ways a human could cause it manually, but I see nothing in the code path that would so far that could even remotely lead to this scenario). EDIT: I have a hypothesis; described at the end.

The provided log entry, once considered in the context it's shown, suggests this string is literally what populates the enabled key:

Console has to be executed with the user that owns the data directory\nCurrent user id: 33\nOwner id of the data directory: 99\nTry adding 'sudo -u nextcloud/server#99' to the beginning of the command (without the single quotes)\nIf running with 'docker exec' try adding the option '-u 99' to the docker command (without the single quotes)

Not surprisingly this follows it: json error code: 4 (a json syntax error).

This is expected to be one of:

• yes
• (empty/null)
• a list of groups the app is restricted to

https://github.com/nextcloud/server/blob/1a6440c353d3c797140215e4ab885544f1ac3741/lib/private/App/AppManager.php#L336-L353

Best guess about underlying cause

I suspect something before the upgrade populated that value somehow. It would presumably have been an occ command (possibly something specific to the AIO upgrade process? Or perhaps not AIO specific at all... dunno).

@szaimen: This may be AIO specific. If I had to guess this would be a possible area of interest:

https://github.com/nextcloud/all-in-one/blob/87cc69ccd87669de9dd5ae8dfc78842791a719b6/Containers/nextcloud/entrypoint.sh#L406-L409

And it gets populated here:

https://github.com/nextcloud/all-in-one/blob/87cc69ccd87669de9dd5ae8dfc78842791a719b6/Containers/nextcloud/entrypoint.sh#L165

These touch that key and are executed during upgrades with the contents populated from a value saved before the upgrade.

Given the underlying error:

Console has to be executed with the user that owns the data directory\nCurrent user id: 33\nOwner id of the data directory: 99

Sounds like the underlying cause is a permissions matter pre-upgrade that prevented APPSTORAGE from getting populated accurately in line 165 prior to the upgrade. It ended up with the error output. :-)

We should probably check for an error indication there I guess, but the underlying cause beyond that is unclear. It sounds like a configuration matter: the data directory isn't supposed to be owned by 99 in AIO I don't think. Perhaps @Joly0 can explain why their data directory is owned by an odd user in their environment. :-)

[szaimen]

Console has to be executed with the user that owns the data directory\nCurrent user id: 33\nOwner id of the data directory: 99

What I dont unferstand is that error message. In 29.0.2 it should check the config folder and not the data directory. See https://github.com/nextcloud/all-in-one/issues/4794#issuecomment-2156140995 and below

[joshtrichards]

It's populating APPSTORAGE just before the upgrade. So it's coming from the 29.0.1 code beforehand (i.e. before nextcloud/server#45326 was merged).

[szaimen]

It's populating APPSTORAGE just before the upgrade. So it's coming from the 29.0.1 code beforehand (i.e. before nextcloud/server#45326 was merged).

But @Joly0 is reporting that this message (which is referring to the data directory qnd mot the config directory) is still printed even though they are on 29.0.2...

[joshtrichards]

That message isn't being generated in real-time. It's saved here prior to the upgrade when the apps are proactively disabled:

https://github.com/nextcloud/all-in-one/blob/87cc69ccd87669de9dd5ae8dfc78842791a719b6/Containers/nextcloud/entrypoint.sh#L163-L167

The occ command there is generating the error output with <29.0.2 code. Then later it restores the value of enabled... which in this case is the literal raw string output containing that error.

So there are two issues:

• whatever is causing the permissions issue (the real root cause)
• we aren't checking the return value of running occ for any indications of errors (I believe occ will set an exit code of 1 that we can check for before saving the data to the variable if we think it's important to catch this scenario)

[szaimen]

I see. In that case it actually is an AIO issue. Will have a look next week.

[joshtrichards]

I was pretty confused too at first. :-)

[Joly0]

Not sure if its still needed:

root@Tower:~# docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:list system
{
    "system": {
        "one-click-instance": true,
        "one-click-instance.user-limit": 100,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "appsallowlist": false,
        "check_data_directory_permissions": false,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "overwritehost": "nextcloud.example.com",
        "overwriteprotocol": "https",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "nextcloud.example.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "29.0.2.2",
        "overwrite.cli.url": "https:\/\/nextcloud.example.com\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "updatedirectory": "\/nc-updater",
        "loglevel": "2",
        "app_install_overwrite": [
            "nextcloud-aio"
        ],
        "log_type": "file",
        "logfile": "\/var\/www\/html\/data\/nextcloud.log",
        "log_rotate_size": "10485760",
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "jpeg_quality": "60",
        "enabledPreviewProviders": {
            "1": "OC\\Preview\\Image",
            "2": "OC\\Preview\\MarkDown",
            "3": "OC\\Preview\\MP3",
            "4": "OC\\Preview\\TXT",
            "5": "OC\\Preview\\OpenDocument",
            "6": "OC\\Preview\\Movie",
            "7": "OC\\Preview\\Krita",
            "0": "OC\\Preview\\Imaginary"
        },
        "enable_previews": true,
        "upgrade.disable-web": true,
        "mail_smtpmode": "smtp",
        "default_phone_region": "DE",
        "trashbin_retention_obligation": "auto, 30",
        "versions_retention_obligation": "auto, 30",
        "activity_expire_days": "30",
        "simpleSignUpLink.shown": false,
        "share_folder": "\/Shared",
        "one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
        "upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
        "maintenance_window_start": 100,
        "allow_local_remote_servers": true,
        "davstorage.request_timeout": 3600,
        "htaccess.RewriteBase": "\/",
        "dbpersistent": false,
        "auth.bruteforce.protection.enabled": true,
        "ratelimit.protection.enabled": true,
        "files_external_allow_create_new_local": false,
        "defaultapp": "files",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
        "preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
        "mail_sendmailmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl"
    }
}
root@Tower:~#

[szaimen]

Hi, this is fixed for anyone in the future, however you will need to fix it for yourself manually.

Run the following commands for all your custom apps: sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set "$app" enabled --value="yes"

[Joly0]

Hi, this is fixed for anyone in the future, however you will need to fix it for yourself manually.

Run the following commands for all your custom apps: sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set "$app" enabled --value="yes"

Hey, thanks for solving this issue so fast.

Just to clarify, with "run for all your custom apps" you mean all the enabled apps here:

/var/www/html # sudo -u www-data php occ app:list

Warning: Failed to set memory limit to 0 bytes (Current memory usage is 2097152 bytes) in Unknown on line 0
The current PHP memory limit is below the recommended value of 512MB.
Enabled:
  - activity: 2.21.1
  - admin_audit: 1.19.0
  - app_api: 2.6.0
  - bruteforcesettings: 2.9.0
  - calendar: 4.7.6
  - circles: 29.0.0-dev
  - cloud_federation_api: 1.12.0
  - comments: 1.19.0
  - contacts: 6.0.0
  - contactsinteraction: 1.10.0
  - dav: 1.30.1
  - deck: 1.13.0
  - federatedfilesharing: 1.19.0
  - federation: 1.19.0
  - files: 2.1.0
  - files_antivirus: 5.5.4
  - files_downloadlimit: 2.0.0
  - files_fulltextsearch: 29.0.0
  - files_pdfviewer: 2.10.0
  - files_reminders: 1.2.0
  - files_sharing: 1.21.0
  - files_trashbin: 1.19.0
  - files_versions: 1.22.0
  - firstrunwizard: 2.18.0
  - fulltextsearch: 29.0.0
  - fulltextsearch_elasticsearch: 29.0.1
  - logreader: 2.14.0
  - lookup_server_connector: 1.17.0
  - nextcloud-aio: 0.6.0
  - nextcloud_announcements: 1.18.0
  - notes: 4.10.0
  - notifications: 2.17.0
  - notify_push: 0.6.12
  - oauth2: 1.17.0
  - password_policy: 1.19.0
  - photos: 2.5.0
  - privacy: 1.13.0
  - provisioning_api: 1.19.0
  - recommendations: 2.1.0
  - related_resources: 1.4.0
  - richdocuments: 8.4.2
  - serverinfo: 1.19.0
  - settings: 1.12.0
  - sharebymail: 1.19.0
  - support: 1.12.0
  - systemtags: 1.19.0
  - tasks: 0.16.0
  - text: 3.10.0
  - theming: 2.4.0
  - twofactor_backupcodes: 1.18.0
  - twofactor_totp: 11.0.0-dev
  - user_status: 1.9.0
  - viewer: 2.3.0
  - workflowengine: 2.11.0
Disabled:
  - dashboard: 7.9.0 (installed 7.9.0)
  - encryption: 2.17.0
  - files_external: 1.21.0
  - survey_client: 1.17.0 (installed 1.17.0)
  - suspicious_login: 7.0.0
  - user_ldap: 1.20.0
  - weather_status: 1.9.0 (installed 1.9.0)
/var/www/html #

?

[szaimen]

For all apps inside the custom_apps folder