Can't create user space when using the Joint Access Storage Driver as non root

[SpeakinTelnet]

Describe the bug

When deploying OCIS with the posix storage driver using systemd and user ocis (as per the docs) the service fails to create the user space.

Steps to reproduce

Here's my full deployment procedure runable from a bash script:

wget -O /usr/local/bin/ocis https://github.com/owncloud/ocis/releases/download/v6.2.0/ocis-6.2.0-linux-amd64
chmod +x /usr/local/bin/ocis

useradd --system --no-create-home --shell=/sbin/nologin ocis

mkdir -p /var/lib/ocis/posix-storage
mkdir -p /etc/ocis
touch /etc/ocis/ocis.env
chown -R ocis:ocis /var/lib/ocis
chown -R ocis:ocis /etc/ocis

cat > /etc/ocis/ocis.env << EOF
OCIS_URL=https://owncloud.homelab:9200
PROXY_HTTP_ADDR=0.0.0.0:9200

OCIS_LOG_LEVEL=warn

OCIS_CONFIG_DIR=/etc/ocis
OCIS_BASE_DATA_PATH=/var/lib/ocis

STORAGE_USERS_DRIVER="posix"
STORAGE_USERS_POSIX_ROOT="/var/lib/ocis/posix-storage"
STORAGE_USERS_POSIX_WATCH_TYPE="inotifywait"
STORAGE_USERS_ID_CACHE_STORE="nats-js-kv"
STORAGE_USERS_ID_CACHE_STORE_NODES="localhost:9233"
EOF

sudo -u ocis ocis init --config-path /etc/ocis

cat > /etc/systemd/system/ocis.service << EOF
[Unit]
Description=OCIS server

[Service]
Type=simple
User=ocis
Group=ocis
EnvironmentFile=/etc/ocis/ocis.env
ExecStart=/usr/local/bin/ocis server
Restart=always

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now ocis

Expected behavior

The user space is created and the service run as usual

Actual behavior

The user space is not created and the following errors occurs:

Aug 05 14:14:28 owncloud ocis[5562]: {"level":"error","service":"storage-users","pkg":"rgrpc","traceid":"a03ca61801683eeb9d986de767a85144","error":"open .flock: permission denied","status":{"code":15,"message":"error creating space","trace":"a03ca61801683eeb9d986de767a85144"},"request":{"opaque":{"map":{"space_id":{"decoder":"plain","value":"M2ZmYzIyZGMtZjE5ZS00ZWU2LWJjYTMtODY0NDA1N2YyNzlk"}}},"owner":{"id":{"idp":"https://owncloud.homelab:9200","opaque_id":"3ffc22dc-f19e-4ee6-bca3-8644057f279d","type":1},"username":"admin","mail":"admin@example.org","display_name":"Admin","uid_number":99,"gid_number":99},"type":"personal","name":"Admin"},"time":"2024-08-05T14:14:28Z","message":"failed to create storage space"}
Aug 05 14:14:28 owncloud ocis[5562]: {"level":"error","service":"proxy","error":"gateway: grpc failed with code CODE_INTERNAL","time":"2024-08-05T14:14:28Z","message":"error when calling Createhome"}

Additional context

• If I run the service as the root user instead everything runs correctly.
• I have the same errors if I create a home for user ocis and set the storage in the home directory.
• I have the same errors if I run chmod -R 777 /var/lib/ocis/posix-storage
• Removing the posix storage driver section makes the service run correctly.

Thanks!

[rhafer]

I can confirm the issue. For some reason ocis tries to create lockfile in it's current working directory (which I think is a bug in ocis).

The working directory of service run by systemd defaults /, where the ocis user obivously can't write anything. As a workaround please try adding:

WorkingDirectory=/var/lib/ocis/

to the [Service] section of your unit file. Then systemctl daemon-reload and systemctl restart ocis

[rhafer]

cc @aduffeck

[SpeakinTelnet]

@rhafer Thank you! The workaround works