Configure Nextcloud access permission

makko · September 1, 2025, 10:13am

Hello!

I’m trying to install Nextcloud on TrueNAS Scale 25.04.2.3.

I followed Nextcloud Deployment | TrueNAS Apps Market but I think the guide is incomplete and not really explaining all the steps…

As suggested (and I agree with that) I created a dedicated user for the app (app_nextcloud).

API Keys:No keys
GID:3003
Home Directory:/var/empty
Shell:/usr/sbin/nologin
Email:–
Password Disabled:Yes
Lock User:No
Samba Authentication:No
SSH:Key not set
Password History:No History
Password Age:–
Last Password Change:–
Password Change Required:No
Allowed Sudo Commands:ALL
Allowed Sudo Commands (No Password):ALL

Along with it it was created the group 3003 called app_nextcloud.

I created an app dataset (/mnt/Archive/ApplicationData/nextcloud/) with 3 child dataset:

/mnt/Archive/ApplicationData/nextcloud/data
/mnt/Archive/ApplicationData/nextcloud/html
/mnt/Archive/ApplicationData/nextcloud/postgres_data

I would like to have ACL for all datasets to be app_nextcloud user as owner@ and group@.
But the guide seems to suggest to set to apps… That is a bit contradictory after advising to create a dedicated user…

I think would be better to let the app run from the dedicated app_nextcloud user.
How to setup the ACL for the parent dataset and the 3 children spo that I can map them with the Storage Configuration from the app edit page ?

Nextcloud AppData Storage (HTML, Custom Themes, Apps, etc.)
---> /mnt/Archive/ApplicationData/nextcloud/html

Nextcloud User Data Storage
---> /mnt/Archive/ApplicationData/nextcloud/data

Nextcloud Postgres Data Storage
---> /mnt/Archive/ApplicationData/nextcloud/postgres_data

In addition, how to tell the app that it has to run using user app_nextcloud ?
In some custom docker images I use for other apps I add env variables (USER_ID and GROUP_ID). Will this work ?

Thanks!

Scoutingenieur · September 30, 2025, 9:45am

Hi Makko, did you already have some progress with this issue?

Although I have been succesfull in setting up TrueNAS and Nextcloud, I somehow cant manage to view my files in Nextcloud (although I can see the folders). So I’m very interested in the whole user/ACL management as I suspect the issue lies there.

Rocketplanner83 · September 30, 2025, 1:05pm

Hi @makko,

This is one of the common points of confusion between TrueNAS Apps and running your own Docker Compose stack. With Apps, you don’t control the UID/GID the containers run under; all apps use the special apps user/group (UID/GID 568) created by SCALE. That’s why the docs say “make a dataset and set ACLs for apps” — even though they also mention dedicated users.

How this works in practice

ACL ownership: Set your parent dataset and its children (data, html, postgres_data) to be owned by apps:apps. That’s what the pods actually run as.
Dedicated user (app_nextcloud): You can create it for bookkeeping, but the Nextcloud App won’t use it. The USER_ID/GROUP_ID environment variables you’ve seen in Compose setups won’t work in TrueNAS Apps, because the official iX charts don’t honor them.
Mounts: In the App’s Storage Configuration, map like this:
- Nextcloud AppData (HTML, themes, apps): /mnt/Archive/ApplicationData/nextcloud/html
- Nextcloud User Data: /mnt/Archive/ApplicationData/nextcloud/data
- Nextcloud Postgres Data: /mnt/Archive/ApplicationData/nextcloud/postgres_data

If you want full control

If your goal is to have the container run as your app_nextcloud user, the way to do it is Docker Compose (or Portainer, Dockge, etc.), not TrueNAS Apps. There, you can set PUID/PGID (or USER_ID/GROUP_ID) and align your dataset ACLs with your dedicated account.