server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon nextcloud

feat: allow to configure php.user

Open szaimen opened this issue 1 year ago • 4 comments

  • [x] Needs https://github.com/nextcloud/server/pull/45302

szaimen avatar May 14 '24 10:05 szaimen

I insist that it should use the new config value instead of the config.php owner if the value is filled. Is if php.user is empty, it checks that running user is the owner of config.php. If php.user is filled, it checks that running user is the one in php.user.

See my previous change suggestion.

but we already get the user via posix_getuid or not?

szaimen avatar May 16 '24 09:05 szaimen

I insist that it should use the new config value instead of the config.php owner if the value is filled. Is if php.user is empty, it checks that running user is the owner of config.php. If php.user is filled, it checks that running user is the one in php.user. See my previous change suggestion.

but we already get the user via posix_getuid or not?

We do, and we want to check that it’s the correct one.

come-nc avatar May 16 '24 10:05 come-nc

I insist that it should use the new config value instead of the config.php owner if the value is filled. Is if php.user is empty, it checks that running user is the owner of config.php. If php.user is filled, it checks that running user is the one in php.user. See my previous change suggestion.

but we already get the user via posix_getuid or not?

We do, and we want to check that it’s the correct one.

all right, done!

szaimen avatar May 17 '24 06:05 szaimen

Not completely happy about it but too much time was spend already, and it does fix the usecase.

come-nc avatar May 21 '24 15:05 come-nc

Looks like a reasonable solution, if there's not an easy way to just verify if we can write to the directory (as the user is not really relevant, just whether we have write access). I don't remember my PHP so well, but in Python I'd probably just try/except a file write as a test.

Dreamsorcerer avatar May 24 '24 16:05 Dreamsorcerer

as the user is not really relevant, just whether we have write access

The user is actually relevant (there is a separate check for checking write access to the data dir iirc). If an occ/cron command ends up create a file it will be owned by whatever user the command is ran as. So if a user does sudo occ .... Any file created by that will then be read-only to the webserver.

icewind1991 avatar May 26 '24 21:05 icewind1991

As I wrote in the internal chat: can someone please take over this PR? It looked like a simple change but got more and more complicated. I fear I currently do not have the capacity to finish this as I am busy with AIO and Enterprise-AIO.

szaimen avatar Jun 10 '24 09:06 szaimen