Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for current user to have the same id then the owner of the config ... #13282

Merged
merged 1 commit into from
Jan 12, 2015
Merged

Check for current user to have the same id then the owner of the config ... #13282

merged 1 commit into from
Jan 12, 2015

Conversation

DeepDiver1975
Copy link
Member

@DeepDiver1975 DeepDiver1975 added this to the 8.0-current milestone Jan 12, 2015
@karlitschek
Copy link
Contributor

nice 👍

@DeepDiver1975
Copy link
Member Author

I'm asking my self if this is a too hard check - shall we ask the user to continue on his own risk?

@LukasReschke
Copy link
Member

I think this non-bypassable check is reasonable if we add some documentation about this. 👍

@carlaschroder

@ghost
Copy link

ghost commented Jan 12, 2015

Refer to this link for build results (access rights to CI server needed):
https://ci.owncloud.org//job/pull-request-analyser-ng-simple/6434/
👍 Test PASSed. 👍

MorrisJobke added a commit that referenced this pull request Jan 12, 2015
@MorrisJobke
Merge pull request #13282 from owncloud/occ-user-warning
58b985b 
Check for current user to have the same id then the owner of the config ...
@MorrisJobke MorrisJobke merged commit 58b985b into master Jan 12, 2015
@MorrisJobke MorrisJobke deleted the occ-user-warning branch January 12, 2015 16:50
@MorrisJobke
Copy link
Contributor

I just checked again: posix_getpwuid isn't available in my PHP even if PHP is compiled with --enable-posix=shared. Ideas?

@MorrisJobke
Copy link
Contributor

Ah. posix.so needs to be enabled. Can we add a check for this extension or should we enforce this extension just for this check?

@scrutinizer-notifier
Copy link

The inspection completed: No new issues

DeepDiver1975 added a commit that referenced this pull request Jan 12, 2015
@DeepDiver1975
Check for the posix extension - refs #13282 (comment)
1f01552
@DeepDiver1975 DeepDiver1975 mentioned this pull request Jan 12, 2015
Merged
@RobinMcCorkell
Copy link
Member

This breaks my workflow (I know, I know 😆): I point my web server directly at my git repository, but use ACLs so that the web server can write to the important directories. Unfortunately after this PR I can no longer run occ. What about checking if config.php, or some other core object like data/, is writable? That is the real requirement here as I see it.

@DeepDiver1975
Copy link
Member Author

That is the real requirement here as I see it.

No - here is an example:

config.php is owned by www-data
root can write to config.php
in case files are touches by occ - the owner is getting changed to root
www-data can no longer access the changed files

@RobinMcCorkell
Copy link
Member

@DeepDiver1975 Ah, true. Perhaps it'd be best not to check the owner of config.php then, but rather an unimportant file generated by oC, like data/.ocdata (that is unlikely to be edited by the administrator, ever)? Or will that cause issues when it comes to using an object store?

@DeepDiver1975 DeepDiver1975 mentioned this pull request Apr 1, 2015
Merged
@lock lock bot locked as resolved and limited conversation to collaborators Aug 14, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
3 - To Review
Projects
None yet
Milestone
8.0
Development

Successfully merging this pull request may close these issues.

occ should verify that it is run as web server user
6 participants
@DeepDiver1975 @karlitschek @LukasReschke @MorrisJobke @scrutinizer-notifier @RobinMcCorkell