[Bug]: file_exists(): open_basedir restriction in effect. File(/files) is not within the allowed path

dafi87 commented 12 months ago

⚠️ This issue respects the following points: ⚠️

[X] This is a bug, not a question or a configuration/webserver/proxy issue.
[X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
[X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
[X] I agree to follow Nextcloud's Code of Conduct.

Bug description

Log is flooded with

file_exists(): open_basedir restriction in effect. File(/files) is not within the allowed path(s): (/abc/:/tmp/:/proc/) at /abc/xyz/nextcloud/3rdparty/sabre/dav/lib/DAV/FS/Directory.php#78

Steps to reproduce

Open Logs

Expected behavior

Use correct path like /remote.php/dav/files, not /files

Installation method

Community Manual installation with Archive

Nextcloud Server version

27

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.1

Web server

Nginx

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Upgraded to a MAJOR version (ex. 22 to 23)

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

[X] Default user-backend (database)
[ ] LDAP/ Active Directory
[ ] SSO - SAML
[ ] Other

Configuration report

No response

List of activated Apps

No response

Nextcloud Signing status

No response

Nextcloud Logs

{"reqId":"NYbARyfFtjdAaEfIAvif","level":3,"time":"2023-07-31T08:13:34+00:00","remoteAddr":"141.88.235.123","user":"--","app":"PHP","method":"OPTIONS","url":"/remote.php/dav/files/ttt/","message":"file_exists(): open_basedir restriction in effect. File(/files) is not within the allowed path(s): (/dfgh/:/tmp/:/proc/) at /var/www/vhosts/abc/nextcloud/3rdparty/sabre/dav/lib/DAV/FS/Directory.php#78","userAgent":"Microsoft Office Excel","version":"27.0.1.2","data":{"app":"PHP"}}
{"reqId":"7BUNPLXkF9LcO3rk7WfQ","level":3,"time":"2023-07-31T08:13:35+00:00","remoteAddr":"141.88.235.123","user":"--","app":"PHP","method":"HEAD","url":"/remote.php/dav/files/ttt/ppp.xlsx","message":"file_exists(): open_basedir restriction in effect. File(/files) is not within the allowed path(s): (/dfgh/:/tmp/:/proc/) at /var/www/vhosts/abc/nextcloud/3rdparty/sabre/dav/lib/DAV/FS/Directory.php#78","userAgent":"Microsoft Office Existence Discovery","version":"27.0.1.2","data":{"app":"PHP"}}
{"reqId":"7BUNPLXkF9LcO3rk7WfQ","level":3,"time":"2023-07-31T08:13:35+00:00","remoteAddr":"141.88.235.123","user":"--","app":"PHP","method":"HEAD","url":"/remote.php/dav/files/ttt/ppp.xlsx","message":"file_exists(): open_basedir restriction in effect. File(/files) is not within the allowed path(s): (/dfgh/:/tmp/:/proc/) at /var/www/vhosts/abc/nextcloud/3rdparty/sabre/dav/lib/DAV/FS/Directory.php#78","userAgent":"Microsoft Office Existence Discovery","version":"27.0.1.2","data":{"app":"PHP"}}
{"reqId":"X1C1YQXJxZwHuIdsktnX","level":0,"time":"2023-07-31T08:13:35+00:00","remoteAddr":"141.88.235.123","user":"FFFFF","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/files/ttt/~%24ppp.xlsx","message":"File with name /ttt/~$ppp.xlsx could not be located","userAgent":"Microsoft-WebDAV-MiniRedir/10.0.19045","version":"27.0.1.2","exception":{"Exception":"Sabre\\DAV\\Exception\\NotFound","Message":"File with name /ttt/~$ppp.xlsx could not be located","Code":0,"Trace":[{"file":"/var/www/vhosts/abc/nextcloud/3rdparty/sabre/dav/lib/DAV/Tree.php","line":78,"function":"getChild","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->"},{"file":"/var/www/vhosts/abc/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":971,"function":"getNodeForPath","class":"Sabre\\DAV\\Tree","type":"->"},{"file":"/var/www/vhosts/abc/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1662,"function":"getPropertiesIteratorForPath","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/vhosts/abc/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1647,"function":"writeMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/vhosts/abc/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":346,"function":"generateMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/vhosts/abc/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpPropFind","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/var/www/vhosts/abc/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":472,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/vhosts/abc/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/vhosts/abc/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/vhosts/abc/nextcloud/apps/dav/lib/Server.php","line":364,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/vhosts/abc/nextcloud/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->"},{"file":"/var/www/vhosts/abc/nextcloud/remote.php","line":172,"args":["/var/www/vhosts/abc/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/vhosts/abc/nextcloud/apps/dav/lib/Connector/Sabre/Directory.php","Line":227,"message":"File with name /yyy.xlsx could not be located","exception":{},"CustomMessage":"File with name /yyy.xlsx could not be located"}}

Additional info

There was an older closed bug report here: https://github.com/nextcloud/server/issues/30479

joshtrichards commented 11 months ago

Hi @dafi87 - Thanks for the report.

Use correct path like /remote.php/dav/files, not /files

Well neither of those would be the correct path. :) But, yeah, something seems not right.

It should be the full absolute path, for the actual files, on your underlying filesystem in most cases.

Unless you're using Object Storage maybe.

Is Nextcloud itself as well as the configured datadirectory all under /abc/ (or /dfhg/ from your other log entries) on the underlying OS filesystem? No parent folders?

Also, any symbolic links involved anywhere?

dafi87 commented 11 months ago

Thanks for looking into it!

Yes, the datadirectory is at /var/www/vhosts/abc/nextcloud/data and nextcloud itself under /var/www/vhosts/abc/nextcloud

open_basedir is set as /var/www/vhosts/abc/:/tmp/:/proc/

joshtrichards commented 11 months ago

Are you able to access your files / do everything you'd expect otherwise?
So this specifically started when you upgraded to NC27, but did not occur previously?

dafi87 commented 11 months ago

Yes, files can be accessed via web, NC client for Windows and I also tested via WebDAV. Right now I can not say what exactly triggers these PHP errors.

We updated to NC27 coming from 24 or 25 and the error was not being logged with the old version. I'm sorry for not being able to exactly say what the old version was.

b-pfl commented 6 months ago

On my side, the error appeared with the upgrade to 28.0.1:

file_exists(): open_basedir restriction in effect. File(/files) is not within the allowed path(s): (/<wwwroot>/:/tmp/:/dev/urandom:/usr/bin/clamscan:/proc/meminfo:/proc/cpuinfo) at /<wwwroot>/<subdomain_docroot>/3rdparty/sabre/dav/lib/DAV/FS/Directory.php#78

Taxicletter commented 4 months ago

I have the same problem. I think it started with the update to 26 and it's still there. My NextCloud is on a hosted webserver (Cloud86). I have no problems reaching files (with Mac client, in browser, on Android app). I don't use a news-app. The error is about "File(/backup/), but I don't use a back-up app in NextCloud, so unless that's a background task, I don't know where it comes from.

file_exists(): open_basedir restriction in effect. File(/backup/) is not within the allowed path(s): (/var/www/vhosts/my-root-domain/:/tmp/) at /var/www/vhosts/my-root-domain/my-subdomain/myfolder-with-nextcloud/lib/private/Files/Storage/Local.php#187

Also tried setting open-basedir to none in the PHP settings (and the two other available options) but that didn't make any difference. Asked my webhoster, but they couldn't help.

joho1968 commented 1 month ago

I see the same issue in 29.0.1 on Ubuntu 22.04.LTS with PHP 8.1 FPM and nginx:

file_exists(): open_basedir restriction in effect. File(/files) is not within the allowed path(s): (/var/www/nextcloud:/dev/urandom:/tmp:/proc/meminfo:/proc/cpuinfo) at /var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/FS/Directory.php#78

To my knowledge, there are no issues accessing files, etc.

nextcloud / server