search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.31k stars 4.06k forks source link

World-writeable files #4417

Closed kchan101 closed 7 years ago

kchan101 commented 7 years ago
I have changed the umask for apache to 0007 but files and directories are created under the data directory on the server with world-read/writeable permissions.
umask verification ``` # systemctl show httpd.service | grep UMask UMask=0007 # for p in `pgrep httpd`; do grep Umask /proc/$p/status; done Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 Umask: 0007 ```
### Steps to reproduce 1. create a file or directory using web gui/android client/os command line 2. wait for sync to server 3. check permissions under data directory on the server ### Expected behaviour Files and directories should be created with 0660 and 0770 permissions respectively on the server ### Actual behaviour Files and directories are created with 0666 and 0777 permissions respectively on the server ### Server configuration **Operating system**: Fedora 25 **Web server:** apache, httpd-2.4.25-1.fc25.x86_64 **Database:** mariadb-server-10.1.21-3.fc25.x86_64 **PHP version:** php-7.0.17-1.fc25.x86_64 **Nextcloud version:** 11.0.2 (stable) **Updated from an older Nextcloud/ownCloud or fresh install:** Updated from OC9 **Where did you install Nextcloud from:** 720cb50f98a94f2888f2d07d5d4e91b4 nextcloud-11.0.2.zip **Signing status:**
Signing status ``` No errors have been found. ```
**List of activated apps:**
App list ``` Enabled: - activity: 2.4.1 - admin_audit: 1.1.0 - apporder: 0.3.3 - calendar: 1.5.2 - comments: 1.1.0 - contacts: 1.5.3 - dav: 1.1.1 - direct_menu: 0.10.1 - federatedfilesharing: 1.1.1 - federation: 1.1.1 - files: 1.6.1 - files_external: 1.1.2 - files_pdfviewer: 1.0.1 - files_sharing: 1.1.1 - files_texteditor: 2.2 - files_trashbin: 1.1.0 - files_versions: 1.4.0 - firstrunwizard: 2.0 - gallery: 16.0.0 - logreader: 2.0.0 - lookup_server_connector: 1.0.0 - nextcloud_announcements: 1.0 - notes: 2.2.0 - notifications: 1.0.1 - passman: 2.1.1 - password_policy: 1.1.0 - provisioning_api: 1.1.0 - serverinfo: 1.1.1 - sharebymail: 1.0.1 - systemtags: 1.1.3 - tasks: 0.9.5 - templateeditor: 0.2 - theming: 1.1.1 - twofactor_backupcodes: 1.0.0 - updatenotification: 1.1.1 - workflowengine: 1.1.1 Disabled: - encryption - external - files_accesscontrol - files_automatedtagging - files_retention - files_videoplayer - survey_client - user_external - user_ldap - user_saml ```
**Nextcloud configuration:**
Config report ``` { "system": { "instanceid": "oc68c40ffe49", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "example.co.uk" ], "datadirectory": "\/export\/data\/owncloud\/data", "dbtype": "mysql", "version": "11.0.2.7", "dbname": "owncloud", "dbhost": "localhost", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "defaultapp": "calendar,files", "forcessl": true, "theme": "", "installed": true, "maintenance": false, "overwritewebroot": "\/owncloud", "overwrite.cli.url": "\/owncloud", "mail_from_address": "owncloud", "mail_smtpmode": "smtp", "mail_smtpdebug": false, "mail_domain": "netquota.co.uk", "secret": "***REMOVED SENSITIVE VALUE***", "memcache.local": "\\OC\\Memcache\\APCu", "asset-pipeline.enabled": false, "mail_smtphost": "XXX.XXX.XXX.XXX", "mail_smtpport": "25", "loglevel": 2, "trashbin_retention_obligation": "auto", "log_rotate_size": 10485760, "appstore.experimental.enabled": false, "updater.release.channel": "stable" } } ```
**Are you using external storage, if yes which one:** local **Are you using encryption:** no **Are you using an external user-backend, if yes which one:** no ### Client configuration **Browser:** firefox-52.0.2-2.fc25.x86_64 **Operating system:** Fedora 25 ### Logs #### Web server error log
Web server error log ``` No relevant messages ```
#### Nextcloud log (data/nextcloud.log)
Nextcloud log ``` No relevant messages ```
#### Browser log
Browser log ``` No relevant messages ```
MorrisJobke commented 7 years ago

I have changed the umask for apache to 0007 but files and directories are created under the data directory on the server with world-read/writeable permissions.

I have never seen this and can confirm on the instances I run. Could you check all the folders above to have the correct 0770 permission set? Could you reset all to that and then upload a file again?

As this is also not really a bug but more a setup problem I would ask you to ask this question in the forums: https://help.nextcloud.com

Thanks

jcklpe commented 6 years ago

@kchan101 Did you ever find a solution to this? I'm having a similar problem.

kchan101 commented 6 years ago

I was running my nextcloud instance in a kvm guest with the data directory mounted via NFS from the parent. I switched to a 9p mount and all was well again.