search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.5k stars 4.07k forks source link

[Bug]: wrong permissions attributed to a copy of a file #46248

Open jcdufourd opened 4 months ago

jcdufourd commented 4 months ago

⚠️ This issue respects the following points: ⚠️

Bug description

I start with a folder A with read-only sharing for everyone, and add some files including a file B to it. A and B are created as an admin.

Then, as a normal user, I create a folder C with full-editing sharing with a group, then copy file B into folder C. The resulting file is D.

The permissions on file D are read-only, and I cannot find a way to remove it. My expectation is that the user who made the copy should be able to remove it. The admin account, with which D is shared with full-editing share from folder C, also cannot remove the file, and I think it should also have.

With the outlined process, files are created that noone can get rid of. I believe that is a bug.

Steps to reproduce

  1. create folder A as admin, share it with read-only to everyone
  2. create file B in A as admin
  3. create folder C as normal user and share it allow-editing with a group
  4. copy B into C, yielding file D
  5. file D cannot be deleted by anyone, user owning the copy or admin

Expected behavior

There should be a way for the user who made the copy to remove the file

Installation method

Community Docker image

Nextcloud Server version

29

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Nginx

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

Configuration report

{
    "system": {
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "objectstore": {
            "class": "\\OC\\Files\\ObjectStore\\S3",
            "arguments": {
                "bucket": "***REMOVED SENSITIVE VALUE***",
                "region": "eu-west-3",
                "hostname": "",
                "port": "443",
                "objectPrefix": "urn:oid:",
                "autocreate": false,
                "use_ssl": true,
                "use_path_style": false,
                "legacy_auth": false,
                "key": "***REMOVED SENSITIVE VALUE***",
                "secret": "***REMOVED SENSITIVE VALUE***"
            }
        },
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***",
            "nginx-server"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "29.0.3.4",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "defaultapp": "files",
        "auth.webauthn.enabled": false,
        "onlyoffice": {
            "verify_peer_off": true,
            "DocumentServerUrl": "\/ds-vpath\/",
            "DocumentServerInternalUrl": "***REMOVED SENSITIVE VALUE***",
            "StorageUrl": "http:\/\/nginx-server\/",
            "jwt_secret": "***REMOVED SENSITIVE VALUE***",
            "jwt_header": "AuthorizationJwt",
            "allow_local_remote_servers": true
        },
        "overwriteprotocol": "https",
        "upgrade.disable-web": true,
        "maintenance": false,
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "mysql.utf8mb4": true,
        "loglevel": 0,
        "app_install_overwrite": [
            "backup",
            "hsts"
        ],
        "maintenance_window_start": 1,
        "htaccess.RewriteBase": "\/"
    }
}

List of activated Apps

Enabled:
  - activity: 2.21.1
  - bruteforcesettings: 2.9.0
  - cloud_federation_api: 1.12.0
  - dav: 1.30.1
  - deck: 1.13.1
  - external: 5.4.0
  - federatedfilesharing: 1.19.0
  - files: 2.1.0
  - files_downloadlimit: 2.0.0
  - files_external: 1.21.0
  - files_pdfviewer: 2.10.0
  - files_sharing: 1.21.0
  - files_trashbin: 1.19.0
  - files_versions: 1.22.0
  - forms: 4.2.4
  - group_everyone: 0.1.15
  - hsts: 0.9.0
  - impersonate: 1.16.0
  - logreader: 2.14.0
  - lookup_server_connector: 1.17.0
  - notifications: 2.17.0
  - oauth2: 1.17.0
  - onlyoffice: 9.3.0
  - privacy: 1.13.0
  - provisioning_api: 1.19.0
  - serverinfo: 1.19.0
  - settings: 1.12.0
  - sociallogin: 5.6.5
  - spreed: 19.0.4
  - support: 1.12.0
  - text: 3.10.1
  - theming: 2.4.0
  - twofactor_backupcodes: 1.18.0
  - user_status: 1.9.0
  - viewer: 2.3.0
  - workflowengine: 2.11.0
Disabled:
  - admin_audit: 1.19.0
  - backup: 1.4.0 (installed 1.4.0)
  - circles: 29.0.0-dev (installed 28.0.0-dev)
  - comments: 1.19.0 (installed 1.18.0)
  - contactsinteraction: 1.10.0 (installed 1.9.0)
  - dashboard: 7.9.0 (installed 7.8.0)
  - encryption: 2.17.0
  - federation: 1.19.0 (installed 1.18.0)
  - files_fulltextsearch: 29.0.0 (installed 29.0.0)
  - files_reminders: 1.2.0 (installed 1.1.0)
  - firstrunwizard: 2.18.0 (installed 2.17.0)
  - fulltextsearch: 29.0.0 (installed 29.0.0)
  - fulltextsearch_elasticsearch: 29.0.1 (installed 29.0.1)
  - health: 2.2.2 (installed 2.2.2)
  - nextcloud_announcements: 1.18.0 (installed 1.17.0)
  - password_policy: 1.19.0 (installed 1.18.0)
  - photos: 2.5.0 (installed 2.4.0)
  - recommendations: 2.1.0 (installed 2.0.0)
  - related_resources: 1.4.0 (installed 1.3.0)
  - sharebymail: 1.19.0 (installed 1.18.0)
  - survey_client: 1.17.0 (installed 1.16.0)
  - suspicious_login: 7.0.0
  - systemtags: 1.19.0 (installed 1.18.0)
  - twofactor_totp: 11.0.0-dev
  - updatenotification: 1.19.1 (installed 1.18.0)
  - user_ldap: 1.20.0
  - weather_status: 1.9.0 (installed 1.8.0)

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

(file too big to be provided entirely, here are the last lines)
{"reqId":"KDooXJC7eOCfpQcgvure","level":1,"time":"2024-07-02T12:27:13+00:00","remoteAddr":"192.168.0.254","user":"jcdufourd","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/notifications/api/v2/notifications","message":"Notification was not parsed by any notifier [app: firstrunwizard, subject: apphint-tasks]","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":[]}
{"reqId":"KDooXJC7eOCfpQcgvure","level":1,"time":"2024-07-02T12:27:13+00:00","remoteAddr":"192.168.0.254","user":"jcdufourd","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/notifications/api/v2/notifications","message":"Notification was not parsed by any notifier [app: firstrunwizard, subject: apphint-deck]","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":[]}
{"reqId":"KDooXJC7eOCfpQcgvure","level":1,"time":"2024-07-02T12:27:13+00:00","remoteAddr":"192.168.0.254","user":"jcdufourd","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/notifications/api/v2/notifications","message":"Notification was not parsed by any notifier [app: firstrunwizard, subject: apphint-forms]","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":[]}
{"reqId":"KDooXJC7eOCfpQcgvure","level":1,"time":"2024-07-02T12:27:13+00:00","remoteAddr":"192.168.0.254","user":"jcdufourd","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/notifications/api/v2/notifications","message":"Notification was not parsed by any notifier [app: firstrunwizard, subject: apphint-groupfolders]","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":[]}
{"reqId":"KDooXJC7eOCfpQcgvure","level":1,"time":"2024-07-02T12:27:13+00:00","remoteAddr":"192.168.0.254","user":"jcdufourd","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/notifications/api/v2/notifications","message":"Notification was not parsed by any notifier [app: firstrunwizard, subject: apphint-recognize]","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":[]}
{"reqId":"sNP6i9gh4IogdPSrTNou","level":0,"time":"2024-07-02T12:27:22+00:00","remoteAddr":"84.97.183.62","user":"ePIT-44171","app":"hsts","method":"PROPFIND","url":"/remote.php/dav/files/ePIT-44171/","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Macintosh) mirall/2.6.5legacy (build 20200710) (Nextcloud)","version":"29.0.3.4","data":{"app":"hsts"}}
{"reqId":"UjRptuLeNpxJplodeDx2","level":0,"time":"2024-07-02T12:27:24+00:00","remoteAddr":"84.97.183.62","user":"ePIT-44171","app":"hsts","method":"GET","url":"/ocs/v2.php/core/navigation/apps?absolute=true&format=json","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Macintosh) mirall/2.6.5legacy (build 20200710) (Nextcloud)","version":"29.0.3.4","data":{"app":"hsts"}}
{"reqId":"9bcuHuPcCEe6QcQAr6hD","level":0,"time":"2024-07-02T12:27:25+00:00","remoteAddr":"192.168.0.254","user":"jcdufourd","app":"hsts","method":"GET","url":"/index.php/settings/integrity/failed","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":{"app":"hsts"}}
{"reqId":"9bcuHuPcCEe6QcQAr6hD","level":0,"time":"2024-07-02T12:27:25+00:00","remoteAddr":"192.168.0.254","user":"jcdufourd","app":"no app in context","method":"GET","url":"/index.php/settings/integrity/failed","message":"The loading of lazy AppConfig values have been requested","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","exception":{"Exception":"RuntimeException","Message":"ignorable exception","Code":0,"Trace":[{"file":"/var/www/html/lib/private/AppConfig.php","line":460,"function":"loadConfig","class":"OC\\AppConfig","type":"->","args":[true]},{"file":"/var/www/html/lib/private/AppConfig.php","line":433,"function":"getTypedValue","class":"OC\\AppConfig","type":"->","args":["core","oc.integritycheck.checker","[]",true,64]},{"file":"/var/www/html/lib/private/IntegrityCheck/Checker.php","line":415,"function":"getValueArray","class":"OC\\AppConfig","type":"->","args":["core","oc.integritycheck.checker",[],true]},{"file":"/var/www/html/apps/settings/lib/Controller/CheckSetupController.php","line":124,"function":"getResults","class":"OC\\IntegrityCheck\\Checker","type":"->","args":[]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":232,"function":"getFailedIntegrityCheckFiles","class":"OCA\\Settings\\Controller\\CheckSetupController","type":"->","args":[]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":138,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\Settings\\Controller\\CheckSetupController"],"getFailedIntegrityCheckFiles"]},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":184,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\Settings\\Controller\\CheckSetupController"],"getFailedIntegrityCheckFiles"]},{"file":"/var/www/html/lib/private/Route/Router.php","line":338,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\Settings\\Controller\\CheckSetupController","getFailedIntegrityCheckFiles",["OC\\AppFramework\\DependencyInjection\\DIContainer"],["settings.checksetup.getfailedintegritycheckfiles"]]},{"file":"/var/www/html/lib/base.php","line":1050,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/settings/integrity/failed"]},{"file":"/var/www/html/index.php","line":49,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/var/www/html/lib/private/AppConfig.php","Line":1222,"message":"The loading of lazy AppConfig values have been requested","exception":{},"CustomMessage":"The loading of lazy AppConfig values have been requested"}}
{"reqId":"qaLLGX73auCAiCZlowY6","level":0,"time":"2024-07-02T12:27:27+00:00","remoteAddr":"192.168.0.254","user":"jcdufourd","app":"hsts","method":"GET","url":"/index.php/apps/files/preview-service-worker.js","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":{"app":"hsts"}}
{"reqId":"2Hg1tqZc6afCfEIK1hiu","level":0,"time":"2024-07-02T12:27:35+00:00","remoteAddr":"86.219.250.25","user":"ePIT-44252","app":"hsts","method":"GET","url":"/ocs/v2.php/apps/notifications/api/v2/notifications","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":{"app":"hsts"}}
{"reqId":"aQL4Y8PuD8Hk16gHZ0Rm","level":0,"time":"2024-07-02T12:27:35+00:00","remoteAddr":"86.219.250.25","user":"ePIT-44252","app":"hsts","method":"GET","url":"/index.php/apps/files/api/v1/stats","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":{"app":"hsts"}}
{"reqId":"1ZxQ448LO9S7VgrXevfB","level":0,"time":"2024-07-02T12:27:35+00:00","remoteAddr":"86.219.250.25","user":"ePIT-44252","app":"hsts","method":"GET","url":"/ocs/v2.php/apps/notifications/api/v2/notifications","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":{"app":"hsts"}}
{"reqId":"duCanPyYxAGlWTUs1dHa","level":0,"time":"2024-07-02T12:27:35+00:00","remoteAddr":"86.219.250.25","user":"ePIT-44252","app":"hsts","method":"PUT","url":"/ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":{"app":"hsts"}}
{"reqId":"iB7LEHiva4gTXTjplVMc","level":0,"time":"2024-07-02T12:27:35+00:00","remoteAddr":"86.219.250.25","user":"ePIT-44252","app":"hsts","method":"PUT","url":"/ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":{"app":"hsts"}}
{"reqId":"duCanPyYxAGlWTUs1dHa","level":0,"time":"2024-07-02T12:27:35+00:00","remoteAddr":"86.219.250.25","user":"ePIT-44252","app":"dav","method":"PUT","url":"/ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json","message":"No calendar events found for status check","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":{"app":"dav","user":"ePIT-44252"}}
{"reqId":"iB7LEHiva4gTXTjplVMc","level":0,"time":"2024-07-02T12:27:35+00:00","remoteAddr":"86.219.250.25","user":"ePIT-44252","app":"dav","method":"PUT","url":"/ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json","message":"No calendar events found for status check","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","version":"29.0.3.4","data":{"app":"dav","user":"ePIT-44252"}}
{"reqId":"qf18x4RQ1XrfYEnnQthT","level":0,"time":"2024-07-02T12:27:45+00:00","remoteAddr":"84.97.183.62","user":"ePIT-44171","app":"hsts","method":"PROPFIND","url":"/remote.php/dav/files/ePIT-44171/","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Macintosh) mirall/2.6.5legacy (build 20200710) (Nextcloud)","version":"29.0.3.4","data":{"app":"hsts"}}
{"reqId":"U8Sq6pRrP2IRMJm16ddB","level":0,"time":"2024-07-02T12:27:52+00:00","remoteAddr":"84.97.183.62","user":"ePIT-44171","app":"hsts","method":"PROPFIND","url":"/remote.php/dav/files/ePIT-44171/","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Macintosh) mirall/2.6.5legacy (build 20200710) (Nextcloud)","version":"29.0.3.4","data":{"app":"hsts"}}
{"reqId":"W2e9CHBIibh873yHr7e4","level":0,"time":"2024-07-02T12:27:54+00:00","remoteAddr":"84.97.183.62","user":"ePIT-44171","app":"hsts","method":"GET","url":"/ocs/v2.php/core/navigation/apps?absolute=true&format=json","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Macintosh) mirall/2.6.5legacy (build 20200710) (Nextcloud)","version":"29.0.3.4","data":{"app":"hsts"}}

Additional info

No response

jcdufourd commented 4 months ago

I also tried removing one such file with:

sudo -u www-data php occ files:delete 87859 -f

and the answer is

File cannot be deleted, insufficient permissions.

susnux commented 4 months ago

Add handleCopiesAsOwned with value true to your object storage configuration to drop restricted permissions on copy

jcdufourd commented 4 months ago

Thank you @susnux for your suggestion. This option addition does not change the current situation: existing copies are still not changeable. This does not change a new situation entirely constructed after the option has been added: new copies in a new folder newly shared are still not changeable. (Note: only steps 3-4-5 above were done again, not the initial creation of read-only documents and folder = step 1-2) (Note2: even redoing all 5 steps changes nothing: the copied files are unchangeable by anyone)

susnux commented 4 months ago

You need something like this:

// ...
'objectstore' => [
    'class' => '\\OC\\Files\\ObjectStore\\S3',
    'arguments' => [
        'handleCopiesAsOwned' => true,
        // ...
    ],
],
// ...
jcdufourd commented 4 months ago

You need something like this:

// ...
'objectstore' => [
    'class' => '\\OC\\Files\\ObjectStore\\S3',
    'arguments' => [
        'handleCopiesAsOwned' => true,
        // ...
    ],
],
// ...

This is exactly what I have already done (but "your" option is last in my array of arguments).

susnux commented 4 months ago

Then if you now copy a file you should gain all permissions as the copy is now owned by you

jcdufourd commented 4 months ago

Then if you now copy a file you should gain all permissions as the copy is now owned by you

When I now copy a read-only file, the copy is still read-only

susnux commented 4 months ago

Have you restarted your FPM processes (so the config is reload / not cached)? Because I tested it right now and with this option copies gain all permissions.

jcdufourd commented 4 months ago

I have no idea how to check this. I am using the docker version of nextcloud+onlyoffice and fpm is not a service. I only know I am using fpm because the image I use is called 29-fpm.

joshtrichards commented 4 months ago

I have no idea how to check this. I am using the docker version of nextcloud+onlyoffice and fpm is not a service. I only know I am using fpm because the image I use is called 29-fpm.

Restarting the Docker container containing fpm should suffice.

@susnux Think we should document #41565 / #41564?

nextcloud-command commented 3 months ago

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

jcdufourd commented 2 months ago

I have no idea how to check this. I am using the docker version of nextcloud+onlyoffice and fpm is not a service. I only know I am using fpm because the image I use is called 29-fpm.

Restarting the Docker container containing fpm should suffice.

I have restarted the server multiple times since then. I even updated the nextcloud version. The problem stays the same: when I copy a read-only file that I own, the copy is owned by me and fully accessible; when I copy a read-only file that I do not own, the copy stays read-only. Note: all the files are stored on S3 which could affect the behaviour.

My nextcloud version is now 29.0.6

joshtrichards commented 2 months ago

Can you post the output of occ config:list system from inside your container where you've made the change?

The Docker image uses multiple config files. Maybe something isn't working as expected here.

jcdufourd commented 2 months ago 
{
    "system": {
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "objectstore": {
            "class": "\\OC\\Files\\ObjectStore\\S3",
            "arguments": {
                "bucket": "mkpfrance-documents",
                "region": "eu-west-3",
                "hostname": "",
                "port": "443",
                "objectPrefix": "urn:oid:",
                "autocreate": false,
                "use_ssl": true,
                "use_path_style": false,
                "legacy_auth": false,
                "key": "***REMOVED SENSITIVE VALUE***",
                "secret": "***REMOVED SENSITIVE VALUE***",
                "handleCopiesAsOwned": true
            }
        },
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "home.dufourd.org:33333",
            "nginx-server"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "29.0.6.1",
        "overwrite.cli.url": "https:\/\/home.dufourd.org:33333",
        "installed": true,
        "defaultapp": "files",
        "auth.webauthn.enabled": false,
        "onlyoffice": {
            "verify_peer_off": true,
            "DocumentServerUrl": "\/ds-vpath\/",
            "DocumentServerInternalUrl": "https:\/\/home.dufourd.org:33333\/ds-vpath\/",
            "StorageUrl": "http:\/\/nginx-server\/",
            "jwt_secret": "***REMOVED SENSITIVE VALUE***",
            "jwt_header": "AuthorizationJwt",
            "allow_local_remote_servers": true
        },
        "overwriteprotocol": "https",
        "upgrade.disable-web": true,
        "maintenance": false,
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "mysql.utf8mb4": true,
        "loglevel": 0,
        "app_install_overwrite": [
            "backup",
            "hsts"
        ],
        "maintenance_window_start": 1,
        "htaccess.RewriteBase": "\/"
    }
}