[Bug]: occ disables Nextcloud node in read-only configuration trying to update the enterprise license

sowjanyakch commented 1 month ago

⚠️ This issue respects the following points: ⚠️

[x] This is a bug, not a question or a configuration/webserver/proxy issue.
[x] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
[x] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
[x] I agree to follow Nextcloud's Code of Conduct.

Bug description

user discovered a critical problem while running the occ trashbin:cleanup command for a user with many files and folders. The Nextcloud node becomes unusable when it attempts to update the enterprise license, resulting in the following errors:

occ trashbin:cleanup _selenium_host
Remove deleted files of   _selenium_host
sh: 1: cannot create /var/www/html/config/config.php.tmp: Permission denied
cp: cannot stat '/var/www/html/config/config.php.tmp': No such file or directory
rm: cannot remove '/var/www/html/config/config.php.tmp': No such file or directory

Steps to reproduce

-

Expected behavior

occ trashbin:cleanup command should be executed without causing permission errors or rendering the node inoperable

Nextcloud Server version

29

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

[ ] Default user-backend (database)
[ ] LDAP/ Active Directory
[ ] SSO - SAML
[ ] Other

List of activated Apps

Enabled:
 - activity: 2.21.1
 - admin_audit: 1.19.0
 - announcementcenter: 7.0.0
 - assistant: 1.1.0
 - bruteforcesettings: 2.9.0
 - calendar: 4.7.16
 - checksum: 1.2.4
 - circles: 29.0.0-dev
 - cloud_federation_api: 1.12.0
 - collectives: 2.14.4
 - comments: 1.19.0
 - contacts: 6.0.0
 - contactsinteraction: 1.10.0
 - dashboard: 7.9.0
 - dav: 1.30.1
 - dicomviewer: 2.1.2
 - federatedfilesharing: 1.19.0
 - federation: 1.19.0
 - files: 2.1.1
 - files_accesscontrol: 1.19.1
 - files_automatedtagging: 1.19.0
 - files_confidential: 3.0.3
 - files_downloadlimit: 2.0.0
 - files_external: 1.21.0
 - files_pdfviewer: 2.10.0
 - files_reminders: 1.2.0
 - files_sharing: 1.21.0
 - files_trashbin: 1.19.0
 - files_versions: 1.22.0
 - forms: 4.2.4
 - integration_jupyterhub: 0.1.2
 - integration_openai: 2.0.3
 - logreader: 2.14.0
 - lookup_server_connector: 1.17.0
 - mail: 3.7.8
 - mfazones: 0.2.1
 - nextcloud_announcements: 1.18.0
 - notifications: 2.17.0
 - oauth2: 1.17.1
 - password_policy: 1.19.0
 - photos: 2.5.0
 - polls: 7.2.4
 - privacy: 1.13.0
 - provisioning_api: 1.19.0
 - rds: 0.0.3
 - recommendations: 2.1.0
 - related_resources: 1.4.0
 - richdocuments: 8.4.6
 - security_guard: 2.0.1
 - serverinfo: 1.19.0
 - settings: 1.12.0
 - sharebymail: 1.19.0
 - stepupauth: 0.2.0
 - stt_helper: 1.1.1
 - support: 1.12.0
 - systemtags: 1.19.0
 - tasks: 0.16.1
 - text: 3.10.1
 - text2image_helper: 1.0.2
 - theming: 2.4.0
 - twofactor_admin: 4.5.0
 - twofactor_backupcodes: 1.18.0
 - twofactor_totp: 11.0.0-dev
 - twofactor_webauthn: 1.4.0
 - updatenotification: 1.19.1
 - user_saml: 6.3.0
 - user_status: 1.9.0
 - viewer: 2.3.0
 - weather_status: 1.9.0
 - workflowengine: 2.11.0

Disabled:
 - drive_email_template
 - edusign: 0.0.3
 - encryption
 - files_lock: 29.0.1
 - firstrunwizard: 2.18.0
 - globalsiteselector: 2.5.1
 - login_notes
 - sciencemesh: 0.5.0
 - survey_client: 1.14.0
 - suspicious_login
 - theming_customcss
 - user_ldap

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response

joshtrichards commented 1 month ago

I don't know of anywhere we invoke commands via sh for basic filesystem functions, particularly the config. We'd just do all that inline.

The Nextcloud node becomes unusable when it attempts to update the enterprise license, resulting in the following errors:

Why/where is it attempting to update the license?

occ trashbin:cleanup command should be executed without causing permission errors or rendering the node inoperable

Is this truly specific to trashbin:cleanup... Or is it any occ command?

They have their config marked as read-only so the config folder not being writeable kind of makes sense.

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#config-is-read-only

It does look like a shell script that attempts to manipulate the config is failing due to permissions issues.

Are they wrapping occ in a shell script or something?

danxuliu commented 3 weeks ago

Are they wrapping occ in a shell script or something?

Good catch!

In the reported setup the configuration file is usually read only at the file system level and only made writable when needed through an script, which then restores the file to read only. The script also switches config_is_read_only between true and false as needed.

However, for some unknown reason it seems that the configuration file was set again as read only at the file system level without setting 'config_is_read_only' => true first (when the issue happened, it was later set when the configuration was provided), which is what caused the instance to be unusable (because if the configuration file is not writable but 'config_is_read_only' => true is not set an error will be shown even when opening a page).

It is unlikely that changes in the permissions of the configuration file were caused by the occ command or the update of the enterprise license, though 🤔

nextcloud / server