search

nextcloud / serverinfo

📊 A monitoring app which creates a server info dashboard for admins
GNU Affero General Public License v3.0
96 stars 60 forks source link

Internal server error when ifconfig is unavailable (FreeBSD) #291

Closed Tsuroerusu closed 1 year ago

Tsuroerusu commented 3 years ago

I run a multi-tenant Nextcloud server in production with very tight security restrictions. One of those restrictions is that I use the chroot feature of PHP-FPM to prevent the Nextcloud instances from looking around in the system environment.

Inside my chroot environment is a very very minimal folder structure with /dev and /etc only containing what is necessary for OpenSSL to function, and no binaries or libraries at all (PHP-FPM loads everything it needs before chrooting). This has worked brilliantly for several years at this point with the usual feature here and there being unavailable, but nothing actually failing or not working. In fact, I have not previously had any apps, including serverinfo, "hard fail" because of this.

I use FreeBSD as my operating system, however I could imagine something similar happening on Linux under the right circumstances. For example, if SELinux was preventing serverinfo from getting information about the network configuration.

Steps to reproduce

  1. Install Nextcloud on FreeBSD.
  2. Delete or rename the "ifconfig" binary
  3. Open the serverinfo app.

Actual behaviour

When I go to the serverinfo app's page in the admin panel, I get an internal server error and when I then go back to the log, I see that it is failing because it cannot invoke the ifconfig command which is, deliberately, unavailable inside my chroot as I see no need for my instances looking at the network configuration. In fact, it is only on a single shared instance, where I am the administrator, that I even have the serverinfo app enabled.

Expected behaviour

In my opinion, this is rather backward. If the ifconfig binary is unavailable or gives the wrong output there should not be a hard error but rather, the features that relies on the output should simply be unavailable. In this case, I briefly tried running the instance with the chroot disabled and then serverinfo worked fine an showed a list of the available NICs in the system. Instead of giving an internal server error that stops everything from working (A hard error), the section where the list of NICs is shown should just say "Unavailable" and give a softer error in the log and thus not preventing the serverinfo app's other functions from working. At the very least it should be possible to disable the features relying on ifconfig in the case of FreeBSD or whatever network command is invoked on Linux which could be unavailable or restricted for all sorts of other reasons like SELinux policies. In my case, I also use FreeBSD jails which does not even use ifconfig inside the jail, making the binary even more unnecessary, as the network configuration is done by the host system before any services even start inside the jail.

Server configuration

Operating system: FreeBSD 12.2

Web server: Apache 2.4.46

Database: MariaDB 10.4.17

PHP version: 7.3.27

Nextcloud version: 20.0.8

Where did you install Nextcloud from: The official tar-ball available from Nextcloud.

Logs

Nextcloud log (data/owncloud.log)

[index] Error: RuntimeException: No output for command: "/sbin/ifconfig -a" at <<closure>>

 0. /var/www/public_html/apps/serverinfo/lib/OperatingSystems/FreeBSD.php line 168
    OCA\ServerInfo\OperatingSystems\FreeBSD->executeCommand("/sbin/ifconfig -a")
 1. /var/www/public_html/apps/serverinfo/lib/Os.php line 132
    OCA\ServerInfo\OperatingSystems\FreeBSD->getNetworkInterfaces()
 2. /var/www/public_html/apps/serverinfo/lib/Settings/AdminSettings.php line 111
    OCA\ServerInfo\Os->getNetworkInterfaces()
 3. /var/www/public_html/apps/settings/lib/Controller/CommonSettingsTrait.php line 141
    OCA\ServerInfo\Settings\AdminSettings->getForm()
 4. /var/www/public_html/apps/settings/lib/Controller/AdminSettingsController.php line 83
    OCA\Settings\Controller\AdminSettingsController->formatSettings([[OCA\ServerInfo ... ]])
 5. /var/www/public_html/apps/settings/lib/Controller/CommonSettingsTrait.php line 152
    OCA\Settings\Controller\AdminSettingsController->getSettings("serverinfo")
 6. /var/www/public_html/apps/settings/lib/Controller/AdminSettingsController.php line 68
    OCA\Settings\Controller\AdminSettingsController->getIndexResponse("admin", "serverinfo")
 7. /var/www/public_html/lib/private/AppFramework/Http/Dispatcher.php line 169
    OCA\Settings\Controller\AdminSettingsController->index("serverinfo")
 8. /var/www/public_html/lib/private/AppFramework/Http/Dispatcher.php line 100
    OC\AppFramework\Http\Dispatcher->executeController(OCA\Settings\Con ... {}, "index")
 9. /var/www/public_html/lib/private/AppFramework/App.php line 152
    OC\AppFramework\Http\Dispatcher->dispatch(OCA\Settings\Con ... {}, "index")
10. /var/www/public_html/lib/private/Route/Router.php line 309
    OC\AppFramework\App::main("OCA\\Settings\\ ... r", "index", OC\AppFramework\ ... {}, {section: "serve ... "})
11. /var/www/public_html/lib/base.php line 1008
    OC\Route\Router->match("/settings/admin/serverinfo")
12. /var/www/public_html/index.php line 37
    OC::handleRequest()

Screenshot

ifconfig_error-1

ifconfig_error-2

ghost commented 3 years ago

You may want to try this patch. Replace /path/to/nextlcoud/apps/serverinfo/lib/OperatingSystems/FreeBSD.php with it. https://raw.githubusercontent.com/HouraisanNEET/serverinfo/patch-bsd/lib/OperatingSystems/FreeBSD.php

joshtrichards commented 1 year ago

Thanks for the report! Since fixed in #300.