A config.php option to disable apps file ownership check #12599
Comments
|
GitMate.io thinks possibly related issues are #1358 (config.php - Disable Remember Login), #3581 (Disabling app store in config.php does not work as expected), #2959 (Disabled appstore in config.php still access the store), #3269 (Default config.php appstore), and #6616 (Config files after apache reinstall). |
|
In which setup is the data folder not owned by the webserver user? |
|
@ChristophWurst When using PHP-FPM that could actually easily be the case, especially if its a multi-tenant setup. So for example with my setup, Apache runs as the www user and I configure a separate virtual host as well as a separate PHP-FPM pool running as a separate user+group for each individual Nextcloud instance. This way, the config.php file (Albeit with a special file flag, so that config.php only writeable by the root user, despite its ownership) and the storage folder are owned by the an account separate both from other user accounts and from Apache. That way, one Nextcloud instance cannot read the data or configuration of another and I can regulate the CPU+RAM resources allocated to each Nextcloud instance. Apache can also not itself access the storage, only the PHP-FPM instance with the right ownership settings can do that (Because I also run these PHP-FPM settings with a restricted umask setting). Finally, all of the Nextcloud application files (The PHP files etc.) are owned by the root user, because I do not want it to be able to modify itself and I have scripts that do upgrades, so users do not have to either worry about that or be able to do that. This is a very locked down and you might say privilege separated setup. I have found that it actually works very well, but I would appreciate some knobs so that I can tell Nextcloud to not throw warnings because the security settings are so tight. Several months ago, I also proposed a knob to gray-out the options that cannot be configured when the config.php is not writeable, so that a user does not try to change their mail settings: Gray-out relevant configuration options when config_is_read_only is set (#8960) |
|
I would also welcome such an option, i read more or less the same setup with a distinct user for code & data. |
|
This issue has been automatically marked as stale because it has not had recent activity and it seems to be missing some essential informations. It will be closed if no further activity occurs. Thank you for your contributions. |
ghost
added
the
I run hosted Nextcloud service for my customers, my setup is very restricted in terms of the file permissions and other security settings. E.g. I keep all of the Nextcloud application (Core + Apps) files with the root user as the owner and group and 644 permissions. The config file I keep owned by the PHP user, however I use other means to keep it non-writeable. In short, my setup has both belts, suspenders and multiple locks in terms of the security.
However, after upgrading to Nextcloud 14, I noticed something really annoying. In the "Overview" section of the admin settings, I get a yellow warning about the permissions of the apps folders not being the same as the web server user. And it shows the full path of all the files etc.
While I appreciate the idea of my users knowing how secure my setup is, this is not particularly elegant and might make them think that something is wrong. I am aware what this warning is intended for, and thus I would hope that a config.php-option could be added to allow me to disable this check, because, as I mentioned, I deliberately make the apps folder non-writeable.
Steps to reproduce
Expected behaviour
A config.php option, perhaps similar to 'check_data_directory_permissions', to disable the check for file ownership.
Actual behaviour
Shows warnings when a restrictive file ownership scheme is configured.
The text was updated successfully, but these errors were encountered: