summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2014-12-01 16:37:29 +0100
committerThomas Müller <thomas.mueller@tmit.eu>2014-12-01 16:37:29 +0100
commit0769556989f3426d1c8ab51043518e2748b143fe (patch)
treea32f4b4cf9fd1904dec339aed3e52da09c7171fa
parent8db4dd7585aa9daebb32a3f3305f4061b17c316d (diff)
parentfc116f563fec20447e7300605d940cada975154c (diff)
downloadnextcloud-server-0769556989f3426d1c8ab51043518e2748b143fe.tar.gz
nextcloud-server-0769556989f3426d1c8ab51043518e2748b143fe.zip
Merge pull request #12419 from owncloud/read-only-config
Allow read-only configuration
-rw-r--r--config/config.sample.php9
-rw-r--r--lib/base.php6
-rw-r--r--lib/private/helper.php8
-rw-r--r--settings/admin.php1
-rw-r--r--settings/templates/admin.php20
5 files changed, 38 insertions, 6 deletions
diff --git a/config/config.sample.php b/config/config.sample.php
index 26cc356fd04..78faf064a8b 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -441,6 +441,15 @@ $CONFIG = array(
*/
'check_for_working_htaccess' => true,
+/**
+ * In certain environments it is desired to have a read-only config file.
+ * When this switch is set to ``true`` ownCloud will not verify whether the
+ * configuration is writable. However, it will not be possible to configure
+ * all options via the web-interface. Furthermore, when updating ownCloud
+ * it is required to make the config file writable again for the update
+ * process.
+ */
+'config_is_read_only' => false,
/**
* Logging
diff --git a/lib/base.php b/lib/base.php
index cd5d8feb1f6..74b668551ab 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -188,9 +188,9 @@ class OC {
public static function checkConfig() {
$l = \OC::$server->getL10N('lib');
- if (file_exists(self::$configDir . "/config.php")
- and !is_writable(self::$configDir . "/config.php")
- ) {
+ $configFileWritable = file_exists(self::$configDir . "/config.php") && is_writable(self::$configDir . "/config.php");
+ if (!$configFileWritable && !OC_Helper::isReadOnlyConfigEnabled()
+ || !$configFileWritable && \OCP\Util::needUpgrade()) {
if (self::$CLI) {
echo $l->t('Cannot write into "config" directory!')."\n";
echo $l->t('This can usually be fixed by giving the webserver write access to the config directory')."\n";
diff --git a/lib/private/helper.php b/lib/private/helper.php
index d43eefcdc52..0e302275540 100644
--- a/lib/private/helper.php
+++ b/lib/private/helper.php
@@ -973,4 +973,12 @@ class OC_Helper {
return array('free' => $free, 'used' => $used, 'total' => $total, 'relative' => $relative);
}
+
+ /**
+ * Returns whether the config file is set manually to read-only
+ * @return bool
+ */
+ public static function isReadOnlyConfigEnabled() {
+ return \OC::$server->getConfig()->getSystemValue('config_is_read_only', false);
+ }
}
diff --git a/settings/admin.php b/settings/admin.php
index a669974891c..50a4ac4f1c8 100644
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -33,6 +33,7 @@ $template->assign('mail_smtppassword', $config->getSystemValue("mail_smtppasswor
$template->assign('entries', $entries);
$template->assign('entriesremain', $entriesRemaining);
$template->assign('htaccessworking', $htAccessWorking);
+$template->assign('readOnlyConfigEnabled', OC_Helper::isReadOnlyConfigEnabled());
$template->assign('isLocaleWorking', OC_Util::isSetLocaleWorking());
$template->assign('isPhpCharSetUtf8', OC_Util::isPhpCharSetUtf8());
$template->assign('isAnnotationsWorking', OC_Util::isAnnotationsWorking());
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index 166e36a3605..d29ea4c7f7f 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -86,14 +86,28 @@ if (!$_['isConnectedViaHTTPS']) {
// is htaccess working ?
if (!$_['htaccessworking']) {
?>
-<div class="section">
- <h2><?php p($l->t('Security Warning'));?></h2>
+ <div class="section">
+ <h2><?php p($l->t('Security Warning')); ?></h2>
<span class="securitywarning">
<?php p($l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.')); ?>
</span>
-</div>
+ </div>
+<?php
+}
+
+// is read only config enabled
+if ($_['readOnlyConfigEnabled']) {
+?>
+<div class="section">
+ <h2><?php p($l->t('Read-Only config enabled'));?></h2>
+
+ <span class="securitywarning">
+ <?php p($l->t('The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update.')); ?>
+ </span>
+
+ </div>
<?php
}
// Are doc blocks accessible?