summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVincent Petry <pvince81@owncloud.com>2014-06-26 17:03:23 +0200
committerVincent Petry <pvince81@owncloud.com>2014-06-26 17:03:23 +0200
commit8526556110f9fb9d2d5f9bf7742b38189f6ae482 (patch)
treefefd1df6bb18791331d864c110b1bc8d6d0dc5a5
parent46adf8cb195e1d76f36ef6bd91c4361dcdb40f05 (diff)
parent9a2ed86672d5d7a162263448070ed1c562ef2515 (diff)
downloadnextcloud-server-8526556110f9fb9d2d5f9bf7742b38189f6ae482.tar.gz
nextcloud-server-8526556110f9fb9d2d5f9bf7742b38189f6ae482.zip
Merge pull request #9206 from owncloud/occ-scan-user
Prevent running the files:scan command as the wrong user
-rw-r--r--apps/files/command/scan.php31
-rw-r--r--lib/private/files/utils/scanner.php11
2 files changed, 28 insertions, 14 deletions
diff --git a/apps/files/command/scan.php b/apps/files/command/scan.php
index 1e7b54bb01e..3412cf80dea 100644
--- a/apps/files/command/scan.php
+++ b/apps/files/command/scan.php
@@ -9,6 +9,7 @@
namespace OCA\Files\Command;
+use OC\ForbiddenException;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
@@ -32,28 +33,32 @@ class Scan extends Command {
->setName('files:scan')
->setDescription('rescan filesystem')
->addArgument(
- 'user_id',
- InputArgument::OPTIONAL | InputArgument::IS_ARRAY,
- 'will rescan all files of the given user(s)'
- )
+ 'user_id',
+ InputArgument::OPTIONAL | InputArgument::IS_ARRAY,
+ 'will rescan all files of the given user(s)'
+ )
->addOption(
- 'all',
- null,
- InputOption::VALUE_NONE,
- 'will rescan all files of all known users'
- )
- ;
+ 'all',
+ null,
+ InputOption::VALUE_NONE,
+ 'will rescan all files of all known users'
+ );
}
protected function scanFiles($user, OutputInterface $output) {
$scanner = new \OC\Files\Utils\Scanner($user);
- $scanner->listen('\OC\Files\Utils\Scanner', 'scanFile', function($path) use ($output) {
+ $scanner->listen('\OC\Files\Utils\Scanner', 'scanFile', function ($path) use ($output) {
$output->writeln("Scanning <info>$path</info>");
});
- $scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function($path) use ($output) {
+ $scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function ($path) use ($output) {
$output->writeln("Scanning <info>$path</info>");
});
- $scanner->scan('');
+ try {
+ $scanner->scan('');
+ } catch (ForbiddenException $e) {
+ $output->writeln("<error>Home storage for user $user not writable</error>");
+ $output->writeln("Make sure you're running the scan command only as the user the web server runs as");
+ }
}
protected function execute(InputInterface $input, OutputInterface $output) {
diff --git a/lib/private/files/utils/scanner.php b/lib/private/files/utils/scanner.php
index 1bb3e694c96..c2fabf51946 100644
--- a/lib/private/files/utils/scanner.php
+++ b/lib/private/files/utils/scanner.php
@@ -11,6 +11,7 @@ namespace OC\Files\Utils;
use OC\Files\View;
use OC\Files\Cache\ChangePropagator;
use OC\Files\Filesystem;
+use OC\ForbiddenException;
use OC\Hooks\PublicEmitter;
/**
@@ -104,6 +105,7 @@ class Scanner extends PublicEmitter {
/**
* @param string $dir
+ * @throws \OC\ForbiddenException
*/
public function scan($dir) {
$mounts = $this->getMounts($dir);
@@ -111,7 +113,14 @@ class Scanner extends PublicEmitter {
if (is_null($mount->getStorage())) {
continue;
}
- $scanner = $mount->getStorage()->getScanner();
+ $storage = $mount->getStorage();
+ // if the home storage isn't writable then the scanner is run as the wrong user
+ if ($storage->instanceOfStorage('\OC\Files\Storage\Home') and
+ (!$storage->isCreatable('') or !$storage->isCreatable('files'))
+ ) {
+ throw new ForbiddenException();
+ }
+ $scanner = $storage->getScanner();
$this->attachListener($mount);
$scanner->scan('', \OC\Files\Cache\Scanner::SCAN_RECURSIVE, \OC\Files\Cache\Scanner::REUSE_ETAG | \OC\Files\Cache\Scanner::REUSE_SIZE);
}