diff options
author | Vincent Petry <pvince81@owncloud.com> | 2014-06-26 17:03:23 +0200 |
---|---|---|
committer | Vincent Petry <pvince81@owncloud.com> | 2014-06-26 17:03:23 +0200 |
commit | 8526556110f9fb9d2d5f9bf7742b38189f6ae482 (patch) | |
tree | fefd1df6bb18791331d864c110b1bc8d6d0dc5a5 | |
parent | 46adf8cb195e1d76f36ef6bd91c4361dcdb40f05 (diff) | |
parent | 9a2ed86672d5d7a162263448070ed1c562ef2515 (diff) | |
download | nextcloud-server-8526556110f9fb9d2d5f9bf7742b38189f6ae482.tar.gz nextcloud-server-8526556110f9fb9d2d5f9bf7742b38189f6ae482.zip |
Merge pull request #9206 from owncloud/occ-scan-user
Prevent running the files:scan command as the wrong user
-rw-r--r-- | apps/files/command/scan.php | 31 | ||||
-rw-r--r-- | lib/private/files/utils/scanner.php | 11 |
2 files changed, 28 insertions, 14 deletions
diff --git a/apps/files/command/scan.php b/apps/files/command/scan.php index 1e7b54bb01e..3412cf80dea 100644 --- a/apps/files/command/scan.php +++ b/apps/files/command/scan.php @@ -9,6 +9,7 @@ namespace OCA\Files\Command; +use OC\ForbiddenException; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Input\InputArgument; use Symfony\Component\Console\Input\InputInterface; @@ -32,28 +33,32 @@ class Scan extends Command { ->setName('files:scan') ->setDescription('rescan filesystem') ->addArgument( - 'user_id', - InputArgument::OPTIONAL | InputArgument::IS_ARRAY, - 'will rescan all files of the given user(s)' - ) + 'user_id', + InputArgument::OPTIONAL | InputArgument::IS_ARRAY, + 'will rescan all files of the given user(s)' + ) ->addOption( - 'all', - null, - InputOption::VALUE_NONE, - 'will rescan all files of all known users' - ) - ; + 'all', + null, + InputOption::VALUE_NONE, + 'will rescan all files of all known users' + ); } protected function scanFiles($user, OutputInterface $output) { $scanner = new \OC\Files\Utils\Scanner($user); - $scanner->listen('\OC\Files\Utils\Scanner', 'scanFile', function($path) use ($output) { + $scanner->listen('\OC\Files\Utils\Scanner', 'scanFile', function ($path) use ($output) { $output->writeln("Scanning <info>$path</info>"); }); - $scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function($path) use ($output) { + $scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function ($path) use ($output) { $output->writeln("Scanning <info>$path</info>"); }); - $scanner->scan(''); + try { + $scanner->scan(''); + } catch (ForbiddenException $e) { + $output->writeln("<error>Home storage for user $user not writable</error>"); + $output->writeln("Make sure you're running the scan command only as the user the web server runs as"); + } } protected function execute(InputInterface $input, OutputInterface $output) { diff --git a/lib/private/files/utils/scanner.php b/lib/private/files/utils/scanner.php index 1bb3e694c96..c2fabf51946 100644 --- a/lib/private/files/utils/scanner.php +++ b/lib/private/files/utils/scanner.php @@ -11,6 +11,7 @@ namespace OC\Files\Utils; use OC\Files\View; use OC\Files\Cache\ChangePropagator; use OC\Files\Filesystem; +use OC\ForbiddenException; use OC\Hooks\PublicEmitter; /** @@ -104,6 +105,7 @@ class Scanner extends PublicEmitter { /** * @param string $dir + * @throws \OC\ForbiddenException */ public function scan($dir) { $mounts = $this->getMounts($dir); @@ -111,7 +113,14 @@ class Scanner extends PublicEmitter { if (is_null($mount->getStorage())) { continue; } - $scanner = $mount->getStorage()->getScanner(); + $storage = $mount->getStorage(); + // if the home storage isn't writable then the scanner is run as the wrong user + if ($storage->instanceOfStorage('\OC\Files\Storage\Home') and + (!$storage->isCreatable('') or !$storage->isCreatable('files')) + ) { + throw new ForbiddenException(); + } + $scanner = $storage->getScanner(); $this->attachListener($mount); $scanner->scan('', \OC\Files\Cache\Scanner::SCAN_RECURSIVE, \OC\Files\Cache\Scanner::REUSE_ETAG | \OC\Files\Cache\Scanner::REUSE_SIZE); } |