Adds a setup check for app directory permissions.

Signed-off-by: Michael Weimann <mail@michael-weimann.eu>

2 files changed, 49 insertions, 1 deletions

diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js
index 93072981e99..13e351445e9 100644
--- a/core/js/setupchecks.js
+++ b/core/js/setupchecks.js
@@ -316,6 +316,23 @@
 							type: OC.SetupChecks.MESSAGE_TYPE_WARNING
 						});
 					}
+
+					if(data.appDirsWithDifferentOwner.length > 0) {
+						var appDirsWithDifferentOwner = data.appDirsWithDifferentOwner.reduce(
+							function(appDirsWithDifferentOwner, directory) {
+								return appDirsWithDifferentOwner + '<li>' + directory + '</li>';
+							},
+							''
+						);
+						messages.push({
+							msg: t('core', 'Some app directories are owned by a different user than the web server one. ' +
+									'This may be the case if apps have been installed manually. ' +
+									'Check the permissions of the following app directories:')
+									+ '<ul>' + appDirsWithDifferentOwner + '</ul>',
+							type: OC.SetupChecks.MESSAGE_TYPE_WARNING
+						});
+					}
+
 				} else {
 					messages.push({
 						msg: t('core', 'Error occurred while checking server setup'),
diff --git a/settings/Controller/CheckSetupController.php b/settings/Controller/CheckSetupController.php
index c706d6e7350..d3b520a7686 100644
--- a/settings/Controller/CheckSetupController.php
+++ b/settings/Controller/CheckSetupController.php
@@ -31,9 +31,11 @@
 namespace OC\Settings\Controller;
 
 use bantu\IniGetWrapper\IniGetWrapper;
+use DirectoryIterator;
 use Doctrine\DBAL\DBALException;
 use Doctrine\DBAL\Platforms\SqlitePlatform;
 use GuzzleHttp\Exception\ClientException;
+use OC;
 use OC\AppFramework\Http;
 use OC\DB\Connection;
 use OC\DB\MissingIndexInformation;
@@ -530,6 +532,34 @@ Raw output
 	}
 
 	/**
+	 * Iterates through the configured app roots and
+	 * tests if the subdirectories are owned by the same user than the current user.
+	 *
+	 * @return array
+	 */
+	protected function getAppDirsWithDifferentOwner(): array {
+		$currentUser = posix_getpwuid(posix_getuid());
+		$appDirsWithDifferentOwner = [];
+
+		foreach (OC::$APPSROOTS as $appRoot) {
+			$appsPath = $appRoot['path'];
+			$appsDir = new DirectoryIterator($appRoot['path']);
+			foreach ($appsDir as $fileInfo) {
+				if ($fileInfo->isDir() && !$fileInfo->isDot()) {
+					$absAppPath = $appsPath . DIRECTORY_SEPARATOR . $fileInfo->getFilename();
+					$appDirUser = posix_getpwuid(fileowner($absAppPath));
+					if ($appDirUser !== $currentUser) {
+						$appDirsWithDifferentOwner[] = $absAppPath . DIRECTORY_SEPARATOR . $fileInfo->getFilename();
+					}
+				}
+			}
+		}
+
+		sort($appDirsWithDifferentOwner);
+		return $appDirsWithDifferentOwner;
+	}
+
+	/**
 	 * @return DataResponse
 	 */
 	public function check() {
@@ -565,7 +595,8 @@ Raw output
 				'isSqliteUsed' => $this->isSqliteUsed(),
 				'databaseConversionDocumentation' => $this->urlGenerator->linkToDocs('admin-db-conversion'),
 				'isPhpMailerUsed' => $this->isPhpMailerUsed(),
-				'mailSettingsDocumentation' => $this->urlGenerator->getAbsoluteURL('index.php/settings/admin')
+				'mailSettingsDocumentation' => $this->urlGenerator->getAbsoluteURL('index.php/settings/admin'),
+				'appDirsWithDifferentOwner' => $this->getAppDirsWithDifferentOwner(),
 			]
 		);
 	}