aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJonas Meurer <jonas@freesources.org>2021-12-06 12:40:57 +0100
committerJonas Meurer <jonas@freesources.org>2021-12-13 13:14:17 +0100
commit241dfef7fb07cb5908ef6bed0f584ebeb277f653 (patch)
tree36c05463bbf636a6d7c2017146d73bdb5b820862
parente8ce7a3e5f0441623ec6d39873f20e8e70f38a37 (diff)
downloadnextcloud-server-241dfef7fb07cb5908ef6bed0f584ebeb277f653.tar.gz
nextcloud-server-241dfef7fb07cb5908ef6bed0f584ebeb277f653.zip
Don't write to config file if `config_is_read_only` is set
Also don't write to cache in this case to prevent cache and config file being out of sync. Fixes: #29901 Signed-off-by: Jonas Meurer <jonas@freesources.org>
-rw-r--r--config/config.sample.php10
-rw-r--r--lib/private/Config.php26
-rw-r--r--lib/public/IConfig.php2
3 files changed, 33 insertions, 5 deletions
diff --git a/config/config.sample.php b/config/config.sample.php
index 4a28748b69c..8db16ca88be 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -809,11 +809,11 @@ $CONFIG = [
/**
* In certain environments it is desired to have a read-only configuration file.
- * When this switch is set to ``true`` Nextcloud will not verify whether the
- * configuration is writable. However, it will not be possible to configure
- * all options via the Web interface. Furthermore, when updating Nextcloud
- * it is required to make the configuration file writable again for the update
- * process.
+ * When this switch is set to ``true``, writing to the config file will be
+ * forbidden. Therefore, it will not be possible to configure all options via
+ * the Web interface. Furthermore, when updating Nextcloud it is required to
+ * make the configuration file writable again and to set this switch to ``false``
+ * for the update process.
*
* Defaults to ``false``
*/
diff --git a/lib/private/Config.php b/lib/private/Config.php
index 2a83d2300dc..b044d0731a3 100644
--- a/lib/private/Config.php
+++ b/lib/private/Config.php
@@ -57,6 +57,8 @@ class Config {
protected $configFilePath;
/** @var string */
protected $configFileName;
+ /** @var bool */
+ protected $isReadOnly;
/**
* @param string $configDir Path to the config dir, needs to end with '/'
@@ -67,6 +69,7 @@ class Config {
$this->configFilePath = $this->configDir.$fileName;
$this->configFileName = $fileName;
$this->readData();
+ $this->isReadOnly = $this->getValue('config_is_read_only', false);
}
/**
@@ -109,6 +112,7 @@ class Config {
*
* @param array $configs Associative array with `key => value` pairs
* If value is null, the config key will be deleted
+ * @throws HintException
*/
public function setValues(array $configs) {
$needsUpdate = false;
@@ -131,6 +135,7 @@ class Config {
*
* @param string $key key
* @param mixed $value value
+ * @throws HintException
*/
public function setValue($key, $value) {
if ($this->set($key, $value)) {
@@ -145,8 +150,11 @@ class Config {
* @param string $key key
* @param mixed $value value
* @return bool True if the file needs to be updated, false otherwise
+ * @throws HintException
*/
protected function set($key, $value) {
+ $this->checkReadOnly();
+
if (!isset($this->cache[$key]) || $this->cache[$key] !== $value) {
// Add change
$this->cache[$key] = $value;
@@ -158,7 +166,9 @@ class Config {
/**
* Removes a key from the config and removes it from config.php if required
+ *
* @param string $key
+ * @throws HintException
*/
public function deleteKey($key) {
if ($this->delete($key)) {
@@ -172,8 +182,11 @@ class Config {
*
* @param string $key
* @return bool True if the file needs to be updated, false otherwise
+ * @throws HintException
*/
protected function delete($key) {
+ $this->checkReadOnly();
+
if (isset($this->cache[$key])) {
// Delete key from cache
unset($this->cache[$key]);
@@ -239,6 +252,8 @@ class Config {
* @throws \Exception If no file lock can be acquired
*/
private function writeData() {
+ $this->checkReadOnly();
+
// Create a php file ...
$content = "<?php\n";
$content .= '$CONFIG = ';
@@ -274,4 +289,15 @@ class Config {
@opcache_invalidate($this->configFilePath, true);
}
}
+
+ /**
+ * @throws HintException
+ */
+ private function checkReadOnly(): void {
+ if ($this->isReadOnly) {
+ throw new HintException(
+ 'Config is set to be read-only via option "config_is_read_only".',
+ 'Unset "config_is_read_only" to allow changes to the config file.');
+ }
+ }
}
diff --git a/lib/public/IConfig.php b/lib/public/IConfig.php
index 6b396624556..33b9c97971a 100644
--- a/lib/public/IConfig.php
+++ b/lib/public/IConfig.php
@@ -47,6 +47,7 @@ interface IConfig {
*
* @param array $configs Associative array with `key => value` pairs
* If value is null, the config key will be deleted
+ * @throws HintException if config file is read-only
* @since 8.0.0
*/
public function setSystemValues(array $configs);
@@ -56,6 +57,7 @@ interface IConfig {
*
* @param string $key the key of the value, under which will be saved
* @param mixed $value the value that should be stored
+ * @throws HintException if config file is read-only
* @since 8.0.0
*/
public function setSystemValue($key, $value);