diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2014-12-03 17:48:25 +0100 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2014-12-03 17:48:25 +0100 |
| commit | d30059d76ce04a9b2a4bd91d0261977bb0c972ce (patch) | |
| tree | ed37bb90b38213794821e3134be69f28e1cae211 | |
| parent | 5fe7781452e61042d863eda72afc272ccb5b14ad (diff) | |
| parent | f5d95139579fc1865f1f18e13aab24998d2e7d9d (diff) | |
| download | nextcloud-server-d30059d76ce04a9b2a4bd91d0261977bb0c972ce.tar.gz nextcloud-server-d30059d76ce04a9b2a4bd91d0261977bb0c972ce.zip | |
Merge pull request #12528 from owncloud/backport-12419
Allow read-only configuration
| -rw-r--r-- | config/config.sample.php | 9 | ||||
| -rw-r--r-- | lib/base.php | 6 | ||||
| -rw-r--r-- | lib/private/helper.php | 8 | ||||
| -rw-r--r-- | settings/admin.php | 2 | ||||
| -rw-r--r-- | settings/templates/admin.php | 20 |
5 files changed, 39 insertions, 6 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index 46b52586526..6da3a682f19 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -436,6 +436,15 @@ $CONFIG = array( */ 'check_for_working_htaccess' => true, +/** + * In certain environments it is desired to have a read-only config file. + * When this switch is set to ``true`` ownCloud will not verify whether the + * configuration is writable. However, it will not be possible to configure + * all options via the web-interface. Furthermore, when updating ownCloud + * it is required to make the config file writable again for the update + * process. + */ +'config_is_read_only' => false, /** * Logging diff --git a/lib/base.php b/lib/base.php index 27b12339b24..e99159df8cb 100644 --- a/lib/base.php +++ b/lib/base.php @@ -188,9 +188,9 @@ class OC { public static function checkConfig() { $l = OC_L10N::get('lib'); - if (file_exists(self::$configDir . "/config.php") - and !is_writable(self::$configDir . "/config.php") - ) { + $configFileWritable = file_exists(self::$configDir . "/config.php") && is_writable(self::$configDir . "/config.php"); + if (!$configFileWritable && !OC_Helper::isReadOnlyConfigEnabled() + || !$configFileWritable && \OCP\Util::needUpgrade()) { if (self::$CLI) { echo $l->t('Cannot write into "config" directory!')."\n"; echo $l->t('This can usually be fixed by giving the webserver write access to the config directory')."\n"; diff --git a/lib/private/helper.php b/lib/private/helper.php index 33233225e73..15cf8196243 100644 --- a/lib/private/helper.php +++ b/lib/private/helper.php @@ -1049,4 +1049,12 @@ class OC_Helper { return array('free' => $free, 'used' => $used, 'total' => $total, 'relative' => $relative); } + + /** + * Returns whether the config file is set manually to read-only + * @return bool + */ + public static function isReadOnlyConfigEnabled() { + return \OC::$server->getConfig()->getSystemValue('config_is_read_only', false); + } } diff --git a/settings/admin.php b/settings/admin.php index 9b1a822bbdc..31ead44134c 100644 --- a/settings/admin.php +++ b/settings/admin.php @@ -42,6 +42,7 @@ $tmpl->assign('mail_smtppassword', OC_Config::getValue( "mail_smtppassword", '' $tmpl->assign('entries', $entries); $tmpl->assign('entriesremain', $entriesremain); $tmpl->assign('htaccessworking', $htaccessworking); +$tmpl->assign('readOnlyConfigEnabled', OC_Helper::isReadOnlyConfigEnabled()); $tmpl->assign('isLocaleWorking', OC_Util::isSetLocaleWorking()); $tmpl->assign('isAnnotationsWorking', OC_Util::isAnnotationsWorking()); $tmpl->assign('has_fileinfo', OC_Util::fileInfoLoaded()); @@ -56,6 +57,7 @@ $tmpl->assign('shareEnforceExpireDate', OC_Appconfig::getValue('core', 'shareapi $excludeGroups = OC_Appconfig::getValue('core', 'shareapi_exclude_groups', 'no') === 'yes' ? true : false; $tmpl->assign('shareExcludeGroups', $excludeGroups); $excludedGroupsList = OC_Appconfig::getValue('core', 'shareapi_exclude_groups_list', ''); + $excludedGroupsList = explode(',', $excludedGroupsList); // FIXME: this should be JSON! $tmpl->assign('shareExcludedGroupsList', implode('|', $excludedGroupsList)); diff --git a/settings/templates/admin.php b/settings/templates/admin.php index 90426efa833..20b710744f3 100644 --- a/settings/templates/admin.php +++ b/settings/templates/admin.php @@ -62,14 +62,28 @@ if (!$_['isConnectedViaHTTPS']) { // is htaccess working ? if (!$_['htaccessworking']) { ?> -<div class="section"> - <h2><?php p($l->t('Security Warning'));?></h2> + <div class="section"> + <h2><?php p($l->t('Security Warning')); ?></h2> <span class="securitywarning"> <?php p($l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.')); ?> </span> -</div> + </div> +<?php +} + +// is read only config enabled +if ($_['readOnlyConfigEnabled']) { +?> +<div class="section"> + <h2><?php p($l->t('Read-Only config enabled'));?></h2> + + <span class="securitywarning"> + <?php p($l->t('The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update.')); ?> + </span> + + </div> <?php } |