Merge pull request #10628 from nextcloud/feature/10154/app-directory-permission-check

Adds a permission check for app directories

1 files changed, 52 insertions, 1 deletions

diff --git a/settings/Controller/CheckSetupController.php b/settings/Controller/CheckSetupController.php
index c706d6e7350..e6c88b6f7ca 100644
--- a/settings/Controller/CheckSetupController.php
+++ b/settings/Controller/CheckSetupController.php
@@ -31,9 +31,11 @@
 namespace OC\Settings\Controller;
 
 use bantu\IniGetWrapper\IniGetWrapper;
+use DirectoryIterator;
 use Doctrine\DBAL\DBALException;
 use Doctrine\DBAL\Platforms\SqlitePlatform;
 use GuzzleHttp\Exception\ClientException;
+use OC;
 use OC\AppFramework\Http;
 use OC\DB\Connection;
 use OC\DB\MissingIndexInformation;
@@ -530,6 +532,54 @@ Raw output
 	}
 
 	/**
+	 * Iterates through the configured app roots and
+	 * tests if the subdirectories are owned by the same user than the current user.
+	 *
+	 * @return array
+	 */
+	protected function getAppDirsWithDifferentOwner(): array {
+		$currentUser = posix_getpwuid(posix_getuid());
+		$appDirsWithDifferentOwner = [];
+
+		foreach (OC::$APPSROOTS as $appRoot) {
+			if ($appRoot['writable'] === true) {
+				$appDirsWithDifferentOwner = array_merge(
+					$appDirsWithDifferentOwner,
+					$this->getAppDirsWithDifferentOwnerForAppRoot($currentUser, $appRoot)
+				);
+			}
+		}
+
+		sort($appDirsWithDifferentOwner);
+		return $appDirsWithDifferentOwner;
+	}
+
+	/**
+	 * Tests if the directories for one apps directory are writable by the current user.
+	 *
+	 * @param array $currentUser The current user
+	 * @param array $appRoot The app root config
+	 * @return string[] The none writable directory paths inside the app root
+	 */
+	private function getAppDirsWithDifferentOwnerForAppRoot(array $currentUser, array $appRoot): array {
+		$appDirsWithDifferentOwner = [];
+		$appsPath = $appRoot['path'];
+		$appsDir = new DirectoryIterator($appRoot['path']);
+
+		foreach ($appsDir as $fileInfo) {
+			if ($fileInfo->isDir() && !$fileInfo->isDot()) {
+				$absAppPath = $appsPath . DIRECTORY_SEPARATOR . $fileInfo->getFilename();
+				$appDirUser = posix_getpwuid(fileowner($absAppPath));
+				if ($appDirUser !== $currentUser) {
+					$appDirsWithDifferentOwner[] = $absAppPath . DIRECTORY_SEPARATOR . $fileInfo->getFilename();
+				}
+			}
+		}
+
+		return $appDirsWithDifferentOwner;
+	}
+
+	/**
 	 * @return DataResponse
 	 */
 	public function check() {
@@ -565,7 +615,8 @@ Raw output
 				'isSqliteUsed' => $this->isSqliteUsed(),
 				'databaseConversionDocumentation' => $this->urlGenerator->linkToDocs('admin-db-conversion'),
 				'isPhpMailerUsed' => $this->isPhpMailerUsed(),
-				'mailSettingsDocumentation' => $this->urlGenerator->getAbsoluteURL('index.php/settings/admin')
+				'mailSettingsDocumentation' => $this->urlGenerator->getAbsoluteURL('index.php/settings/admin'),
+				'appDirsWithDifferentOwner' => $this->getAppDirsWithDifferentOwner(),
 			]
 		);
 	}