diff options
| -rw-r--r-- | config/config.sample.php | 15 | ||||
| -rw-r--r-- | lib/base.php | 6 | ||||
| -rw-r--r-- | lib/private/helper.php | 8 | ||||
| -rw-r--r-- | lib/private/log/errorlog.php | 48 | ||||
| -rw-r--r-- | settings/admin.php | 1 | ||||
| -rw-r--r-- | settings/templates/admin.php | 20 |
6 files changed, 90 insertions, 8 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index 26cc356fd04..4de3371ea4b 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -441,6 +441,15 @@ $CONFIG = array( */ 'check_for_working_htaccess' => true, +/** + * In certain environments it is desired to have a read-only config file. + * When this switch is set to ``true`` ownCloud will not verify whether the + * configuration is writable. However, it will not be possible to configure + * all options via the web-interface. Furthermore, when updating ownCloud + * it is required to make the config file writable again for the update + * process. + */ +'config_is_read_only' => false, /** * Logging @@ -448,8 +457,10 @@ $CONFIG = array( /** * By default the ownCloud logs are sent to the ``owncloud.log`` file in the - * default ownCloud data directory. If syslogging is desired, set this parameter - * to ``syslog``. + * default ownCloud data directory. + * If syslogging is desired, set this parameter to ``syslog``. + * Setting this parameter to ``errorlog`` will use the PHP error_log function + * for logging. */ 'log_type' => 'owncloud', diff --git a/lib/base.php b/lib/base.php index cd5d8feb1f6..74b668551ab 100644 --- a/lib/base.php +++ b/lib/base.php @@ -188,9 +188,9 @@ class OC { public static function checkConfig() { $l = \OC::$server->getL10N('lib'); - if (file_exists(self::$configDir . "/config.php") - and !is_writable(self::$configDir . "/config.php") - ) { + $configFileWritable = file_exists(self::$configDir . "/config.php") && is_writable(self::$configDir . "/config.php"); + if (!$configFileWritable && !OC_Helper::isReadOnlyConfigEnabled() + || !$configFileWritable && \OCP\Util::needUpgrade()) { if (self::$CLI) { echo $l->t('Cannot write into "config" directory!')."\n"; echo $l->t('This can usually be fixed by giving the webserver write access to the config directory')."\n"; diff --git a/lib/private/helper.php b/lib/private/helper.php index d43eefcdc52..0e302275540 100644 --- a/lib/private/helper.php +++ b/lib/private/helper.php @@ -973,4 +973,12 @@ class OC_Helper { return array('free' => $free, 'used' => $used, 'total' => $total, 'relative' => $relative); } + + /** + * Returns whether the config file is set manually to read-only + * @return bool + */ + public static function isReadOnlyConfigEnabled() { + return \OC::$server->getConfig()->getSystemValue('config_is_read_only', false); + } } diff --git a/lib/private/log/errorlog.php b/lib/private/log/errorlog.php new file mode 100644 index 00000000000..007ab307722 --- /dev/null +++ b/lib/private/log/errorlog.php @@ -0,0 +1,48 @@ +<?php +/** + * The MIT License (MIT) + * + * Copyright (c) 2014 Christian Kampka <christian@kampka.net> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +class OC_Log_Errorlog { + + + /** + * Init class data + */ + public static function init() { + } + + /** + * write a message in the log + * @param string $app + * @param string $message + * @param int $level + */ + public static function write($app, $message, $level) { + $minLevel = min(OC_Config::getValue("loglevel", OC_Log::WARN), OC_Log::ERROR); + if ($level >= $minLevel) { + error_log('[owncloud]['.$app.'] '.$message); + } + } +} + diff --git a/settings/admin.php b/settings/admin.php index a669974891c..50a4ac4f1c8 100644 --- a/settings/admin.php +++ b/settings/admin.php @@ -33,6 +33,7 @@ $template->assign('mail_smtppassword', $config->getSystemValue("mail_smtppasswor $template->assign('entries', $entries); $template->assign('entriesremain', $entriesRemaining); $template->assign('htaccessworking', $htAccessWorking); +$template->assign('readOnlyConfigEnabled', OC_Helper::isReadOnlyConfigEnabled()); $template->assign('isLocaleWorking', OC_Util::isSetLocaleWorking()); $template->assign('isPhpCharSetUtf8', OC_Util::isPhpCharSetUtf8()); $template->assign('isAnnotationsWorking', OC_Util::isAnnotationsWorking()); diff --git a/settings/templates/admin.php b/settings/templates/admin.php index 166e36a3605..d29ea4c7f7f 100644 --- a/settings/templates/admin.php +++ b/settings/templates/admin.php @@ -86,14 +86,28 @@ if (!$_['isConnectedViaHTTPS']) { // is htaccess working ? if (!$_['htaccessworking']) { ?> -<div class="section"> - <h2><?php p($l->t('Security Warning'));?></h2> + <div class="section"> + <h2><?php p($l->t('Security Warning')); ?></h2> <span class="securitywarning"> <?php p($l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.')); ?> </span> -</div> + </div> +<?php +} + +// is read only config enabled +if ($_['readOnlyConfigEnabled']) { +?> +<div class="section"> + <h2><?php p($l->t('Read-Only config enabled'));?></h2> + + <span class="securitywarning"> + <?php p($l->t('The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update.')); ?> + </span> + + </div> <?php } // Are doc blocks accessible? |