Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade fails if the config dir contains config.php~ file #8179

Closed
gradinaruvasile opened this issue Feb 5, 2018 · 9 comments
Closed

Upgrade fails if the config dir contains config.php~ file #8179

gradinaruvasile opened this issue Feb 5, 2018 · 9 comments

Comments

@gradinaruvasile
Copy link

Steps to reproduce

  1. Create config.php~
  2. Try to upgrade

Expected behaviour

Upgrade works

Actual behaviour

Upgrade fails

Server configuration

Operating system:
Debian 9
Web server:
Apache 2.4.25
Database:
MariaDB
PHP version:
7.0.27
Nextcloud version: (see Nextcloud admin page)
12.0.5
Updated from an older Nextcloud/ownCloud or fresh install:
Updated
Where did you install Nextcloud from:
Web
Signing status:

Signing status
Login as admin user into your Nextcloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

List of activated apps:

App list
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

Enabled:

  • activity: 2.5.2
  • admin_audit: 1.2.0
  • admin_notifications: 1.0.1
  • announcementcenter: 3.1.1
  • audioplayer: 2.2.5
  • bookmarks: 0.10.1
  • bruteforcesettings: 1.0.3
  • calendar: 1.5.7
  • checksum: 0.3.5
  • comments: 1.2.0
  • contacts: 2.0.1
  • dav: 1.3.1
  • external: 2.0.3
  • federatedfilesharing: 1.2.0
  • files: 1.7.2
  • files_accesscontrol: 1.2.5
  • files_automatedtagging: 1.2.2
  • files_clipboard: 0.7.1
  • files_external: 1.3.0
  • files_pdfviewer: 1.1.1
  • files_reader: 1.2.2
  • files_sharing: 1.4.0
  • files_texteditor: 2.4.1
  • files_trashbin: 1.2.0
  • files_versions: 1.5.0
  • files_videoplayer: 1.1.0
  • firstrunwizard: 2.1
  • gallery: 17.0.0
  • groupfolders: 1.2.0
  • impersonate: 1.0.2
  • logreader: 2.0.0
  • lookup_server_connector: 1.0.0
  • metadata: 0.6.0
  • news: 11.0.5
  • nextcloud_announcements: 1.1
  • notes: 2.3.2
  • notifications: 2.0.0
  • oauth2: 1.0.5
  • ocsms: 1.12.2
  • passman: 2.1.4
  • password_policy: 1.2.2
  • previewgenerator: 1.0.9
  • provisioning_api: 1.2.0
  • richdocuments: 1.12.40
  • serverinfo: 1.2.0
  • sharebymail: 1.2.0
  • survey_client: 1.0.0
  • systemtags: 1.2.0
  • tasks: 0.9.5
  • theming: 1.3.0
  • twofactor_backupcodes: 1.1.1
  • twofactor_totp: 1.3.1
  • updatenotification: 1.2.0
  • user_saml: 1.4.0
  • workflowengine: 1.2.0
    Disabled:
  • encryption
  • federation
  • user_external
  • user_ldap

Nextcloud configuration:

Config report
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or 

Insert your config.php content here. 
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)

{
"system": {
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"REMOVED SENSITIVE VALUE"
],
"datadirectory": "/var/www/nextcloud/data",
"overwrite.cli.url": "REMOVED SENSITIVE VALUE",
"dbtype": "mysql",
"version": "12.0.5.3",
"dbname": "nextcloud",
"dbhost": "localhost",
"dbport": "3306",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"installed": true,
"maintenance": false,
"updater.release.channel": "stable",
"instanceid": "oc4m6gf8llol",
"mail_smtpmode": "php",
"mail_smtpauthtype": "LOGIN",
"memcache.local": "\OC\Memcache\APCu",
"theme": "",
"loglevel": 2
}
}

Are you using external storage, if yes which one: local/smb/sftp/...
sftp
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
no

LDAP configuration (delete this part if not used)

LDAP config
With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your Nextcloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:
Firefox 58
Operating system:
Debian 9/10

Logs

Web server error log

Web server error log
Insert your webserver log here

Nextcloud log (data/nextcloud.log)

Nextcloud log
Insert your Nextcloud log here

Browser log

Browser log
Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...
@gradinaruvasile
Copy link
Author

If i manually remove the file ending in ~ the upgrade works.

@MorrisJobke
Copy link
Member

Create config.php~

Not supported as config file name. Please use anything that ends on config.php (mail.config.php or config.php for example).

@gradinaruvasile
Copy link
Author

Well the config file was not created by me, it was an automatic backup created by the editor i used.

@Cybso
Copy link

Cybso commented Feb 7, 2018

@gradinaruvasile Having a backup file of your config not ending in .php is a security issue because it would be readable by anyone in clear text. A RewriteRule in .htaccess normally prevents a client from accessing the file, but this only works on Apache and with mod_rewrite enabled.

@Nils160988
Copy link
Contributor

@Cybso I think the RewriteRule in .htaccess prevents a client from reading the whole folder "config", so this should not be a problem.
Nevertheless, I also had the file config.php~ present and it did not prevent me from upgrading my nextcloud instance.
Still, I removed the file now ;)

@Cybso
Copy link

Cybso commented Feb 8, 2018

@Nils160988 That's what I wrote. But it only works if:

  • You're using Apache
  • mod_rewrite is enabled
  • You didn't set AllowOverwrite to None

Nextcloud would still work without these preconditions, but your config folder would not be protected anymore.

@Nils160988
Copy link
Contributor

@Cybso: Thank you for clarifying.
I rechecked my configuration and it should be save, if I had some config-backup-file there in the future :)

@EpeR1
Copy link

EpeR1 commented Feb 12, 2018

The 'joe' terminal editor makes .xxx~ files automatically for backup.

@MorrisJobke
Copy link
Member

I tested this and could not reproduce the issue. Is this still the case for you? I will close the ticket for now. If it is still happening we can reopen the ticket. Please provide detailed steps that are needed to reproduce this behavior then.

@nextcloud-bot nextcloud-bot removed the stale Ticket or PR with no recent activity label Mar 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants