[Pkg-owncloud-maintainers] File size issue (Admin section)
Diederik de Haas
didi.debian at cknow.org
Mon Jun 4 14:56:15 UTC 2012
On Monday 04 June 2012 14:51:26 Diederik de Haas wrote:
> > We shall report this upstream- can you please take care of that?
> > thx
> I'll make a vm with 'upstream oc' first to check/verify whether it is an
> upstream issue. If so, I'll report it.
On Monday 04 June 2012 11:10:46 Thomas Müller wrote:
> Wouldn't it be a potential security risk to grant www-data write access to
> .htaccess ?
I've just created an oc-upstream vm and installed apache2, php5, php5-gd and
php5-sqlite in there and followed instructions from
http://owncloud.org/support/install/ to install OC-4.0.1.
What strikes me as odd is that /var/www/ isn't owned by www-data by default and
extracting the http://download.owncloud.org/releases/owncloud-4.0.1.tar.bz2 file
into /var/www/ will create a bunch of files/direcotories with nobody:nogroup as
it's default permissions, which (afaik) only lets apache read it because all the
files/directories are world-readable ?!!
Also noticed that the install instructions are incorrect, since in step 2.2
you're supposed to set config and data to www-data:www-data, while the data
directory isn't created (yet).
When running the installation from http://oc-upstream/owncloud/ the data
direcotry gets created with www-data:www-data ownership; the .htaccess file is
still nobody:nogroup though.
When trying to change the maximum upload size, I see the same behaviour as
However, in an earlier attempt/vm I changed ownership of /var/www to www-
data:www-data before extracting/configuring owncloud and then all permissions
were www-data:www-data (including .htaccess) and then the feature does work, by
writing the changed value to the .htaccess file.
So that means that www-data needs write access to .htaccess in order for the
feature to work.
I'm not (yet) going to report this upstream, since I find the out-of-the-box
behaviour of apache2 rather weird: nobody:nogroup ownership in /var/www and
below looks like an error in apache2, but maybe it's expected for a Debian admin
to set it up properly, whatever that entails.
So I'm not sure the issue is with apache2 or the admin of the machine/vm (=me).
More information about the Pkg-owncloud-maintainers