[Pkg-owncloud-maintainers] Bug#799561: owncloud: wrong user check breaks cron job in certain configurations
David Prévot
taffit at debian.org
Thu Oct 22 16:14:14 UTC 2015
Control: forwarded -1 https://github.com/owncloud/core/issues/18470
Control: tags -1 upstream wontfix
Hi Marc,
Thank you for your report.
On Sun, Sep 20, 2015 at 01:40:54PM +0200, Marc Dequènes wrote:
> Package: owncloud
> Version: 7.0.8~dfsg-1
> The OC crontab script fails with the following error:
> Console has to be executed with the same user as the web server is operated
[…]
> The corresponding code in '/usr/share/owncloud/cron.php' is:
> $user = posix_getpwuid(posix_getuid());
> $configUser = posix_getpwuid(fileowner(OC::$SERVERROOT .
> '/config/config.php'));
> if ($user['name'] !== $configUser['name']) {
>
> Obviously the owner of a configuration file may be unrelated to the user
> operating the service.
> If for example you want to restrict changes to the main configuration file
> for security reasons, you can make it root:www-data with rw:r:-.
You’re not the first one complaining about this check (there are at
least two duplicates of the upstream issue already), but upstream
refuses to change it (worse, they use a similar check before running the
occ command line tool in their current 8.2 version).
Maybe proposing a proper pull request upstream allowing a check on the
group too, explaining that all their concerns are actually addressed,
could change their mind on this issue. In the mean time, I’m a bit
reluctant to patch in Debian something they is not likely to be accepted
upstream, thus the wontfix tag.
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-owncloud-maintainers/attachments/20151022/e57758de/attachment.sig>
More information about the Pkg-owncloud-maintainers
mailing list