Bug 213906 - www/owncloud - .user.ini and .htaccess should be writable (again)
Summary: www/owncloud - .user.ini and .htaccess should be writable (again)
Status: Closed Works As Intended
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Po-Chuan Hsieh
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-10-30 05:49 UTC by joshruehlig
Modified: 2021-06-25 10:09 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description joshruehlig 2016-10-30 05:49:21 UTC
ownCloud needs to be able to write to .user.ini to change the upload size if using PHP-FPM

ownCloud 9 appends to it's .htaccess upon installation (during lib/private/setup.php) if it sees the apcahe 'env' and 'rewrite' modules are available. This is needed to get "Pretty URLs" working properly.

The fix should be...
@(%%OWNCLOUD_USERNAME%%,%%OWNCLOUD_GROUPNAME%%,664) %%WWWDIR%%/.htaccess
@(%%OWNCLOUD_USERNAME%%,%%OWNCLOUD_GROUPNAME%%,664) %%WWWDIR%%/.user.ini 

####

This was fixed before here...
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208311

But, when the port was updated to version 9.0.4 the permission settings were dropped.
https://github.com/freebsd/freebsd-ports/commit/68bf13e9a759b0321398cd3c07b54ea2c50fbd53
Comment 1 Kevin Lo freebsd_committer freebsd_triage 2016-10-30 13:40:53 UTC
Please do not allow the webserver user to modifiy the .htaccess file.
If you need to change something in there, use the command line.
The file should be read-only and owned by root.
Comment 2 joshruehlig 2016-10-30 14:32:59 UTC
But owncloud needs to be able to modify the .htaccess enable clean URLs. It dynamically adds something like this based on the base URL

This could be done during installation/upgrade or with occ from the commandline.
https://doc.owncloud.org/server/9.1/admin_manual/configuration_server/index_php_less_urls.html#configuration-steps

I'm not sure if it's ok to run occ with root, but it probably would be fine. But if an owncloud admins didn't have root access they could never use Pretty URLs?


"#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####

ErrorDocument 403 //core/templates/403.php
ErrorDocument 404 //core/templates/404.php
<IfModule mod_rewrite.c>
  Options -MultiViews
  RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]
  RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1]
  RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$
  RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$
  RewriteCond %{REQUEST_FILENAME} !/remote.php
  RewriteCond %{REQUEST_FILENAME} !/public.php
  RewriteCond %{REQUEST_FILENAME} !/cron.php
  RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php
  RewriteCond %{REQUEST_FILENAME} !/status.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v1.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v2.php
  RewriteCond %{REQUEST_FILENAME} !/updater/
  RewriteCond %{REQUEST_FILENAME} !/ocs-provider/
  RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
  RewriteRule . index.php [PT,E=PATH_INFO:$1]
  RewriteBase /
  <IfModule mod_env.c>
    SetEnv front_controller_active true
    <IfModule mod_dir.c>
      DirectorySlash off
    </IfModule>
  </IfModule>
</IfModule>"
Comment 3 joshruehlig 2016-10-30 14:34:32 UTC
Not the above lines are added dynamically by PHP, and can change per version so I think it would be somewhat difficult for a owncloud admin to hand edit these in.
Comment 4 Rene Ladan freebsd_committer freebsd_triage 2018-01-12 11:24:16 UTC
Maintainer reset.
Comment 5 Walter Schwarzenfeld freebsd_triage 2019-09-04 20:24:00 UTC
Maintainer feedback, please resp. is this still relevant?
Comment 6 Po-Chuan Hsieh freebsd_committer freebsd_triage 2021-06-25 10:09:27 UTC
I agree with Kevin. Those file should be owned by root, not www user. If you need to change/update them, it would be safer to do it manually with "chown" before and after your modification.