Prevent running the files:scan command as the wrong user
This commit is contained in:
parent
b1116880f8
commit
9a2ed86672
|
@ -9,6 +9,7 @@
|
||||||
|
|
||||||
namespace OCA\Files\Command;
|
namespace OCA\Files\Command;
|
||||||
|
|
||||||
|
use OC\ForbiddenException;
|
||||||
use Symfony\Component\Console\Command\Command;
|
use Symfony\Component\Console\Command\Command;
|
||||||
use Symfony\Component\Console\Input\InputArgument;
|
use Symfony\Component\Console\Input\InputArgument;
|
||||||
use Symfony\Component\Console\Input\InputInterface;
|
use Symfony\Component\Console\Input\InputInterface;
|
||||||
|
@ -41,8 +42,7 @@ class Scan extends Command {
|
||||||
null,
|
null,
|
||||||
InputOption::VALUE_NONE,
|
InputOption::VALUE_NONE,
|
||||||
'will rescan all files of all known users'
|
'will rescan all files of all known users'
|
||||||
)
|
);
|
||||||
;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function scanFiles($user, OutputInterface $output) {
|
protected function scanFiles($user, OutputInterface $output) {
|
||||||
|
@ -53,7 +53,12 @@ class Scan extends Command {
|
||||||
$scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function ($path) use ($output) {
|
$scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function ($path) use ($output) {
|
||||||
$output->writeln("Scanning <info>$path</info>");
|
$output->writeln("Scanning <info>$path</info>");
|
||||||
});
|
});
|
||||||
|
try {
|
||||||
$scanner->scan('');
|
$scanner->scan('');
|
||||||
|
} catch (ForbiddenException $e) {
|
||||||
|
$output->writeln("<error>Home storage for user $user not writable</error>");
|
||||||
|
$output->writeln("Make sure you're running the scan command only as the user the web server runs as");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function execute(InputInterface $input, OutputInterface $output) {
|
protected function execute(InputInterface $input, OutputInterface $output) {
|
||||||
|
|
|
@ -11,6 +11,7 @@ namespace OC\Files\Utils;
|
||||||
use OC\Files\View;
|
use OC\Files\View;
|
||||||
use OC\Files\Cache\ChangePropagator;
|
use OC\Files\Cache\ChangePropagator;
|
||||||
use OC\Files\Filesystem;
|
use OC\Files\Filesystem;
|
||||||
|
use OC\ForbiddenException;
|
||||||
use OC\Hooks\PublicEmitter;
|
use OC\Hooks\PublicEmitter;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -104,6 +105,7 @@ class Scanner extends PublicEmitter {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $dir
|
* @param string $dir
|
||||||
|
* @throws \OC\ForbiddenException
|
||||||
*/
|
*/
|
||||||
public function scan($dir) {
|
public function scan($dir) {
|
||||||
$mounts = $this->getMounts($dir);
|
$mounts = $this->getMounts($dir);
|
||||||
|
@ -111,7 +113,14 @@ class Scanner extends PublicEmitter {
|
||||||
if (is_null($mount->getStorage())) {
|
if (is_null($mount->getStorage())) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
$scanner = $mount->getStorage()->getScanner();
|
$storage = $mount->getStorage();
|
||||||
|
// if the home storage isn't writable then the scanner is run as the wrong user
|
||||||
|
if ($storage->instanceOfStorage('\OC\Files\Storage\Home') and
|
||||||
|
(!$storage->isCreatable('') or !$storage->isCreatable('files'))
|
||||||
|
) {
|
||||||
|
throw new ForbiddenException();
|
||||||
|
}
|
||||||
|
$scanner = $storage->getScanner();
|
||||||
$this->attachListener($mount);
|
$this->attachListener($mount);
|
||||||
$scanner->scan('', \OC\Files\Cache\Scanner::SCAN_RECURSIVE, \OC\Files\Cache\Scanner::REUSE_ETAG | \OC\Files\Cache\Scanner::REUSE_SIZE);
|
$scanner->scan('', \OC\Files\Cache\Scanner::SCAN_RECURSIVE, \OC\Files\Cache\Scanner::REUSE_ETAG | \OC\Files\Cache\Scanner::REUSE_SIZE);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue