Scripted "occ maintenance:install" only accepts the admin password as cleartext #3555
Comments
|
The problem is you don't know the salt we store in the file, because it doesn't exist yet. So not sure if that would benefit anything. I vote for closing, @LukasReschke ? |
What do you mean by that? I only would like to be able to pass an already hashed and salted string to the installer rather a cleartext one. Of course, who provides the string to be passed has to hash and salt it before properly, yes. Abusing things is easier with environment variables (being common at containers) containing cleartext passwords rather hashed and salted ones. |
MorrisJobke
added
enhancement
good first issue
skjnldsv
added
the
0. Needs triage
|
As this sounds like a nice feature, the requests for this are quite low. Currently there a no plans to implement such a feature. Thus I will close this ticket for now. This does not mean we don't want this feature, but it is simply not on our roadmap for the near future. If somebody wants to implement this feature nevertheless we are happy to assist and help out. If you wish to have this feature implemented by the Nextcloud GmbH there is the option for consulting work on top of your Nextcloud Enterprise subscription to get your features implemented. |
Steps to reproduce
occ maintenance:installonly accepts the admin password as cleartextExpected behaviour
When performing fully automated Nextcloud installations, the (end-)user maybe enters its (sensitive) future admin password at a separate web frontend. Given the Nextcloud only accepts the admin password as cleartext, the password needs to be carried in cleartext maybe between different systems (aside of eventual protocol encryption), in case of "Automatic Configuration Setup" it even needs to be written cleartext into an on-disk file. Passing it via an environment variable still might lead to unintended leaks to other users (when passing environment variables to a container); finally, passing as argument to
occ maintenance:installcould still get logged by accident by a management framework.In the end, carrying a cleartext password around still bears a high risk of an unintended leak.
It would be helpful if
occ maintenance:installwould alternatively also accept a a string that contains an already hashed and salted password, e.g.occ maintenance:install --admin-user admin --admin-pass-ciphertext --admin-pass '1|$2y$10$U1dzbSlfbVNfcS3LlvqSTe7JQxON6LwRvrnH4nTpJqZyEM6GDBrZW'The suggestion is here to have
--admin-pass-ciphertextas switch which lets Nextcloud know that the admin password from--admin-passis already hashed and salted. For the "Automatic Configuration Setup", this would have to be covered accordingly, too.Actual behaviour
Scripted
occ maintenance:installonly accepts the admin password as cleartext.Server configuration
Operating system: Red Hat Enterprise Linux 7.3, but doesn't matter here anyway.
Web server: Apache Webserver 2.4, but doesn't matter here anyway.
Database: MariaDB 5.5, but doesn't matter here anyway.
PHP version: 7.1 (via Remi Safe repository), but doesn't matter here anyway.
Nextcloud version: 11.0.1
Updated from an older Nextcloud/ownCloud or fresh install: Fresh installation.
Where did you install Nextcloud from: https://download.nextcloud.com/server/releases/nextcloud-11.0.1.tar.bz2
Signing status: N/A
List of activated apps: N/A
The content of config/config.php: N/A
Are you using external storage, if yes which one: No external storage.
Are you using encryption: No
Are you using an external user-backend, if yes which one: No
The text was updated successfully, but these errors were encountered: