Can't update a file in a shared folder from a external SMB storage with Collabora Online

[fifh]

Steps to reproduce

AD integration and SMB external storages needed

Two users of the Active Directory : A and B
A is member of "gr_df", B is member of "gr_drh", A and B members of group "members"

Folders on the Windows server (host) :

• Organisme : shared to all, permissions Read & execute to all
  • DF : inheritance disabled, permission full control to gr_df, no read permission to all
    • subfolder "Projet budget" (inheritance enabled)
      • file budget.ods
  • DRH : inheritance disabled, permission full control to gr_drh, no read permission to all

Nextcloud external storages configuration :

Access to the share "\host\Organisme" restricted to the group "members"
Authentication : Login credentials, save in database

So when connected in Nextcloud :

• A has a folder Organisme, with a sub-folder DF
• B has a folder Organisme, with a sub-folder DRH

I think it should be a frequent structure of folders and shares in many companies. DF and DRH are different folders for the different directions of the company.

Then :

• In Nextcloud, A shares the folder "Projet budget" to B with full control ("can edit")
• In Nextcloud, B goes into the folder "Projet budget", and edit the file budget.ods with Collabora Online
• B tries to save budget.ods

Expected behaviour

B should succeed in saving budget.ods

While editing the file budget.ods, B is using the rights of A who shared the folder "Projet budget" which contains this file, because of the "Login credentials, save in database" type of authentication.

Actual behaviour

Error message : "Document cannot be saved. Check your permissions or contact the storage server administrator."

Nextcloud log : OCP\Files\StorageNotAvailableException (see logs below)

Strangely, it seems it doesn't work because the "Organisme" external storage is created for the group "members" and because B is a member of this group.
It works if B is not a member of the "members" group (but it doesn't make sense obviously, all the employees of the company have to be members of this group).

Note that it works too if I create another external storage :
Access to the share "\host\Organisme\DF" for group "gr_df"
Login credentials, save in database

But if I do that I have to create as many external storages as subfolders of the "Organisme" folder

General server configuration

Operating system: Linux 3.10.0-514.6.2.el7.x86_64 #1 SMP Thu Feb 23 03:04:39 UTC 2017 x86_64

Web server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/7.1.5 (fpm-fcgi)

Database: mysql 5.5.52

PHP version: 7.1.5

LibreOffice Online version: Collabora Online 2.1.3

Windows server: Windows server 2012 R2

PHP-modules loaded

• Core
• date
• libxml
• openssl
• pcre
• zlib
• filter
• hash
• Reflection
• SPL
• session
• standard
• cgi-fcgi
• bz2
• calendar
• ctype
• curl
• dom
• mbstring
• fileinfo
• ftp
• gd
• gettext
• iconv
• intl
• json
• ldap
• exif
• mcrypt
• mysqlnd
• PDO
• apcu
• posix
• shmop
• SimpleXML
• sockets
• sqlite3
• sysvmsg
• sysvsem
• sysvshm
• tokenizer
• xml
• xmlwriter
• xsl
• mysqli
• pdo_mysql
• pdo_sqlite
• wddx
• xmlreader
• apc
• zip
• Phar
• Zend OPcache

Nextcloud configuration

Nextcloud version: 12.0.2 - 12.0.2.0

Updated from an older Nextcloud/ownCloud or fresh install: regularly updated since ownCloud 8

Where did you install Nextcloud from:
tar.gz from web site

Are you using external storage, if yes which one:
[0] => \OC\Files\Storage\Local
[10] => \OCA\Files_External\Lib\Storage\SMB

Are you using encryption: no

Are you using an external user-backend, if yes which one:
OpenLdap + Active Directory

Signing status
No errors have been found.

Enabled apps

• activity: 2.5.2
• admin_audit: 1.2.0
• admin_notifications: 1.0.0
• announcementcenter: 3.1.0
• bruteforcesettings: 1.0.2
• calendar: 1.5.5
• circles: 0.12.4
• comments: 1.2.0
• contacts: 2.0.1
• dashboard: 4.0.5
• dav: 1.3.0
• deck: 0.2.4
• external: 2.0.3
• federatedfilesharing: 1.2.0
• federation: 1.2.0
• files: 1.7.2
• files_accesscontrol: 1.2.5
• files_automatedtagging: 1.2.2
• files_clipboard: 0.6.4
• files_downloadactivity: 1.1.1
• files_external: 1.3.0
• files_pdfviewer: 1.1.1
• files_retention: 1.1.2
• files_sharing: 1.4.0
• files_texteditor: 2.4.1
• files_trashbin: 1.2.0
• files_versions: 1.5.0
• files_videoplayer: 1.1.0
• firstrunwizard: 2.1
• gallery: 17.0.0
• groupfolders: 1.1.0
• impersonate: 1.0.1
• issuetemplate: 0.2.2
• logreader: 2.0.0
• lookup_server_connector: 1.0.0
• news: 11.0.5
• nextant: 1.0.8
• nextcloud_announcements: 1.1
• notifications: 2.0.0
• oauth2: 1.0.5
• password_policy: 1.2.2
• piwik: 0.3.1
• provisioning_api: 1.2.0
• quota_warning: 1.1.0
• richdocuments: 1.12.35
• serverinfo: 1.2.0
• sharebymail: 1.2.0
• socialsharing_email: 1.0.1
• spreed: 2.0.1
• survey_client: 1.0.0
• systemtags: 1.2.0
• tasks: 0.9.5
• theming: 1.3.0
• twofactor_backupcodes: 1.1.1
• updatenotification: 1.2.0
• user_ldap: 1.2.1
• workflowengine: 1.2.0
• zimbradrive: 0.8.15

Disabled apps

• encryption
• user_external
• user_saml

Content of config/config.php

{
    "debug": true,
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "test.arawa.fr",
    ],
    "datadirectory": "\/var\/www\/html\/nextcloud\/data",
    "overwrite.cli.url": "https:\/\/test.arawa.fr",
    "dbtype": "mysql",
    "version": "12.0.2.0",
    "dbname": "owncloud",
    "dbhost": "localhost",
    "dbtableprefix": "oc_",
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "logtimezone": "Europe\/Paris",
    "loglevel": 1,
    "log_rotate_size": 10485760,
    "log_rotate_sizerotation": 10485760,
    "memcache.local": "\\OC\\Memcache\\APCu",
    "session_keepalive": true,
    "installed": true,
    "appstore.experimental.enabled": true,
    "ldapIgnoreNamingRules": false,
    "theme": "",
    "maintenance": false,
    "activity_expire_days": 100,
    "trashbin_retention_obligation": "auto,20",
    "versions_retention_obligation": "auto,20",
    "htaccess.RewriteBase": "\/",
    "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
    "mail_smtpmode": "smtp",
    "mail_smtpauthtype": "PLAIN",
    "mail_smtpsecure": "ssl",
    "mail_from_address": "contact",
    "mail_domain": "hemmel.fr",
    "mail_smtpauth": 1,
    "mail_smtphost": "ssl0.ovh.net",
    "mail_smtpport": "465",
    "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
    "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
    "skeletondirectory": "",
    "ldapUserCleanupInterval": 5,
    "log_query": true,
    "mysql.utf8mb4": true,
    "user_backends": [
        {
            "class": "OCA\\ZimbraDrive\\Auth\\ZimbraUsersBackend",
            "arguments": []
        }
    ]
}

LDAP config s00

- hasMemberOfFilterSupport
- hasPagedResultSupport
- homeFolderNamingRule
- lastJpegPhotoLookup           : 0
- ldapAgentName                 : ***
- ldapAgentPassword             : ***
- ldapAttributesForGroupSearch
- ldapAttributesForUserSearch   : displayName;mail
- ldapBackupHost
- ldapBackupPort
- ldapBase                      : dc=arawa,dc=fr
- ldapBaseGroups                : dc=arawa,dc=fr
- ldapBaseUsers                 : dc=arawa,dc=fr
- ldapCacheTTL                  : 600
- ldapConfigurationActive       : 1
- ldapDefaultPPolicyDN
- ldapDynamicGroupMemberURL
- ldapEmailAttribute            : mail
- ldapExperiencedAdmin          : 0
- ldapExpertUUIDGroupAttr
- ldapExpertUUIDUserAttr
- ldapExpertUsernameAttr        : uid
- ldapGidNumber                 : gidNumber
- ldapGroupDisplayName          : cn
- ldapGroupFilter               : (&(|(objectclass=posixGroup)))
- ldapGroupFilterGroups
- ldapGroupFilterMode           : 0
- ldapGroupFilterObjectclass    : posixGroup
- ldapGroupMemberAssocAttr      : memberUid
- ldapHost                      : ***
- ldapIgnoreNamingRules
- ldapLoginFilter               : (&(|(objectclass=inetOrgPerson))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))
- ldapLoginFilterAttributes
- ldapLoginFilterEmail          : 1
- ldapLoginFilterMode           : 0
- ldapLoginFilterUsername       : 1
- ldapNestedGroups              : 0
- ldapOverrideMainServer
- ldapPagingSize                : 500
- ldapPort                      : 389
- ldapQuotaAttribute            : quota
- ldapQuotaDefault              : 500 MB
- ldapTLS                       : 0
- ldapUserDisplayName           : displayName
- ldapUserDisplayName2
- ldapUserFilter                : (|(objectclass=inetOrgPerson))
- ldapUserFilterGroups
- ldapUserFilterMode            : 0
- ldapUserFilterObjectclass     : inetOrgPerson
- ldapUuidGroupAttribute        : auto
- ldapUuidUserAttribute         : auto
- turnOffCertCheck              : 0
- turnOnPasswordChange          : 0
- useMemberOfToDetectMembership : 1

LDAP config s01 : AD

- hasMemberOfFilterSupport      : 1
- hasPagedResultSupport
- homeFolderNamingRule
- lastJpegPhotoLookup           : 0
- ldapAgentName                 : ***
- ldapAgentPassword             : ***
- ldapAttributesForGroupSearch
- ldapAttributesForUserSearch   : displayName;mail;cn
- ldapBackupHost
- ldapBackupPort
- ldapBase                      : OU=arawa,DC=ad,DC=arawa,DC=fr
- ldapBaseGroups                : OU=Groups,OU=arawa,DC=ad,DC=arawa,DC=fr
- ldapBaseUsers                 : OU=Users,OU=arawa,DC=ad,DC=arawa,DC=fr
- ldapCacheTTL                  : 30
- ldapConfigurationActive       : 1
- ldapDefaultPPolicyDN
- ldapDynamicGroupMemberURL
- ldapEmailAttribute            : mail
- ldapExperiencedAdmin          : 0
- ldapExpertUUIDGroupAttr
- ldapExpertUUIDUserAttr        : sAMAccountname
- ldapExpertUsernameAttr        : sAMAccountname
- ldapGidNumber                 : gidNumber
- ldapGroupDisplayName          : cn
- ldapGroupFilter               : (&(|(objectclass=group)))
- ldapGroupFilterGroups
- ldapGroupFilterMode           : 0
- ldapGroupFilterObjectclass    : group
- ldapGroupMemberAssocAttr      : member
- ldapHost                      : ***
- ldapIgnoreNamingRules
- ldapLoginFilter               : (&(|(objectclass=person))(samaccountname=%uid))
- ldapLoginFilterAttributes
- ldapLoginFilterEmail          : 0
- ldapLoginFilterMode           : 0
- ldapLoginFilterUsername       : 1
- ldapNestedGroups              : 0
- ldapOverrideMainServer
- ldapPagingSize                : 500
- ldapPort                      : 389
- ldapQuotaAttribute
- ldapQuotaDefault              : 500 MB
- ldapTLS                       : 0
- ldapUserDisplayName           : displayName
- ldapUserDisplayName2
- ldapUserFilter                : (&(|(objectclass=person)))
- ldapUserFilterGroups
- ldapUserFilterMode            : 0
- ldapUserFilterObjectclass     : person
- ldapUuidGroupAttribute        : auto
- ldapUuidUserAttribute         : auto
- turnOffCertCheck              : 0
- turnOnPasswordChange          : 0
- useMemberOfToDetectMembership : 1

Client configuration

Browser: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0

Operating system: Linux (Kubuntu 17.04, Mint), Windows 10

Logs

Web server error log

Nothing in particular

Nextcloud log (data/nextcloud.log)

OCP\Files\StorageNotAvailableException: /DF/Projet budget/budget.ods

    /var/www/html/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php - line 419: OCA\Files_External\Lib\Storage\SMB->getFileInfo('/DF/Projet budg...')
    /var/www/html/nextcloud/lib/private/Files/Storage/Common.php - line 106: OCA\Files_External\Lib\Storage\SMB->filetype('DF/Projet budge...')
    /var/www/html/nextcloud/lib/private/Files/Storage/Common.php - line 114: OC\Files\Storage\Common->is_dir('DF/Projet budge...')
    /var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php - line 149: OC\Files\Storage\Common->filesize('DF/Projet budge...')
    /var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Availability.php - line 161: OC\Files\Storage\Wrapper\Wrapper->filesize('DF/Projet budge...')
    /var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php - line 149: OC\Files\Storage\Wrapper\Availability->filesize('DF/Projet budge...')
    /var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php - line 149: OC\Files\Storage\Wrapper\Wrapper->filesize('DF/Projet budge...')
    /var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php - line 149: OC\Files\Storage\Wrapper\Wrapper->filesize('DF/Projet budge...')
    /var/www/html/nextcloud/lib/private/Files/View.php - line 1136: OC\Files\Storage\Wrapper\Wrapper->filesize('DF/Projet budge...')
    /var/www/html/nextcloud/lib/private/Files/View.php - line 421: OC\Files\View->basicOperation('filesize', '/Organisme/DF/P...')
    /var/www/html/nextcloud/apps/files_versions/lib/Storage.php - line 184: OC\Files\View->filesize('/Organisme/DF/P...')
    /var/www/html/nextcloud/apps/files_versions/lib/Hooks.php - line 61: OCA\Files_Versions\Storage store('/Organisme/DF/P...')
    /var/www/html/nextcloud/lib/private/legacy/hook.php - line 106: OCA\Files_Versions\Hooks write_hook(Array)
    /var/www/html/nextcloud/lib/private/Files/View.php - line 602: OC_Hook emit('OC_Filesystem', 'write', Array)
    /var/www/html/nextcloud/lib/private/Files/View.php - line 644: OC\Files\View->emit_file_hooks_pre(true, '/pbernard/files...', true)
    /var/www/html/nextcloud/lib/private/Files/Node/File.php - line 64: OC\Files\View->file_put_contents('/pbernard/files...', Resource id #8)
    /var/www/html/nextcloud/apps/richdocuments/lib/Controller/WopiController.php - line 204: OC\Files\Node\File->putContent(Resource id #8)
    [internal function] OCA\Richdocuments\Controller\WopiController->putFile('47157', '5rjK8sFQ4CPotXX...')
    /var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 160: call_user_func_array(Array, Array)
    /var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 90: OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\Richdocuments\Controller\WopiController), 'putFile')
    /var/www/html/nextcloud/lib/private/AppFramework/App.php - line 114: OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\Richdocuments\Controller\WopiController), 'putFile')
    /var/www/html/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php - line 47: OC\AppFramework\App main('OCA\\Richdocumen...', 'putFile', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
    [internal function] OC\AppFramework\Routing\RouteActionHandler->__invoke(Array)
    /var/www/html/nextcloud/lib/private/Route/Router.php - line 299: call_user_func(Object(OC\AppFramework\Routing\RouteActionHandler), Array)
    /var/www/html/nextcloud/lib/base.php - line 1004: OC\Route\Router->match('/apps/richdocum...')
    /var/www/html/nextcloud/index.php - line 48: OC handleRequest()
    {main}

Browser log

Nothing in particular

[fifh]

I have a test platform where we can reproduce this bug. If someone is interested I could create an account on this platform to test or debug

[skjnldsv]

As there is no feedback since a while I will close this ticket. If this is still happening please make sure to upgrade to the latest version. After that, feel free to reopen.