Browser upload to a mount where the account is read only fails late #29999
Comments
|
@mmattel the bug here is likely that the SMB storage implementation doesn't return the correct read-only permissions. The web UI is already able to deny uploads if a read-only permission was detected. @jvillafanez do you know more about this issue ? |
|
Does any storage implementation return a read only permission ? SMB, FTP, DB, ect |
|
@mmattel they should. If they don't, they're broken 😱 I did hear that read-only perm check was missing in SFTP storage. Storages have the methods |
|
I know that these methods are present, but are these methods used when setting up a mount ? It seems that this needs some testing over all possible mount types to gather info about the current state. |
|
Yes. Without this info read-only shared mounts would be broken as well as they use the same mechanism. In any case, this needs debugging |
|
The permissions set by the SMB connector are based on the attributes of the files, not really the user permissions, so this is kind of expected. The last time I checked if it was possible to retrieve user permissions on a file I think it wasn't possible or there were several issues. Note that we have to fetch those permissions with the libsmbclient-php library. |
|
@jvillafanez is it possible maybe to fetch the permissions of the share itself ? So if the SMB share is read-only just use that and don't bother with file permissions. ACLs is another story... I assume @mmattel was talking mostly about a read-only SMB share. |
That is correct |
|
Just tested on an ftp mount where you have read only access: FTP Server: Filezilla Server on W10x64 It first uploads via browser to owncloud and then fails IMHO this means, that there is no check at mount creation/use if you have permissions to write or update in that mount. As more this evolves I see more the need for #29873 ([Feature Request] Mark mount as read only in the mount settings) to cover that easily. But I maybe wrong... |
|
From the tools provided by https://github.com/eduardok/libsmbclient-php we can't get any information related to the share itself. We might use For ACLs, I remember the problem we have is with the inherited permissions and permissions over groups: while per-user permissions might work, if there are permissions over a group we can't really know if the account we're using is affected by those permissions over the group, or if the account is affected by permissions over the parent folders. |
|
Hey, this issue has been closed because the label (This is an automated comment from GitMate.io.) |
|
Seems that share level permissons for a given user is really hard to get. Another method may be and would work on a generic level for all storage types:
It is about to simulate a check if writing is possible or not based on the success of touch and remember the result for some time. |
|
Not a complete fix but an improvement if merged: #33035 (29873 read only mount) |
Steps to reproduce
Create a mount, eg SMB, and use an account which has read only access.
When you upload via browser a file, it uploads it to the temp-space and post process uploading from temp to the mount. But because the mount has by the account read only access it fails - which is totally ok.
Expected behaviour
Browser upload should be denied before uploading.
Please see also #29873 ([Feature Request] Mark mount as read only in the mount settings)
Actual behaviour
It uploads to temp first and fails writing to the mount afterwards - a error message is presented.
This can be a nasty thing. On slower networks and big files, eg +GB you get the error AFTER uploading and after waiting a long time.
Server configuration
Operating system: Ubuntu 16.04
Web server: nginx
Database: mysql
PHP version: 7.0
ownCloud version: 10.0.4
Updated from an older ownCloud or fresh install: updated
Where did you install ownCloud from: tar
Signing status (ownCloud 9.0 and above):
@PVince81
The text was updated successfully, but these errors were encountered: