-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Flie access control : files upload and then denied (TransferId*.part present). #16517
Comments
Thank you for reporting this issue 👍 cc @nextcloud/server-triage server or https://github.com/nextcloud/files_accesscontrol? |
yeah, that is a known limitation of the current way the app works. but especially with chunking of the sync clients we can't trust the data the clients provide. Maybe you can try to fiddle around in the code of and remove the trailing ocTransfer suffix before |
Thanks for your feedbacks! |
per chance i saw a lot of *.part files on my Nextcloud for a lot user users - they consume space. The files are from 2022, November - so - i'm not sure if the probem still exists ? (NC 26.0.5, PHP 8.1, MariaDB, RHEL 8.9) DONE - wrote a cleanup script to remove them all |
possible to get it? Got the same problem with an amount of round about 400gb files ..... |
@ZoXx - rename "cleanup_part_files.txt" to cleanup_part_files.sh i run this script on production with many users. but of course - i'm taking no repsonsibility for any damage - so please be adviced to run it before in a test enviromnent on your site (vm .. vbox). |
i will try. |
Steps to reproduce
Expected behaviour
I would have guess that the upload would be denied even before starting it (because of the .exe in the file name).
Actual behaviour
The file is denied once the upload is completed, leaving something.exe.ocTransferIdXXXXXXXXXX.part files on the server.
NextCloud Desktop seems to try to re-upload the file frequently (at least when it starts).
So my users are filling my server's disk without knowing it (as those files are not took into account in users quota).
I'm deleting those ocTransferId*.part files regularly but I feel like it would be nice if the upload would be denied without even starting (don't know if this is possible).
Server configuration
Operating system:
Debian 9.9 (Stretch)
Web server:
Nginx
Database:
MariaDB 10.1.38-0+deb9u1
PHP version:
7.0.33-0+deb9u3
Nextcloud version: (see Nextcloud admin page)
15.0.8
Updated from an older Nextcloud/ownCloud or fresh install:
Updated from 15.0.7 (first install was probably 15.0.6)
Where did you install Nextcloud from:
sources
Signing status:
Nothing relevant.
List of activated apps:
Nextcloud configuration:
{
"system": {
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"mydomain.com"
],
"datadirectory": "REMOVED SENSITIVE VALUE",
"dbtype": "mysql",
"version": "15.0.8.1",
"overwrite.cli.url": "https://mydomain.com",
"dbname": "REMOVED SENSITIVE VALUE",
"dbhost": "REMOVED SENSITIVE VALUE",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"installed": true,
"instanceid": "REMOVED SENSITIVE VALUE",
"logfile": "/var/log/nextcloud.log",
"mysql.utf8mb4": true,
"maintenance": false,
"default_language": "en",
"default_locale": "fr_FR",
"allow_user_to_change_display_name": false,
"session_keepalive": true,
"auth.bruteforce.protection.enabled": true,
"has_internet_connection": false,
"appstoreenabled": false,
"upgrade.disable-web": false,
"debug": false,
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "OCA\User_LDAP\LDAPProviderFactory",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_from_address": "REMOVED SENSITIVE VALUE",
"mail_domain": "REMOVED SENSITIVE VALUE",
"mail_smtphost": "REMOVED SENSITIVE VALUE",
"mail_smtpport": "25",
"memcache.local": "\OC\Memcache\APCu",
"filelocking.enabled": true,
"memcache.locking": "\OC\Memcache\Redis",
"redis": {
"host": "REMOVED SENSITIVE VALUE",
"port": 6379,
"timeout": 0,
"password": "REMOVED SENSITIVE VALUE"
},
"skeletondirectory": "/nextcloud/custom_skeleton",
"loglevel": 2
}
}
Are you using external storage, if yes which one: local/smb/sftp/...
SFTP but not related to this issue.
Are you using encryption: yes/no
No
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
LDAP
LDAP configuration (delete this part if not used)
Not related to this issue AFAIK, not comfortable to make this public.
Logs
Web server error log
Nothing relevant.
Nextcloud log (data/nextcloud.log)
==> /var/log/nextcloud.log <==
{"reqId":"wqXHmxplprSFLrozqH51","level":4,"time":"2019-07-23T12:37:50+00:00","remoteAddr":"10.X.Y.Z","user":"myuser","app":"webdav","method":"PUT","url":"/remote.php/dav/files/myuser/test.exe","message":{"Exception":"OCA\DAV\Connector\Sabre\Exception\Forbidden","Message":"Access denied","Code":0,"Trace":[{"file":"/nextcloud/www/apps/dav/lib/Connector/Sabre/Directory.php","line":156,"function":"put","class":"OCA\DAV\Connector\Sabre\File","type":"->","args":[null]},{"file":"/nextcloud/www/3rdparty/sabre/dav/lib/DAV/Server.php","line":1096,"function":"createFile","class":"OCA\DAV\Connector\Sabre\Directory","type":"->","args":["test.exe",null]},{"file":"/nextcloud/www/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":525,"function":"createFile","class":"Sabre\DAV\Server","type":"->","args":["files/myuser/test.exe",null,null]},{"function":"httpPut","class":"Sabre\DAV\CorePlugin","type":"->","args":[{"absoluteUrl":"https://mydomain.com/remote.php/dav/files/myuser/test.exe","class":"Sabre\HTTP\Request"},{"class":"Sabre\HTTP\Response"}]},{"file":"/nextcloud/www/3rdparty/sabre/event/lib/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"class":"Sabre\DAV\CorePlugin"},"httpPut"],[{"absoluteUrl":"https://mydomain.com/remote.php/dav/files/myuser/test.exe","class":"Sabre\HTTP\Request"},{"class":"Sabre\HTTP\Response"}]]},{"file":"/nextcloud/www/3rdparty/sabre/dav/lib/DAV/Server.php","line":479,"function":"emit","class":"Sabre\Event\EventEmitter","type":"->","args":["method:PUT",[{"absoluteUrl":"https://mydomain.com/remote.php/dav/files/myuser/test.exe","class":"Sabre\HTTP\Request"},{"class":"Sabre\HTTP\Response"}]]},{"file":"/nextcloud/www/3rdparty/sabre/dav/lib/DAV/Server.php","line":254,"function":"invokeMethod","class":"Sabre\DAV\Server","type":"->","args":[{"absoluteUrl":"https://mydomain.com/remote.php/dav/files/myuser/test.exe","class":"Sabre\HTTP\Request"},{"class":"Sabre\HTTP\Response"}]},{"file":"/nextcloud/www/apps/dav/lib/Server.php","line":301,"function":"exec","class":"Sabre\DAV\Server","type":"->","args":[]},{"file":"/nextcloud/www/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\DAV\Server","type":"->","args":[]},{"file":"/nextcloud/www/remote.php","line":163,"args":["/nextcloud/www/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/nextcloud/www/apps/dav/lib/Connector/Sabre/File.php","Line":258,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows) mirall/2.5.2git (build 20190319) (Nextcloud)","version":"15.0.8.1"}
Thanks!
The text was updated successfully, but these errors were encountered: