Pretty url ( file permissions )

[Pe46dro]

Hi, there is a bug with file permissions. If i try to add:
'htaccess.RewriteBase' => '/'
In config/config.php and then i run
sudo -u www-data occ maintenance:update:htaccess
I got this message: .htaccess has been updated

But nothing nothing changes probably because htaccess owner is root.
I suggest to edit vm/static/setup_secure_permissions_nextcloud.sh and edit
chown ${htuser}:${htgroup} ${ncpath}/.htaccess

After changing file owner pretty url works fine.

[WaaromZoMoeilijk]

In my understanding the current way is more secure and it always was the recommended setting, I suppose they added the htaccess occ command later.... Although supporting the occ command for it to work like you pointed could be up for discussion @enoch85

[Pe46dro]

Maybe add the option to enable it during configuration to enable the pretty url and if the user answer yes the script will append to the .htaccess file the configuration to remove index.php
The script should also add 'htaccess.RewriteBase' => '/' to the configuration file.

[eplusk]

Hi, i tried to edit the config.php, changed the permission to 664 for .htaccess,
-rw-rw-r-- 1 root www-data 2630 Sep 1 13:57 .htaccess
run the maintenance:update:htaccess,
changed the permissions back
-rw-r--r-- 1 root www-data 2630 Sep 1 13:59 .htaccess
and now I have pretty URL also.

[Pe46dro]

Yes is what i have done to make it work

[enoch85]

We use a script to set secure permissions. The permissions are meant to be as secure as possible, and also recommended in the docs by both Nextcloud and ownCloud.

I'm on vacation for a few more weeks, but I'll let this be open for further discussion. Thanks for your efforts @Pe46dro :)

[enoch85]

@Pe46dro

But nothing nothing changes probably because htaccess owner is root.

Do you try to change the setting as root or with sudo?

This could be implemented in the startup-script, just need to find the time. Btw, the startup-script are run as root.

Another PR maybe @Pe46dro ? ;)

[Pe46dro]

I tried with sudo,
if tomorrow i have time i will try to make a PR 👍

[enoch85]

Thanks @Pe46dro you're awesome!

[enoch85]

If we change .htaccess to chown ${htuser}:${htgroup} ${ncpath}/.htaccess Then anyone will be able to see it, which is a big security risk.

There must be another solution to this issue.

[Pe46dro]

This prevent access to .htaccess file

<Files .htaccess>
order allow,deny
deny from all
</Files>

But if i temporary change of owner and then i run the htaccess update command should make all work fine, i have to test it and commit.

[enoch85]

@Pe46dro

But if i temporary change of owner and then i run the htaccess update command should make all work fine, i have to test it and commit.

Yes please. Make the change in nextcloud-startup-script.sh

Thanks!