[QA] instance.sh forgets to chown everything

[jnweiger]

Seen while testing the scripts presented in
https://github.com/owncloud/docs-server/edit/10.11/modules/admin_manual/pages/installation/manual_installation/script_guided_install.adoc

Usecase: upgrade from oc10.9 to oc10.10

After the script is run, and the actions printed are taken:

SUCCESS

Please change to your upgraded ownCloud directory: cd /var/www/owncloud
Please manually run: sudo -u www-data ./occ upgrade
Copy any changes manually added in .user.ini and .htaccess from the backup directory
Please manually run: sudo -u www-data ./occ maintenance:mode --off
Please manually remove the directory of the old instance: /var/www/owncloud_2023-01-24-20.35.44
When successfully done, re-run this script to secure your .htaccess files

the owncloud instance should be in a sane state. That includes that everything is owned by www-data, so that e.g. the online updater would work.
I get:

---

This is caused, as the permissions look like this:

/var/www/owncloud# ls -la
total 616
drwxr-x--- 12 root     www-data   4096 Jan 24 20:36 .
drwxr-xr-x  5 root     root       4096 Jan 24 20:36 ..
-rw-r-----  1 root     www-data   3353 May 18  2022 .htaccess
-rw-r-----  1 root     www-data    163 May 18  2022 .user.ini
-rw-r-----  1 root     www-data   8859 May 18  2022 AUTHORS
-rw-r-----  1 root     www-data 434935 May 18  2022 CHANGELOG.md
-rw-r-----  1 root     www-data  34520 May 18  2022 COPYING
-rw-r-----  1 root     www-data   2425 May 18  2022 README.md
drwxr-x--- 53 www-data www-data   4096 May 18  2022 apps
lrwxrwxrwx  1 root     root         32 Jan 24 20:36 apps-external -> /mnt/owncloud_data/apps-external
drwxr-x---  2 www-data www-data   4096 Jan 24 20:36 config
-rw-r-----  1 root     www-data   4618 May 18  2022 console.php
drwxr-x--- 16 root     www-data   4096 May 18  2022 core
-rw-r-----  1 root     www-data   1717 May 18  2022 cron.php
lrwxrwxrwx  1 root     root         23 Jan 24 20:36 data -> /mnt/owncloud_data/data
-rw-r-----  1 root     www-data  31204 May 18  2022 db_structure.xml
-rw-r-----  1 root     www-data    179 May 18  2022 index.html
-rw-r-----  1 root     www-data   3518 May 18  2022 index.php
drwxr-x---  6 root     www-data   4096 May 18  2022 lib
-rwxr-x--x  1 root     www-data    283 May 18  2022 occ
drwxr-x---  2 root     www-data   4096 May 18  2022 ocm-provider
drwxr-x---  2 root     www-data   4096 May 18  2022 ocs
drwxr-x---  2 root     www-data   4096 May 18  2022 ocs-provider
-rw-r-----  1 root     www-data   3135 May 18  2022 public.php
-rw-r-----  1 root     www-data   5618 May 18  2022 remote.php
drwxr-x---  4 root     www-data   4096 May 18  2022 resources
-rw-r-----  1 root     www-data     26 May 18  2022 robots.txt
drwxr-x--- 12 root     www-data   4096 May 18  2022 settings
-rw-r-----  1 root     www-data   2231 May 18  2022 status.php
drwxr-x---  6 www-data www-data   4096 Nov 14  2019 updater
-rw-r-----  1 root     www-data    282 May 18  2022 version.php

Trivial fix:
chown -R www-data. .

[mmattel]

so that e.g. the online updater would work.

The online updater and the scripts can not and do not work together - for a good reason:

As you correctly highlight that when updating with the online updater, the updater needs full www-data permissions which are WEAK as you would then have full WRITE access by the webserver for core files opening a major security hole. Using the script means that you stay at the secure level as www-data only has READ access to those files.

Maybe this can be added to the documentation...

[mmattel]

Just a note, the referenced merged PR was a result of a discussion with @jnweiger