Core: Stop logging my data directory path in home page in case of error

Created on 15 Oct 2016  路  20Comments  路  Source: owncloud/core

Replicated from central.owncloud.com as suggested there.

Steps to reproduce

  1. store the user data on an external hard disk
  2. remove the hard disk or unmount it
  3. open the oc home page

    Expected behaviour

It should tell me there is a configuration error

Actual behaviour

The home page (available to everyone, logged or anonymous users) tells me there is a configuration error (the Data Directory is invalid) BUT it also tells everyone the path of the data directory. This is both a privacy and security concerns. I'm not sure if intentional or not, but I would disable the print of the full path in home page. I could not find any configuration how to disable this behaviour

Data directory (/full/path/to/data) is invalid
Please check that the data directory contains a file ".ocdata" in its root.

Server configuration

Operating system:
debian

Web server:
apache

Database:
mysql

PHP version:
5

ownCloud version: (see ownCloud admin page)
9.1

Updated from an older ownCloud or fresh install:
fresh install
Where did you install ownCloud from:
From the repository
Signing status (ownCloud 9.0 and above):

The content of config/config.php:

$CONFIG = array (
   'instanceid' => 'my.id',
   'passwordsalt' => 'pepper',
   'secret' => 'my.secret',
   'trusted_domains' =>
   array (
       0 => 'my.oc.com',
   ),
   'datadirectory' => '/full/path/to/data',
   'overwrite.cli.url' => 'https://my.oc.com',
   'dbtype' => 'mysql',
   'version' => '9.1.0.15',
   'dbname' => 'owncloud',
   'dbhost' => 'localhost',
   'dbtableprefix' => 'own_',
   'dbuser' => 'mydbuser',
   'dbpassword' => 'mydbpass',
   'logtimezone' => 'Europe/Paris',
   'logfile' => '/var/log/owncloud.log',
   'loglevel' => '2', // Warning
   'installed' => true,
   'cron_log' => true,
   'memcache.local' => '\OC\Memcache\APCu',
 );

Are you using external storage, if yes which one: local/smb/sftp/...
Local on an external hard disk
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
no

Bug core junior job statuSTALE
Source
picture LeonardoGentile

All 20 comments

Is you system 32 or 64 bit?
getconf LONG_BIT

tflidd picture tflidd on 15 Oct 2016

@tflidd it is 32 bit

LeonardoGentile picture LeonardoGentile on 15 Oct 2016

sorry, forget my comment, that should go to a completely different issue...

tflidd picture tflidd on 15 Oct 2016

The error log depends on the machine architecture? Really?
Hmm, ok..no I can't move to another installation at the moment.
Can you confirm me that is the source of the problem?

LeonardoGentile picture LeonardoGentile on 15 Oct 2016

I don't have an in-depth knowledge of the application architecture but from a simple search it came out this line, that basically is a translation version of a string being printed from somewhere I really don't know.

"Data directory (%s) is invalid" : "Data directory (%s) is invalid",

The relevant part here is the %s meaning that the string is expecting the path variable to be printed out.
That is exactly my point. If my enviroment is production I do not want the path to be printed.

LeonardoGentile picture LeonardoGentile on 15 Oct 2016

The error log depends on the machine architecture? Really?

Nope. @tflidd posted in the wrong issue as explained in https://github.com/owncloud/core/issues/26386#issuecomment-254000604

ghost picture ghost on 15 Oct 2016

Sorry for the confusion. Your error message is created here:
https://github.com/owncloud/core/blob/b0b1f1c9db5567124844e2e8e1ca8a9d418bc3b6/lib/private/legacy/util.php#L947-L953

tflidd picture tflidd on 15 Oct 2016

Ok, so how I do I stop this and other errors to print installation details in home page? Isn't there any options in config.php to tell that we are in dev vs prod environment to avoid this to happen?

LeonardoGentile picture LeonardoGentile on 16 Oct 2016

There is no such option. Thats why you where redirected to this issue tracker to request such one. :-)

ghost picture ghost on 16 Oct 2016
👍1

Hmm, this message is printed on the web page because it was originally intended for an admin who has misconfigured ownCloud, which usually happens at install or update time.

But for such cases like yours we should probably just log an error in owncloud.log and show a generic error message. But there's a catch: if the data dir is not found or writable, we can't access owncloud.log unless it is configured to be in a different location...
And if we can't log it, the admin has no chance to understand what's wrong.

Any better ideas ?

PVince81 picture PVince81 on 17 Oct 2016

Any better ideas ?

A config option "show_details" in the config.php only printing out the full path if its enabled in the config.php?

ghost picture ghost on 17 Oct 2016

Okay, simpler solution: remove the data directory from the message.
If the message says "data directory invalid" the admin will already think of looking at config.php and checking the data directory.

Would you like to submit a PR to kill the (%s) part of the message ?

PVince81 picture PVince81 on 17 Oct 2016

I noticed today that there might be more than a single data directory message that include it (for ex when permissions are wrong), so all the messages need to be adjusted.

PVince81 picture PVince81 on 18 Oct 2016

@PVince81 I'm not familiar with the core architecture but in many web framework there is the option to specify the working environment, like dev, prod, stage and according to these print debugging options (like the directory path) or just a generic message.
So I guess the choices here are either to remove all the logging from the the generated web pages or to introduce such notion of environment and adjust what should be printed according to it.

I guess the second option would require much more work, so it could be an improvement step after temporarily remove all the log details from the generated pages.

LeonardoGentile picture LeonardoGentile on 18 Oct 2016

Tagging as junior job, should be easy to find all the related messages and changing them to not output the data dir as part of the message.

PVince81 picture PVince81 on 20 Oct 2016

I'd rather go with the simplest solution here if it is already suitable.

PVince81 picture PVince81 on 20 Oct 2016

Hello! Is this bug up for grabs? I am newbie and can't wait to get started contributing to this awesome project :) Please let me know.

Thanks!

ashishmarwal picture ashishmarwal on 22 Oct 2016
1

@ashishmarwal Hey, welcome :-) The bugreport is tagged as a junior job (https://github.com/owncloud/core/issues/26386#issuecomment-255043038) so its a good start and everyone who wants to grab it can do that :-)

ghost picture ghost on 22 Oct 2016
👍1

fixed with PR.

JKawohl picture JKawohl on 18 Nov 2016

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 31 Jul 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hoerup picture hoerup  路  59Comments
schiessle picture schiessle  路  63Comments
bcutter picture bcutter  路  61Comments
LukasReschke picture LukasReschke  路  91Comments
ghost picture ghost  路  78Comments