Core: Username 'meta' login problem

Created on 3 Sep 2018  路  13Comments  路  Source: owncloud/core

Steps to reproduce

  1. Create a user named meta
  2. Try to login on the webUI as user meta

Expected behaviour

Normal login, skeleton files displayed.

Actual behaviour

"Internal server error"

Note: I added some error_log() calls to the various newFolder() methods to see which one is being called and the value of $path

[Mon Sep  3 08:24:35 2018] PDD: AbstractFolder newFolder /files
[Mon Sep  3 08:24:35 2018] Exception: {"Exception":"OCP\\Files\\NotPermittedException","Message":"","Code":0,"Trace":"#0 \/home\/phil\/git\/owncloud\/core\/lib\/private\/Files\/Node\/Root.php(370): OC\\Files\\Node\\AbstractFolder->newFolder('\/files')\n#1 \/home\/phil\/git\/owncloud\/core\/lib\/private\/Server.php(1030): OC\\Files\\Node\\Root->getUserFolder('meta')\n#2 \/home\/phil\/git\/owncloud\/core\/lib\/private\/User\/Session.php(444): OC\\Server->getUserFolder('meta')\n#3 \/home\/phil\/git\/owncloud\/core\/lib\/private\/User\/Session.php(532): OC\\User\\Session->prepareUserLogin(true)\n#4 \/home\/phil\/git\/owncloud\/core\/lib\/private\/User\/Session.php(332): OC\\User\\Session->loginWithPassword(*** sensitive parameters replaced ***)\n#5 \/home\/phil\/git\/owncloud\/core\/core\/Controller\/LoginController.php(203): OC\\User\\Session->login(*** sensitive parameters replaced ***)\n#6 \/home\/phil\/git\/owncloud\/core\/lib\/private\/AppFramework\/Http\/Dispatcher.php(153): OC\\Core\\Controller\\LoginController->tryLogin(*** sensitive parameters replaced ***)\n#7 \/home\/phil\/git\/owncloud\/core\/lib\/private\/AppFramework\/Http\/Dispatcher.php(85): OC\\AppFramework\\Http\\Dispatcher->executeController(Object(OC\\Core\\Controller\\LoginController), 'tryLogin')\n#8 \/home\/phil\/git\/owncloud\/core\/lib\/private\/AppFramework\/App.php(100): OC\\AppFramework\\Http\\Dispatcher->dispatch(Object(OC\\Core\\Controller\\LoginController), 'tryLogin')\n#9 \/home\/phil\/git\/owncloud\/core\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php(47): OC\\AppFramework\\App::main('LoginController', 'tryLogin', Object(OC\\AppFramework\\DependencyInjection\\DIContainer), Array)\n#10 \/home\/phil\/git\/owncloud\/core\/lib\/private\/Route\/Router.php(342): OC\\AppFramework\\Routing\\RouteActionHandler->__invoke(Array)\n#11 \/home\/phil\/git\/owncloud\/core\/lib\/base.php(907): OC\\Route\\Router->match('\/login')\n#12 \/home\/phil\/git\/owncloud\/core\/index.php(54): OC::handleRequest()\n#13 {main}","File":"\/home\/phil\/git\/owncloud\/core\/lib\/private\/Files\/Node\/AbstractFolder.php","Line":82}

Server configuration

Operating system:
Ubuntu 18.04
Web server:
PHP dev server

Database:
mySQL

PHP version:
7.1.20

ownCloud version: (see ownCloud admin page)
Current core master from git

Bug p3-medium
Source
picture phil-davis

Most helpful comment

in general my suggestion would be to change the internal VFS and also the structure of the home folder to properly separate user data. Currently it's a legacy mess https://github.com/owncloud/core/issues/18029.

and then have all the meta, avatars, etc stuff also in an own folder. this way there wouldn't be any conflicts.

so the homes would become "/users/vincent/files/..." instead of "/vincent/files".
and metadata would be "/metadata/meta/..." instead of "/meta"
and avatars would be "/metadata/avatars/..." instead of "/avatars"

@DeepDiver1975 @butonic

picture PVince81 on 8 Oct 2018
👍2

All 13 comments

When logging in as another ordinary username like meta1 my error_log() shows:

[Mon Sep  3 08:30:05 2018] PDD: Folder newFolder /files
[Mon Sep  3 08:30:05 2018] PDD: Folder newFolder simple-folder
[Mon Sep  3 08:30:06 2018] PDD: Folder newFolder simple-empty-folder
[Mon Sep  3 08:30:08 2018] PDD: Folder newFolder str盲ng茅 啶ㄠ啶ぞ啶侧 folder
[Mon Sep  3 08:30:10 2018] PDD: Folder newFolder simple-empty-folder
[Mon Sep  3 08:30:11 2018] PDD: Folder newFolder simple-empty-folder
[Mon Sep  3 08:30:11 2018] PDD: Folder newFolder 'single'quotes
[Mon Sep  3 08:30:11 2018] PDD: Folder newFolder simple-empty-folder
[Mon Sep  3 08:30:12 2018] PDD: Folder newFolder str盲ng茅 啶ㄠ啶ぞ啶侧 folder empty
[Mon Sep  3 08:30:12 2018] PDD: Folder newFolder simple-empty-folder
[Mon Sep  3 08:30:12 2018] PDD: Folder newFolder folder with space
[Mon Sep  3 08:30:13 2018] PDD: Folder newFolder simple-empty-folder
[Mon Sep  3 08:30:15 2018] PDD: Folder newFolder 0

The code is finding the newFolder() method in lib/private/Files/Node/Folder.php and it happily creates the /files folder followed by each of the folders in my skeleton.

But when the username is meta it somehow ends up in lib/private/Files/Node/AbstractFolder.php and all that knows is to throw new NotPermittedException()

phil-davis picture phil-davis on 3 Sep 2018

See initial user report in comment https://github.com/owncloud/core/pull/29207#issuecomment-417957639

phil-davis picture phil-davis on 3 Sep 2018

GitMate.io thinks the contributor most likely able to help you is @PVince81.

Possibly related issues are https://github.com/owncloud/core/issues/18565 (Securing login), https://github.com/owncloud/core/issues/16431 (Recover login password), https://github.com/owncloud/core/issues/27742 (Login Problem after upgrading), https://github.com/owncloud/core/issues/3422 (Any login will work), and https://github.com/owncloud/core/issues/16764 (Owncloud login problem).

ownclouders picture ownclouders on 3 Sep 2018

"meta" is now used in the node API to access versions and other things.

we need to:

  • [ ] update documentation to mention reserved user names ("avatars" is also one of them on another level)
  • [ ] fix user manager and account manager to disallow/skip such users

@DeepDiver1975 FYI

PVince81 picture PVince81 on 4 Sep 2018

Hello!

I've spent 8 hours resolving this "meta" problem after 9.1.8 -> 10.0.10.4 upgrade

"meta" is my main user, admin and shares a ton of seperate folders to other 30 users.

What are my options. Why don't you make an upgrade script that auto renames "meta" username to something else.

Is it also possible that you don't make "meta" a reserved username?

Thanks, Bojan

bojanpog picture bojanpog on 6 Oct 2018

Note: I'm sure there is another issue about other user names that do not work and should be prevented. But I am having trouble finding it right now.

User avatars

~/git/owncloud/core$ ls -l data/avatars/
total 100
drwxr-xr-x 3 phil phil 4096 Sep 15 20:19 21
drwxr-xr-x 3 phil phil 4096 Sep 15 21:03 24
drwxr-xr-x 3 phil phil 4096 Sep 28 18:50 25
drwxr-xr-x 3 phil phil 4096 Sep 15 20:56 3d
drwxr-xr-x 3 phil phil 4096 Oct  2 06:02 45
drwxr-xr-x 3 phil phil 4096 Sep 28 18:51 47
drwxr-xr-x 3 phil phil 4096 Sep 23 20:35 61
drwxr-xr-x 3 phil phil 4096 Oct  2 18:54 63
drwxr-xr-x 3 phil phil 4096 Sep 29 17:33 64
drwxr-xr-x 3 phil phil 4096 Oct  3 18:53 65
drwxr-xr-x 3 phil phil 4096 Sep 29 14:59 75
drwxr-xr-x 3 phil phil 4096 Sep 25 02:08 7e
drwxr-xr-x 3 phil phil 4096 Sep 25 02:09 92
drwxr-xr-x 3 phil phil 4096 Sep 25 02:01 ab
drwxr-xr-x 3 phil phil 4096 Oct  6 06:38 ae
drwxr-xr-x 3 phil phil 4096 Oct  2 06:02 c8
drwxr-xr-x 2 phil phil 4096 Oct  6 06:38 cache
drwxr-xr-x 3 phil phil 4096 Sep 28 18:50 d1
drwxr-xr-x 3 phil phil 4096 Sep 28 18:50 d6
drwxr-xr-x 3 phil phil 4096 Sep 27 21:46 f0
drwxr-xr-x 3 phil phil 4096 Sep 23 09:31 f3
drwxr-xr-x 3 phil phil 4096 Sep 27 21:51 f5
drwxr-xr-x 3 phil phil 4096 Sep 28 18:50 fe
drwxr-xr-x 9 phil phil 4096 Oct  6 06:38 files
drwxr-xr-x 2 phil phil 4096 Oct  6 06:38 files_zsync

It does not crash right away, but something bad is going to happen with the avatars user files folder(s) mixed in with the folders that store the avatars.

files_external looks like another one that would not be a good username - there is a files_external folder already in the data dir.

These ones are a problem because the storage of user's files sits in the same data folder as some other meta-data folders that store system-wide stuff. The user data folders should be a level lower, so that the username namespace is not polluted by these other meta-data folder names.

phil-davis picture phil-davis on 6 Oct 2018

I think it is very dangerous to use such a common usernames for "system operations", expecially bloking them in version 10. If it would be version <=1.0 , the problem wouldn't great.

I suggest renaming for example "meta" to "oc_api_metadata" and block creating new usernames staring with "oc_.." . I am quite sure no username collisions would occure in the future.

BR, Bojan

bojanpog picture bojanpog on 6 Oct 2018

in general my suggestion would be to change the internal VFS and also the structure of the home folder to properly separate user data. Currently it's a legacy mess https://github.com/owncloud/core/issues/18029.

and then have all the meta, avatars, etc stuff also in an own folder. this way there wouldn't be any conflicts.

so the homes would become "/users/vincent/files/..." instead of "/vincent/files".
and metadata would be "/metadata/meta/..." instead of "/meta"
and avatars would be "/metadata/avatars/..." instead of "/avatars"

@DeepDiver1975 @butonic

PVince81 picture PVince81 on 8 Oct 2018
👍2

Everything should be an app. What about /<appname>/<userid>? files becomes /files/vincent. How stuff is organized underneath is up to the app.

butonic picture butonic on 8 Oct 2018

Hello!

So, what is the best solution to solve this "meta" username problem?

  • create new user
  • migrate files with transfer-ownership command

Questions:

  • is it possible to avoid copying files to new username and duplicate disk usage, because meta user has a lot of files

  • in new user, all files are transfer to new folder: [transfered-date..] . How can I then move those files to root folder?

  • old "meta" user has a lot of sharings made to other users. Will all sharings be keep with command transfer-ownership ??

bojanpog picture bojanpog on 5 Feb 2019

Following my comment on #18029 I have change my ldap configuration to use the UUID instead of the username as the home folder, but the issue actually remain.

It seems to not only a path issue then but maybe also require that the user_id to not clash with those special folder?

If I go in the DB I see that my user has a UUID for his home:

MariaDB [nin-aurora-nothing-ch]> select home from oc_accounts where user_id='meta';
+----------------------------------------------------+
| home                                               |
+----------------------------------------------------+
| /mnt/owncloud/78a1e5d4-1834-11e7-a2b8-ce771b3d813f |
+----------------------------------------------------+
1 row in set (0.00 sec)

But when connecting I have the same issue has before:

{"reqId":"yT6CIPmMX7wXXyrw87KK","level":3,"time":"2019-06-22T05:14:52+00:00","remoteAddr":"192.168.10.2","user":"meta","app":"index","method":"POST","url":"\/index.php\/login","m
essage":"Exception: {\"Exception\":\"OCP\\\\Files\\\\NotPermittedException\",\"Message\":\"\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/N
ode\\\/Root.php(370): OC\\\\Files\\\\Node\\\\AbstractFolder->newFolder('\\\/files')\\n#1 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Server.php(1032): OC\\\\Files\\\\Node\\\\
Root->getUserFolder('meta')...
Mayeu picture Mayeu on 22 Jun 2019

Do not create user names:

avatars
files_external (see issue #37267 )
files_encryption (see issue #37267 )
meta

and?

phil-davis picture phil-davis on 16 Apr 2020
👍1

PR #37268 has been merged. It prevents creating any of these "special" user names. That should be released in 10.5.0

If you find other "special" user names that should be banned, then please open an issue and they can easily be added to the list.

phil-davis picture phil-davis on 5 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

bcutter picture bcutter  路  61Comments
klausguenter picture klausguenter  路  104Comments
spezifanta picture spezifanta  路  69Comments
LukasReschke picture LukasReschke  路  91Comments
Wikinaut picture Wikinaut  路  86Comments