Server: allowSymlinks in /lib/private/Files/Storage/Local.php

Allowing symlinks creates a security issue since it allows users to gain access to files outside of their home directory with the access rights of the web server if they have the ability to create symlinks themselves.

The proper solution for your usecase seems to be using the ldap "User Home Folder Naming Rule" to have Nextcloud use /mnt/userdir/Exampleuser in the first place

Closing as per above

Allowing symlinks creates a security issue since it allows users to gain access to files outside of their home directory with the access rights of the web server if they have the ability to create symlinks themselves.

From my point of view, these are two different things. You can follow symlinks created by the system administrator and still prevent users from creating new ones. How is this related? Why is the first one being prevented? It broke my setup :cry:

Thanks!

Agreed with h-2. He does not ask for the ability of a user to create symlinks, but he wants NC to follow symlinks created by the administrator through a UNIX-like system.
See #1927 for additional description and use cases.

thank you @cgrima for the deeper explanation. looks like i was not clear enough.

@nickvergessen or @icewind1991 could you explain the reccomend way to implement this kind of feature without hitting your security rules?

Changing the variable $allowSymlinks to true does seem to work.
Not too sure about the vulnerabilities though.

Changed: /lib/private/Files/Storage/Local.php

In:

class Local extends \OC\Files\Storage\Common {
    protected $datadir;
    protected $dataDirLength;
    protected $allowSymlinks = false;
...

To:

    protected $allowSymlinks = true;

And I can see my symlinks contents (had to remove and re-add my external storage that has symlinks).

I don't care too much about other users, since this install only offer access to admins.

I dislike the fact that I had to change core files though, and that it will be lost with an update. But well, I will probably remove the external storages before updating anyways.

I wonder if allowing symlinks can not be set at the config.php file, would be nice.

PS: I have no option in this case, since the symlinks are crucial to this specific use case.

I'm not using symlink, but external storage that I reshare the shared folder to other users.
I having the same error in NC v11.0.

`fwrite() expects parameter 2 to be string, array given at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php#230

stream_get_contents() expects parameter 2 to be long, string given at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/3rdparty/sabre/http/lib/Message.php#81

imagecreatefromstring(): Empty string or invalid image at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/legacy/image.php#597

fclose() expects parameter 1 to be resource, boolean given at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#218`

I'm on NC 11.0.2, and still have the same issue.

Whenever I play my mp3 files, I get the errors.

Audio Player v1.4.1

imagecreatefromstring(): Empty string or invalid image at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/legacy/image.php#597    5 minutes ago
Error   PHP fclose() expects parameter 1 to be resource, boolean given at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#218 5 minutes ago
Error   PHP fread() expects parameter 1 to be resource, boolean given at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#217  5 minutes ago
Error   PHP fopen(/media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/data/tx7/files/media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/core/img/filetypes/audio.svg): failed to open stream: No such file or directory at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#216    5 minutes ago
Error   PHP filesize(): stat failed for /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/data/tx7/files/media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/core/img/filetypes/audio.svg at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#211 5 minutes ago
Error   PHP imagecreatefromstring(): Empty string or invalid image at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/legacy/image.php#597    5 minutes ago
Error   PHP fclose() expects parameter 1 to be resource, boolean given at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#218 5 minutes ago
Error   PHP fread() expects parameter 1 to be resource, boolean given at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#217  5 minutes ago
Error   PHP fopen(/media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/data/tx7/files/media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/core/img/filetypes/audio.svg): failed to open stream: No such file or directory at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#216    5 minutes ago
Error   PHP filesize(): stat failed for /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/data/tx7/files/media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/core/img/filetypes/audio.svg at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#211

Error   PHP imagecreatefromstring(): Empty string or invalid image at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/legacy/image.php#597    a few seconds ago
Error   PHP fclose() expects parameter 1 to be resource, boolean given at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#218 a few seconds ago
Error   PHP fread() expects parameter 1 to be resource, boolean given at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#217  a few seconds ago
Error   PHP fopen(/media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/data/tx7/files/media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/core/img/filetypes/audio.svg): failed to open stream: No such file or directory at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#216    a few seconds ago
Error   PHP filesize(): stat failed for /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/data/tx7/files/media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/core/img/filetypes/audio.svg at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#211 a few seconds ago
Error   PHP imagecreatefromstring(): Empty string or invalid image at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/legacy/image.php#597    a few seconds ago
Error   PHP fclose() expects parameter 1 to be resource, boolean given at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#218 a few seconds ago
Error   PHP fread() expects parameter 1 to be resource, boolean given at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#217  a few seconds ago
Error   PHP fopen(/media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/data/tx7/files/media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/core/img/filetypes/audio.svg): failed to open stream: No such file or directory at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#216    a few seconds ago
Error   PHP filesize(): stat failed for /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/data/tx7/files/media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/core/img/filetypes/audio.svg at /media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/lib/private/Files/Storage/Local.php#211

I need this feature because of limitations of my OS I have some symlinks and it would be nice if nexcloud would follow them. I think this should be possible to follow symlinks and disallow user to upload symlinks.

The reporter said that it would be useful to follow sylinks, not create them. Creating symlinks would be a security concern indeed, but following them would allow the server admin to better organize the internal storage, and maybe optimize parts of the storage.

In my case, I ran out of space in the data dir, I cannot add more storage (running on an ARM system, only one SATA port, cannot afford to buy a new HDD & reinstall everything). I had to insert one USB drive and move "slow-changing" parts of the data-dir to the USB drive, and symlink them.

I no longer have this issue in NC v12.

I have 12.0.3, and used to get Following symlinks is not allowed in the logs, before altering Local.php, as @tavinus suggested above. The current source code still disallows symlinks (https://github.com/nextcloud/server/blob/master/lib/private/Files/Storage/Local.php)

What you ( @tx7 ) reported above, seems like a different problem. You got missing files, related to the audio player, not symlink related problems.

A soulution could be to have a checkbox in the admin settings for external storage where the admin can choose to follow symlinks?

Even though allowing symlinks should be configurable IMHO there is an easy work around. Using bind mounts (Linux) or nullfs mounts (BSD):

mkdir /var/www/nextcloud/data/username/files/mydir
mount --bind /path/to/mydir /var/www/nextcloud/data/username/files/mydir

This way Nextcloud will not see mydir as a symbolic link even though the data really resides somewhere else on the file system.

@RichieB2B That was something what I initially have tried on FreeBSD but without longer mount paths this is quite hard https://lists.freebsd.org/pipermail/freebsd-fs/2017-April/024684.html and this will probably be FreeBSD 12 or something

The solution from @tavinus works still with nextcloud 12.0.4 but the integrity test for that file fails. Which is a bit annoying

And yes symlinks are still not allowed in 13 (beta) :-(

Since following symlinks already work, all that is needed is a way to set the symlink flag at runtime through configuration.

That is the easy part, just need setter/getter for the $Local->allowSymlinks property and a way to configure it (config.php or admin/storage page).

All of that is still kind of easy, even though I didn't notice anyone making a PR for it.

I am guessing that the reason no one did this is because it makes easier for people to do something that can be harmful.

To do it properly, one should test the vulnerabilities and try to implement countermeasures to it (if possible). Even so, there should be a disclaimer message on the problems and risks about turning symlinks on.

I still only have THAT ONE install running with this hack and that is a low priority / low traffic server. It is hard to deny that a lot of people need/want this though.

@tavinus The technical side is just one thing. The other is that the nextcloud devs doesn't want such a feature. Why should someone invest time to develop (and test!) such a feature if it wouldn't be accepted in the end. As long as no nextcould dev admit to this it makes no sense.