NC 13.0.4: Constant OC\ForbiddenException: This request is not allowed to access the filesystem #6541
Description
Steps to reproduce
- Use file encryption module
- Open log
Expected behaviour
No Error messages in log
Actual behaviour
Constant "OC\ForbiddenException: This request is not allowed to access the filesystem" entries (see below). Multiple per hours. PHP user is owner of NC directory (with sub directories).
General server configuration
Operating system: Linux hermes 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u3 (2017-08-15) x86_64
Web server: nginx/1.12.1 (fpm-fcgi)
Database: pgsql PostgreSQL 9.4.13 on x86_64-unknown-linux-gnu, compiled by gcc (Debian 4.9.2-10) 4.9.2, 64-bit
PHP version: 7.0.23-1~dotdeb+8.1
PHP-modules loaded
- Core
- date
- libxml
- openssl
- pcre
- zlib
- filter
- hash
- Reflection
- SPL
- session
- standard
- cgi-fcgi
- igbinary
- PDO
- xml
- calendar
- ctype
- curl
- dom
- mbstring
- fileinfo
- ftp
- gd
- gettext
- iconv
- imagick
- imap
- json
- exif
- mcrypt
- pdo_pgsql
- pgsql
- Phar
- posix
- readline
- redis
- shmop
- SimpleXML
- sockets
- sysvmsg
- sysvsem
- sysvshm
- tokenizer
- wddx
- xmlreader
- xmlwriter
- xsl
- zip
- Zend OPcache
Nextcloud configuration
Nextcloud version: 12.0.3 RC2 - 12.0.3.1
Updated from an older Nextcloud/ownCloud or fresh install: YOUR ANSWER HERE
Where did you install Nextcloud from: YOUR ANSWER HERE
Are you using external storage, if yes which one: Array
(
[0] => \OC\Files\Storage\Local
[1] => \OCA\Files_External\Lib\Storage\FTP
[2] => \OC\Files\Storage\DAV
[3] => \OCA\Files_External\Lib\Storage\OwnCloud
[4] => \OCA\Files_External\Lib\Storage\SFTP
[5] => \OCA\Files_External\Lib\Storage\AmazonS3
[6] => \OCA\Files_External\Lib\Storage\Dropbox
[7] => \OCA\Files_External\Lib\Storage\Google
[8] => \OCA\Files_External\Lib\Storage\Swift
[9] => \OCA\Files_External\Lib\Storage\SFTP
[10] => \OCA\Files_External\Lib\Storage\SMB
[11] => \OCA\Files_External\Lib\Storage\SMB
)
Are you using encryption: yes
Are you using an external user-backend, if yes which one:
Signing status
{
"calendar": {
"FILE_MISSING": {
".gitignore": {
"expected": "2ebfa9d965d970eb2f3356f80cbff785c90c9a0d7634b406e49cd4e311826eb4abb482d8be75557cff491837881af2795fc4bd3a8e8d42b24c56d3b53b9b5dee",
"current": ""
}
}
}
}
This is discussed here nextcloud/calendar#600
Enabled apps
- activity: 2.5.2
- admin_audit: 1.2.0
- admin_notifications: 1.0.0
- bookmarks: 0.10.1
- comments: 1.2.0
- contacts: 1.5.3
- dav: 1.3.0
- encryption: 1.6.0
- federatedfilesharing: 1.2.0
- federation: 1.2.0
- files: 1.7.2
- files_external: 1.3.0
- files_markdown: 2.0.1
- files_pdfviewer: 1.1.1
- files_sharing: 1.4.0
- files_texteditor: 2.4.1
- files_trashbin: 1.2.0
- files_versions: 1.5.0
- files_videoplayer: 1.1.0
- firstrunwizard: 2.1
- gallery: 17.0.0
- issuetemplate: 0.2.2
- logreader: 2.0.0
- lookup_server_connector: 1.0.0
- nextcloud_announcements: 1.1
- notes: 2.3.1
- notifications: 2.0.0
- oauth2: 1.0.5
- password_policy: 1.2.2
- provisioning_api: 1.2.0
- serverinfo: 1.2.0
- sharebymail: 1.2.0
- spreed: 2.0.1
- survey_client: 1.0.0
- systemtags: 1.2.0
- tasks: 0.9.5
- theming: 1.3.0
- twofactor_backupcodes: 1.1.1
- twofactor_totp: 1.3.1
- twofactor_u2f: 1.3.3
- updatenotification: 1.2.0
- workflowengine: 1.2.0
Disabled apps
- audioplayer
- calendar
- user_external
- user_ldap
Content of config/config.php
{
"instanceid": "oc676d29f5b0",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"***REMOVED SENSITIVE VALUE***"
],
"datadirectory": "\/owncloud\/data",
"dbtype": "pgsql",
"version": "12.0.3.1",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "localhost",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"forcessl": true,
"theme": "",
"maintenance": false,
"secret": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_from_address": "owncloud",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "***REMOVED SENSITIVE VALUE***",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"mail_smtpsecure": "tls",
"singleuser": false,
"forceSSLforSubdomains": true,
"loglevel": 2,
"filelocking.enabled": "false",
"memcache.local": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "localhost",
"port": 6379,
"timeout": 0,
"dbindex": 0
},
"trashbin_retention_obligation": "auto",
"updater.release.channel": "beta",
"overwrite.cli.url": "https:\/\/***REMOVED SENSITIVE VALUE***"
}
Client configuration
Browser: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.113 Chrome/60.0.3112.113 Safari/537.36
Operating system: Ubuntu 16.10
Logs
Web server error log
No seemingly related lines, will of course provide if told what to look for
Nextcloud log (data/nextcloud.log)
OC\ForbiddenException: This request is not allowed to access the filesystem
/owncloud/htdocs/lib/private/Files/View.php - line 1136: OC\Lockdown\Filesystem\NullStorage->mkdir('files_encryptio...')
/owncloud/htdocs/lib/private/Files/View.php - line 269: OC\Files\View->basicOperation('mkdir', '/*** sensitive parameters replaced ***/files_e...', Array)
/owncloud/htdocs/lib/private/Encryption/Keys/Storage.php - line 370: OC\Files\View->mkdir('/*** sensitive parameters replaced ***/files_e...')
/owncloud/htdocs/lib/private/Encryption/Keys/Storage.php - line 230: OC\Encryption\Keys\Storage->keySetPreparation('/*** sensitive parameters replaced ***/files_e...')
/owncloud/htdocs/lib/private/Encryption/Keys/Storage.php - line 115: OC\Encryption\Keys\Storage->setKey('/*** sensitive parameters replaced ***/files_e...', '-----BEGIN PUBL...')
/owncloud/htdocs/apps/encryption/lib/KeyManager.php - line 287: OC\Encryption\Keys\Storage->setUserKey('*** sensitive parameters replaced ***', 'publicKey', '-----BEGIN PUBL...', 'OC_DEFAULT_MODU...')
/owncloud/htdocs/apps/encryption/lib/KeyManager.php - line 246: OCA\Encryption\KeyManager->setPublicKey('*** sensitive parameters replaced ***', '-----BEGIN PUBL...')
/owncloud/htdocs/apps/encryption/lib/Users/Setup.php - line 77: OCA\Encryption\KeyManager->storeKeyPair('*** sensitive parameters replaced ***', '*** sensitive parameters replaced ***', Array)
/owncloud/htdocs/apps/encryption/lib/Hooks/UserHooks.php - line 183: OCA\Encryption\Users\Setup->setupUser('*** sensitive parameters replaced ***', '*** sensitive parameters replaced ***')
/owncloud/htdocs/lib/private/legacy/hook.php - line 106: OCA\Encryption\Hooks\UserHooks->login(*** sensitive parameters replaced ***)
/owncloud/htdocs/lib/private/Server.php - line 362: OC_Hook emit('OC_User', 'post_login', Array)
[internal function] OC\Server->OC\{closure}(Object(OC\User\User), '*** sensitive parameters replaced ***')
/owncloud/htdocs/lib/private/Hooks/EmitterTrait.php - line 99: call_user_func_array(Object(Closure), Array)
/owncloud/htdocs/lib/private/Hooks/PublicEmitter.php - line 33: OC\Hooks\BasicEmitter->emit('\\OC\\User', 'postLogin', Array)
/owncloud/htdocs/lib/private/User/Session.php - line 359: OC\Hooks\PublicEmitter->emit('\\OC\\User', 'postLogin', Array)
/owncloud/htdocs/lib/private/User/Session.php - line 588: OC\User\Session->completeLogin(*** sensitive parameters replaced ***)
/owncloud/htdocs/lib/private/User/Session.php - line 324: OC\User\Session->loginWithToken('*** sensitive parameters replaced ***')
/owncloud/htdocs/lib/private/User/Session.php - line 400: OC\User\Session->login(*** sensitive parameters replaced ***)
/owncloud/htdocs/apps/dav/lib/Connector/Sabre/Auth.php - line 129: OC\User\Session->logClientIn(*** sensitive parameters replaced ***)
/owncloud/htdocs/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php - line 105: OCA\DAV\Connector\Sabre\Auth->validateUserPass(*** sensitive parameters replaced ***)
/owncloud/htdocs/apps/dav/lib/Connector/Sabre/Auth.php - line 252: Sabre\DAV\Auth\Backend\AbstractBasic->check(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/owncloud/htdocs/apps/dav/lib/Connector/Sabre/Auth.php - line 154: OCA\DAV\Connector\Sabre\Auth->auth(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/owncloud/htdocs/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php - line 201: OCA\DAV\Connector\Sabre\Auth->check(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/owncloud/htdocs/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php - line 150: Sabre\DAV\Auth\Plugin->check(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
[internal function] Sabre\DAV\Auth\Plugin->beforeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/owncloud/htdocs/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105: call_user_func_array(Array, Array)
/owncloud/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php - line 466: Sabre\Event\EventEmitter->emit('beforeMethod', Array)
/owncloud/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/owncloud/htdocs/apps/dav/appinfo/v1/caldav.php - line 91: Sabre\DAV\Server->exec()
/owncloud/htdocs/remote.php - line 162: require_once('/owncloud/htdoc...')
{main}```
</details>