Prevent running the files:scan command as the wrong user

9a2ed866 · Robin Appelman · b1116880 · 9a2ed866 · 9a2ed866
Commit 9a2ed866 authored 10 years ago by Robin Appelman
--- a/apps/files/command/scan.php
+++ b/apps/files/command/scan.php
@@ -9,6 +9,7 @@

 namespace OCA\Files\Command;

+use OC\ForbiddenException;
 use Symfony\Component\Console\Command\Command;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
@@ -32,28 +33,32 @@ class Scan extends Command {
 			->setName('files:scan')
 			->setDescription('rescan filesystem')
 			->addArgument(
-					'user_id',
-					InputArgument::OPTIONAL | InputArgument::IS_ARRAY,
-					'will rescan all files of the given user(s)'
-				     )
+				'user_id',
+				InputArgument::OPTIONAL | InputArgument::IS_ARRAY,
+				'will rescan all files of the given user(s)'
+			)
 			->addOption(
-					'all',
-					null,
-					InputOption::VALUE_NONE,
-					'will rescan all files of all known users'
-				   )
-		;
+				'all',
+				null,
+				InputOption::VALUE_NONE,
+				'will rescan all files of all known users'
+			);
 	}

 	protected function scanFiles($user, OutputInterface $output) {
 		$scanner = new \OC\Files\Utils\Scanner($user);
-		$scanner->listen('\OC\Files\Utils\Scanner', 'scanFile', function($path) use ($output) {
+		$scanner->listen('\OC\Files\Utils\Scanner', 'scanFile', function ($path) use ($output) {
 			$output->writeln("Scanning <info>$path</info>");
 		});
-		$scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function($path) use ($output) {
+		$scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function ($path) use ($output) {
 			$output->writeln("Scanning <info>$path</info>");
 		});
-		$scanner->scan('');
+		try {
+			$scanner->scan('');
+		} catch (ForbiddenException $e) {
+			$output->writeln("<error>Home storage for user $user not writable</error>");
+			$output->writeln("Make sure you're running the scan command only as the user the web server runs as");
+		}
 	}

 	protected function execute(InputInterface $input, OutputInterface $output) {

--- a/lib/private/files/utils/scanner.php
+++ b/lib/private/files/utils/scanner.php
@@ -11,6 +11,7 @@ namespace OC\Files\Utils;
 use OC\Files\View;
 use OC\Files\Cache\ChangePropagator;
 use OC\Files\Filesystem;
+use OC\ForbiddenException;
 use OC\Hooks\PublicEmitter;

 /**
@@ -104,6 +105,7 @@ class Scanner extends PublicEmitter {

 	/**
 	 * @param string $dir
+	 * @throws \OC\ForbiddenException
 	 */
 	public function scan($dir) {
 		$mounts = $this->getMounts($dir);
@@ -111,7 +113,14 @@ class Scanner extends PublicEmitter {
 			if (is_null($mount->getStorage())) {
 				continue;
 			}
-			$scanner = $mount->getStorage()->getScanner();
+			$storage = $mount->getStorage();
+			// if the home storage isn't writable then the scanner is run as the wrong user
+			if ($storage->instanceOfStorage('\OC\Files\Storage\Home') and
+				(!$storage->isCreatable('') or !$storage->isCreatable('files'))
+			) {
+				throw new ForbiddenException();
+			}
+			$scanner = $storage->getScanner();
 			$this->attachListener($mount);
 			$scanner->scan('', \OC\Files\Cache\Scanner::SCAN_RECURSIVE, \OC\Files\Cache\Scanner::REUSE_ETAG | \OC\Files\Cache\Scanner::REUSE_SIZE);
 		}