Gnome integration ERROR - shell_exec() has been disabled for security reasons

Nextcloud version: 24.0.2
Operating system and version: Linux 4.18.0-147.8.1.el7h.lve.1.x86_64 x86_64
Apache or nginx version: I don’t know, hosted and installed by a provider
PHP version: 7.4.29

The issue you are facing:

I’m unable to connect to my Nextcloud using Gnome’s “Online Account” integration.

On my Laptop running Fedora36, I use the Online Account setting and try to login:
nextclouderror

Each time I try this, the logs in my Nextcloud show this error:

   Error: shell_exec() has been disabled for security reasons at /home/*myaccount*/domains/*myserver.fr*/private_html/apps/serverinfo/lib/OperatingSystems/DefaultOs.php#116
<<closure>>
   OC\Log\ErrorHandler::onError()
   /home/*myaccount*/domains/*myserver.fr*/private_html/apps/serverinfo/lib/OperatingSystems/DefaultOs.php - line 116:
   shell_exec()
   /home/*myaccount*/domains/*myserver.fr*/private_html/apps/serverinfo/lib/Os.php - line 70:
   OCA\ServerInfo\OperatingSystems\DefaultOs->getTime()
   /home/*myaccount*/domains/*myserver.fr*/private_html/apps/serverinfo/lib/Controller/ApiController.php - line 139:
   OCA\ServerInfo\Os->getTime()
   /home/*myaccount*/domains/*myserver.fr*/private_html/lib/private/AppFramework/Http/Dispatcher.php - line 225:
   OCA\ServerInfo\Controller\ApiController->BasicData()
   /home/*myaccount*/domains/*myserver.fr*/private_html/lib/private/AppFramework/Http/Dispatcher.php - line 133:
   OC\AppFramework\Http\Dispatcher->executeController()
   /home/*myaccount*/domains/*myserver.fr*/private_html/lib/private/AppFramework/App.php - line 172:
   OC\AppFramework\Http\Dispatcher->dispatch()
   /home/*myaccount*/domains/*myserver.fr*/private_html/lib/private/Route/Router.php - line 298:
   OC\AppFramework\App::main()
   /home/*myaccount*/domains/*myserver.fr*/private_html/ocs/v1.php - line 62:
   OC\Route\Router->match()
   /home/*myaccount*/domains/*myserver.fr*/private_html/ocs/v2.php - line 23:
   require_once("/home/*myaccou ... p")

In order to pinpoint the issue, I tried different tricks:

  1. I installed Nextcloud desktop client on my laptop and logged into my account without any issue. Everything worked as it should.
  2. I installed a “dummy” Nextcloud, created an account and connected to it via Gnome’s integration. Everything worked as it should.

Since login to my Nextcloud from the Desktop App worked, I assumed it was a Gnome integration problem. But because I can login from Gnome Account to another Nextcloud, I don’t know.

Research on that issue:

The problem looks similar to the one described here.
Like in that situation, my Nextcloud is hosted and installed by a provider (hosting my websites, and offering the Nextcloud hosting). But the conclusion is:

My provider dug into the problem and we came to the conclusion that it’s probably a Gnome bug.

I created a post in Gnome Discourse to ask for clues.

I also searched this forum for the shell_exec() error
But most of the time there is no answer, or it’s on another subject.

In this post I found an interesting response:

The Nextcloud log is spammed with shell_exec() has been disabled for security reasons at /var/www/www3018/htdocs/nextcloud/apps/serverinfo/lib/OperatingSystems/DefaultOs.php
But that is a know behavior, because the Nextcloud system info uses shell_exec which is not allowed on my server. See Github Issue

And the Github post links to other ones, but it doesn’t offer any workaround or useful information.

My questions

I understand there is a security reason for which shell_exec() is disabled, but I don’t know why Gnome Integration needs the shell_exec() command in order to login, while other applications don’t (Phone app, Desktop app) .

Is there a specific reason why Gnome’s Integration needs the shell-exec() command to be enabled on the Nextcloud server in order to login?
Would enabling shell-exec() solve the problem?
If so, how can I do that?
Would it render my Nextcloud less secure?
Is there another way to solve this problem?

I’ve revamped this post entirely to try to accurately describe what my problem is, and to update my ongoing researches on the matter.

I’m now at a point where I can’t find any more useful information, and since my knowledge on Nextcloud servers and php commands is close to zero, I’m very stuck.
I’ll take any advice you can give me on where to look, or what to do.

The error is from the serverinfo-app that uses shell_exec() which is not allowed on all systems. Try to disable the app and see if everything is working then. It might show up as “monitoring” in the app list.

1 Like

Thank you @tflidd for your reply!

I disabled “Monitoring” and “Usage Survey”, but that didn’t work. I tried to look for another monitoring app, but couldn’t spot one. Here’s my list of apps, maybe you’ll be able to find it:

In the meantime I’m going to disable each app one by one and try again, maybe that could work.

And you still get the error with the shell_exec()?

Right! Since the Gnome’s integration still wasn’t working, I didn’t check the logs assuming it would be the same.
So yes, I don’t get the shell_exec() error anymore. That’s a win, thank you.

That begs the question: why does Gnome’s integration trigger the Monitoring app (that uses shell_exec() and shouldn’t) while other applications that also require login in Nextcloud don’t?

Anyhow, I still get this annoying message when trying to connect my Nextcloud in Gnome.
nextclouderror

I tried to search for this Code:8 Error but cant’s find anything.

Can you try to login to the test setup on try.nextcloud.com? This way, you shouldn’t see unexpected server responses any more. If yes, there is some issue on your client (packages filtered/modified/…)

I already created a “dummy” Nextcloud to test the Gnome Integration on my computer and to pinpoint the issue. Like I said I my first post, the login went very fine.
I did it again on demo1.nextcloud.com and it connected without Error.

I found some Security&Setup warnings in my Nextcloud’s overview, maybe that could be relevant.

* You have not set or verified your email server configuration, yet
Because I don’t need one
*Your installation has no default phone region set
I don’t need phones either

The interesting bit could be this:

The database is missing some indexes [...]
    Missing index "fs_id_storage_size" in table "oc_filecache".
    Missing index "fs_storage_path_prefix" in table "oc_filecache".
    Missing index "properties_pathonly_index" in table "oc_properties".
    Missing index "job_lastcheck_reserved" in table "oc_jobs".
    Missing index "direct_edit_timestamp" in table "oc_direct_edit".

But again, I have multiple clients logged on the Nextcloud from Android apps, to Desktop apps, and calendars, and they all connect without issue.

What is this gnome application doing? Connecting all your cloud services (calendars, contacts, …)? In these cases, you might want to set up the service discovery correctly:
https://docs.nextcloud.com/server/latest/admin_manual/issues/general_troubleshooting.html#service-discovery

If that isn’t the issue, it can help to check the webserver logs when you try to connect via the gnome client. You can then see which resource the client is asking for and not receiving.

Execute:
sudo -u www-data php occ db:add-missing-indices

documentation

OK, so myserver.fr/.well-known/carddav and myserver.fr/.well-known/caldav are both redirecting to myserver.fr/remote.php/dav/ which seems to be the correct configuration, if I understand well.

As for Gnome webserver’s logs:
goa_http_client_check() failed: 8 - Message Corrupt
and the sender is gnome-control-c