Because Nextcloud is run as āapacheā or whatever web server user youāre using, and that user must have ownership of the NC installation files / webroot, itās possible for any user that has been given āLocalā mount permissions to mount the NC root, and be able to bring up the ~/nextcloud/config/config.php
file, giving them access to things like the database credentials, password salt, redis credentials, etc.
I know that Iām going to get answers like, donāt give local mount access, or use a secondary admin with fewer rights but these are bandaids for a glaring security issue. There are lots of reasons why you want to allow local mounts by your users, and there are also lots of scenarios where the admin user of Nextcloud should potentially be restricted from certain paths in the filesystem.
Is there a configuration option to completely lock out certain filesystem paths from the app configuration file, or the system configuration? (read: NOT FROM THE WEB CONSOLE, which defeats the purpose since the admin user would still be able to remove those locks).
If not, Iād like to propose a two-way config option that would create either an allow-list, or a deny-list, something like thisā¦
<?php
$CONFIG = array (
'external_storage' => array (
'paths_allow' => array (
'/mnt/',
'/home/%CURRENT_USER%/'
),
'paths_deny' => array (
'/mnt/not_this_folder/',
'/var/www/nextcloud/'
),
)
)
I know that in the example above, the block of the /var/www/nextcloud/
is not applicable in the context of whatās allowed, but I would suggest that paths_allow
and paths_deny
are not mutually exclusiveā¦ you wouldnāt have to use both, but you can if you need such as the case of /mnt/
where the a path is allowed but a specific sub-folder is denied.
If there is a facility to do this already, thatās great, please point it out, but if not, I would be willing to put time into a pull request to add this functionality to the app, and would appreciate suggestions.
Thanks,
Kevin.