Nextcloud version: 21.0.1
Operating system and version: Arch
Apache or nginx version: nginx/1.18.0
PHP version: 8.0.3
The issue you are facing:
I noticed today that since about 3-4 weeks ago (no sure if something happened at that time) my nextcloud log is filled with error messages saying that open_basedir restriction in effect
, see nextcloud log entry below. It seems that some part of nextcloud wants to access executable/-s in some paths that are not in the open_basedir
list in php.ini
.
The absolute majority (like 99% of +10k entries) is referring to the PreviewManager.php
and is complaining that one of these paths:
/bin
/etc/webapps/
/opt/bin
/sbin
/usr/bin
/usr/local/bin
/usr/local/sbin
/usr/sbin
The other (like 1%) log entries are refering to Mail.php
and searches for the same paths in the open_basedir
list.
The open_basedir
list looks like this, in php.ini
:
open_basedir = /var/www/:/tmp/:/var/tmp/:/var/cache/:/var/lib/php/:/usr/share/webapps/:/etc/webapps/:/var/lib/phptmp/:
/<path>/data/nextcloud/:/var/lib/nextcloud/:/usr/bin/ffmpeg
What worries me is:
- Should I really allow php to access all these directories? It doesn’t seem like I’m giving it minimal access if I do?
-
It seems like it sometimes complains about paths that are actually in theEDIT: The reason it complains about this one is probably because the directory doesn’t exist on the system (same withopen_basedir
, like/etc/webapps/
should I be looking at something else for the source of these errors?/opt/bin
, though it’s not in theopen_basedir
either) the other directories exists on the system but not in theopen_basedir
, should they? - I’ve reinstalled the Preview Generator plugin but it doesn’t seem to solve the issue.
Finally: What causes this and what can I do about it?
Is this the first time you’ve seen this error?: Y
Steps to replicate it: Not sure
The output of your Nextcloud log in Admin > Logging:
{
"reqId": "jkK2d60123WRaBcMx6",
"level": 3,
"time": "2021-04-29T15:50:46+00:00",
"remoteAddr": "<ipaddr>",
"user": "<user>",
"app": "PHP",
"method": "PROPFIND",
"url": "/remote.php/webdav/some/path/to/file",
"message": {
"Exception": "Error",
"Message": "is_dir(): open_basedir restriction in effect. File(/etc/webapps/) is not within the allowed path(s): (/var/www/:/tmp/:/var/tmp/:/var/cache/:/var/lib/php/:/usr/share/webapps/:/etc/webapps/:/var/lib/phptmp/:/<path>/data/nextcloud/:/var/lib/nextcloud/:/usr/bin/ffmpeg) at /var/www/nextcloud/3rdparty/symfony/process/ExecutableFinder.php#58",
"Code": 0,
"Trace": [
{
"function": "onError",
"class": "OC\\Log\\ErrorHandler",
"type": "::"
},
{
"file": "/var/www/nextcloud/3rdparty/symfony/process/ExecutableFinder.php",
"line": 58,
"function": "is_dir"
},
{
"file": "/var/www/nextcloud/lib/private/legacy/OC_Helper.php",
"line": 469,
"function": "find",
"class": "Symfony\\Component\\Process\\ExecutableFinder",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/PreviewManager.php",
"line": 425,
"function": "findBinaryPath",
"class": "OC_Helper",
"type": "::"
},
{
"file": "/var/www/nextcloud/lib/private/PreviewManager.php",
"line": 246,
"function": "registerCoreProviders",
"class": "OC\\PreviewManager",
"type": "->"
},
{
"file": "/var/www/nextcloud/apps/dav/lib/Connector/Sabre/FilesPlugin.php",
"line": 361,
"function": "isAvailable",
"class": "OC\\PreviewManager",
"type": "->"
},
{
"file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/PropFind.php",
"line": 95,
"function": "OCA\\DAV\\Connector\\Sabre\\{closure}",
"class": "OCA\\DAV\\Connector\\Sabre\\FilesPlugin",
"type": "->",
"args": [
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/nextcloud/apps/dav/lib/Connector/Sabre/FilesPlugin.php",
"line": 362,
"function": "handle",
"class": "Sabre\\DAV\\PropFind",
"type": "->"
},
{
"file": "/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php",
"line": 89,
"function": "handleGetProperties",
"class": "OCA\\DAV\\Connector\\Sabre\\FilesPlugin",
"type": "->"
},
{
"file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 1052,
"function": "emit",
"class": "Sabre\\DAV\\Server",
"type": "->"
},
{
"file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 984,
"function": "getPropertiesByNode",
"class": "Sabre\\DAV\\Server",
"type": "->"
},
{
"file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 1661,
"function": "getPropertiesIteratorForPath",
"class": "Sabre\\DAV\\Server",
"type": "->"
},
{
"file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 1646,
"function": "writeMultiStatus",
"class": "Sabre\\DAV\\Server",
"type": "->"
},
{
"file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php",
"line": 346,
"function": "generateMultiStatus",
"class": "Sabre\\DAV\\Server",
"type": "->"
},
{
"file": "/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php",
"line": 89,
"function": "httpPropFind",
"class": "Sabre\\DAV\\CorePlugin",
"type": "->"
},
{
"file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 472,
"function": "emit",
"class": "Sabre\\DAV\\Server",
"type": "->"
},
{
"file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 253,
"function": "invokeMethod",
"class": "Sabre\\DAV\\Server",
"type": "->"
},
{
"file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 321,
"function": "start",
"class": "Sabre\\DAV\\Server",
"type": "->"
},
{
"file": "/var/www/nextcloud/apps/dav/appinfo/v1/webdav.php",
"line": 84,
"function": "exec",
"class": "Sabre\\DAV\\Server",
"type": "->"
},
{
"file": "/var/www/nextcloud/remote.php",
"line": 167,
"args": [
"/var/www/nextcloud/apps/dav/appinfo/v1/webdav.php"
],
"function": "require_once"
}
],
"File": "/var/www/nextcloud/lib/private/Log/ErrorHandler.php",
"Line": 92,
"CustomMessage": "--"
},
"userAgent": "Mozilla/5.0 (Android) Nextcloud-android/3.15.1",
"version": "21.0.1.1",
"id": "608ad5ef72b04"
}
The output of your config.php file in /path/to/nextcloud
:
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\TXT',
1 => 'OC\\Preview\\MarkDown',
2 => 'OC\\Preview\\MSOffice2003',
3 => 'OC\\Preview\\MSOffice2007',
4 => 'OC\\Preview\\MSOfficeDoc',
5 => 'OC\\Preview\\OpenDocument',
6 => 'OC\\Preview\\StarOffice',
7 => 'OC\\Preview\\PDF',
8 => 'OC\\Preview\\Image',
9 => 'OC\\Preview\\Photoshop',
10 => 'OC\\Preview\\Illustrator',
11 => 'OC\\Preview\\Postscript',
12 => 'OC\\Preview\\TIFF',
13 => 'OC\\Preview\\Font',
14 => 'OC\\Preview\\MP3',
15 => 'OC\\Preview\\Movie',
16 => 'OC\\Preview\\MKV',
17 => 'OC\\Preview\\MP4',
18 => 'OC\\Preview\\AVI',
)