Nextcloud PreviewManager.php asks for unnecessary (?) accesses

ℹ️ Support
1

Nextcloud version: 21.0.1
Operating system and version: Arch
Apache or nginx version: nginx/1.18.0
PHP version: 8.0.3

The issue you are facing:

I noticed today that since about 3-4 weeks ago (no sure if something happened at that time) my nextcloud log is filled with error messages saying that open_basedir restriction in effect, see nextcloud log entry below. It seems that some part of nextcloud wants to access executable/-s in some paths that are not in the open_basedir list in php.ini.

The absolute majority (like 99% of +10k entries) is referring to the PreviewManager.php and is complaining that one of these paths:

/bin
/etc/webapps/
/opt/bin
/sbin
/usr/bin
/usr/local/bin
/usr/local/sbin
/usr/sbin

The other (like 1%) log entries are refering to Mail.php and searches for the same paths in the open_basedir list.

The open_basedir list looks like this, in php.ini:

open_basedir = /var/www/:/tmp/:/var/tmp/:/var/cache/:/var/lib/php/:/usr/share/webapps/:/etc/webapps/:/var/lib/phptmp/:
/<path>/data/nextcloud/:/var/lib/nextcloud/:/usr/bin/ffmpeg

What worries me is:

  • Should I really allow php to access all these directories? It doesn’t seem like I’m giving it minimal access if I do?
  • It seems like it sometimes complains about paths that are actually in the open_basedir, like /etc/webapps/ should I be looking at something else for the source of these errors? EDIT: The reason it complains about this one is probably because the directory doesn’t exist on the system (same with /opt/bin, though it’s not in the open_basedir either) the other directories exists on the system but not in the open_basedir, should they?
  • I’ve reinstalled the Preview Generator plugin but it doesn’t seem to solve the issue.

Finally: What causes this and what can I do about it?

Is this the first time you’ve seen this error?: Y

Steps to replicate it: Not sure

The output of your Nextcloud log in Admin > Logging:

{
  "reqId": "jkK2d60123WRaBcMx6",
  "level": 3,
  "time": "2021-04-29T15:50:46+00:00",
  "remoteAddr": "<ipaddr>",
  "user": "<user>",
  "app": "PHP",
  "method": "PROPFIND",
  "url": "/remote.php/webdav/some/path/to/file",
  "message": {
    "Exception": "Error",
    "Message": "is_dir(): open_basedir restriction in effect. File(/etc/webapps/) is not within the allowed path(s): (/var/www/:/tmp/:/var/tmp/:/var/cache/:/var/lib/php/:/usr/share/webapps/:/etc/webapps/:/var/lib/phptmp/:/<path>/data/nextcloud/:/var/lib/nextcloud/:/usr/bin/ffmpeg) at /var/www/nextcloud/3rdparty/symfony/process/ExecutableFinder.php#58",
    "Code": 0,
    "Trace": [
      {
        "function": "onError",
        "class": "OC\\Log\\ErrorHandler",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/3rdparty/symfony/process/ExecutableFinder.php",
        "line": 58,
        "function": "is_dir"
      },
      {
        "file": "/var/www/nextcloud/lib/private/legacy/OC_Helper.php",
        "line": 469,
        "function": "find",
        "class": "Symfony\\Component\\Process\\ExecutableFinder",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/PreviewManager.php",
        "line": 425,
        "function": "findBinaryPath",
        "class": "OC_Helper",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/private/PreviewManager.php",
        "line": 246,
        "function": "registerCoreProviders",
        "class": "OC\\PreviewManager",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/dav/lib/Connector/Sabre/FilesPlugin.php",
        "line": 361,
        "function": "isAvailable",
        "class": "OC\\PreviewManager",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/PropFind.php",
        "line": 95,
        "function": "OCA\\DAV\\Connector\\Sabre\\{closure}",
        "class": "OCA\\DAV\\Connector\\Sabre\\FilesPlugin",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/nextcloud/apps/dav/lib/Connector/Sabre/FilesPlugin.php",
        "line": 362,
        "function": "handle",
        "class": "Sabre\\DAV\\PropFind",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php",
        "line": 89,
        "function": "handleGetProperties",
        "class": "OCA\\DAV\\Connector\\Sabre\\FilesPlugin",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 1052,
        "function": "emit",
        "class": "Sabre\\DAV\\Server",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 984,
        "function": "getPropertiesByNode",
        "class": "Sabre\\DAV\\Server",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 1661,
        "function": "getPropertiesIteratorForPath",
        "class": "Sabre\\DAV\\Server",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 1646,
        "function": "writeMultiStatus",
        "class": "Sabre\\DAV\\Server",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php",
        "line": 346,
        "function": "generateMultiStatus",
        "class": "Sabre\\DAV\\Server",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php",
        "line": 89,
        "function": "httpPropFind",
        "class": "Sabre\\DAV\\CorePlugin",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 472,
        "function": "emit",
        "class": "Sabre\\DAV\\Server",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 253,
        "function": "invokeMethod",
        "class": "Sabre\\DAV\\Server",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 321,
        "function": "start",
        "class": "Sabre\\DAV\\Server",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/dav/appinfo/v1/webdav.php",
        "line": 84,
        "function": "exec",
        "class": "Sabre\\DAV\\Server",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/remote.php",
        "line": 167,
        "args": [
          "/var/www/nextcloud/apps/dav/appinfo/v1/webdav.php"
        ],
        "function": "require_once"
      }
    ],
    "File": "/var/www/nextcloud/lib/private/Log/ErrorHandler.php",
    "Line": 92,
    "CustomMessage": "--"
  },
  "userAgent": "Mozilla/5.0 (Android) Nextcloud-android/3.15.1",
  "version": "21.0.1.1",
  "id": "608ad5ef72b04"
}

The output of your config.php file in /path/to/nextcloud:

'enable_previews' => true,
  'enabledPreviewProviders' => 
  array (
    0 => 'OC\\Preview\\TXT',
    1 => 'OC\\Preview\\MarkDown',
    2 => 'OC\\Preview\\MSOffice2003',
    3 => 'OC\\Preview\\MSOffice2007',
    4 => 'OC\\Preview\\MSOfficeDoc',
    5 => 'OC\\Preview\\OpenDocument',
    6 => 'OC\\Preview\\StarOffice',
    7 => 'OC\\Preview\\PDF',
    8 => 'OC\\Preview\\Image',
    9 => 'OC\\Preview\\Photoshop',
    10 => 'OC\\Preview\\Illustrator',
    11 => 'OC\\Preview\\Postscript',
    12 => 'OC\\Preview\\TIFF',
    13 => 'OC\\Preview\\Font',
    14 => 'OC\\Preview\\MP3',
    15 => 'OC\\Preview\\Movie',
    16 => 'OC\\Preview\\MKV',
    17 => 'OC\\Preview\\MP4',
    18 => 'OC\\Preview\\AVI',
  )
2

I’ve also tried to disable the preview generator plugin, but it doesn’t seem to have any effect. I still see these errors in the log.