Nextcloud version (eg, 20.0.5): 23.0.0
Operating system and version (eg, Ubuntu 20.04): FreeBSD 13.0-RELEASE-p7
Apache or nginx version (eg, Apache 2.4.25): 2.4.52
PHP version (eg, 7.4): 8.0
The issue you are facing: After a fresh installation of the current Nextcloud version with SQLite database, I can download the whole database file by entering the following URL in my browser:
https:///data/owncloud.db
No authentication is required by the server whatsoever.
Although Nextcloud recommends using a DBMS like MySQL, I think the SQLite database file should be well protected and not be placed under /usr/local/www.
My suggestion to the Nextcloud team is to move the data location under /var/db/nextcloud for example, which would be the location prescribed by man hier.
Is this the first time you’ve seen this error? (Y/N): Y
Steps to replicate it:
- Start with FreeBSD 13.0-RELEASE-p7
- Install apache24 v.2.4.52
- Install nextcloud-php80 v.23.0.0
- In the installation wizard select “SQLite database backend”.
- After logging in to Nextcloud type the following URL in your browser: https:///data/owncloud.db
The output of your Nextcloud log in Admin > Logging:
{"reqId":"6GOF5CQbIB1jdU5XWCfx","level":2,"time":"2022-02-07T07:21:24+00:00","remoteAddr":"10.0.92.6","user":"--","app":"no app in context","method":"GET","url":"/index.php","message":"Could not detect any host in https:///data/htaccesstest.txt","userAgent":"----","version":""}
{"reqId":"6GOF5CQbIB1jdU5XWCfx","level":2,"time":"2022-02-07T07:21:24+00:00","remoteAddr":"10.0.92.6","user":"--","app":"no app in context","method":"GET","url":"/index.php","message":"Could not detect any host in http:///data/htaccesstest.txt","userAgent":"----","version":""}
{"reqId":"JyPCYz9lf6kVBDOCY8bH","level":2,"time":"2022-02-07T07:21:35+00:00","remoteAddr":"10.0.92.6","user":"--","app":"no app in context","method":"POST","url":"/index.php","message":"Could not detect any host in https:///data/htaccesstest.txt","userAgent":"----","version":""}
{"reqId":"JyPCYz9lf6kVBDOCY8bH","level":2,"time":"2022-02-07T07:21:35+00:00","remoteAddr":"10.0.92.6","user":"--","app":"no app in context","method":"POST","url":"/index.php","message":"Could not detect any host in http:///data/htaccesstest.txt","userAgent":"----","version":""}
{"reqId":"6glVqOIexF2LBtJwrsSh","level":3,"time":"2022-02-07T07:22:10+00:00","remoteAddr":"10.0.92.6","user":"admin","app":"index","method":"GET","url":"/index.php/apps/theming/favicon/files?v=0","message":"Could not create folder","userAgent":"----","version":"23.0.0.10","exception":{"Exception":"OCP\\Files\\NotPermittedException","Message":"Could not create folder","Code":0,"Trace":[{"file":"/usr/local/www/nextcloud/lib/private/Files/AppData/AppData.php","line":156,"function":"newFolder","class":"OC\\Files\\Node\\Folder","type":"->"},{"file":"/usr/local/www/nextcloud/apps-pkg/theming/lib/ImageManager.php","line":156,"function":"newFolder","class":"OC\\Files\\AppData\\AppData","type":"->"},{"file":"/usr/local/www/nextcloud/apps-pkg/theming/lib/ImageManager.php","line":171,"function":"getCacheFolder","class":"OCA\\Theming\\ImageManager","type":"->"},{"file":"/usr/local/www/nextcloud/apps-pkg/theming/lib/Controller/IconController.php","line":127,"function":"getCachedImage","class":"OCA\\Theming\\ImageManager","type":"->"},{"file":"/usr/local/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":217,"function":"getFavicon","class":"OCA\\Theming\\Controller\\IconController","type":"->"},{"file":"/usr/local/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":126,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/local/www/nextcloud/lib/private/AppFramework/App.php","line":157,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/local/www/nextcloud/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/usr/local/www/nextcloud/lib/base.php","line":1006,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/usr/local/www/nextcloud/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/usr/local/www/nextcloud/lib/private/Files/Node/Folder.php","Line":173,"CustomMessage":"--"}}
{"reqId":"PpdqFV5zE8drSm0E2U43","level":3,"time":"2022-02-07T07:22:25+00:00","remoteAddr":"10.0.92.6","user":"admin","app":"index","method":"GET","url":"/index.php/core/preview?fileId=34&x=32&y=32","message":"Could not create folder","userAgent":"----","version":"23.0.0.10","exception":{"Exception":"OCP\\Files\\NotPermittedException","Message":"Could not create folder","Code":0,"Trace":[{"file":"/usr/local/www/nextcloud/lib/private/Files/AppData/AppData.php","line":156,"function":"newFolder","class":"OC\\Files\\Node\\Folder","type":"->"},{"file":"/usr/local/www/nextcloud/lib/private/Preview/Storage/Root.php","line":74,"function":"newFolder","class":"OC\\Files\\AppData\\AppData","type":"->"},{"file":"/usr/local/www/nextcloud/lib/private/Preview/Generator.php","line":472,"function":"newFolder","class":"OC\\Preview\\Storage\\Root","type":"->"},{"file":"/usr/local/www/nextcloud/lib/private/Preview/Generator.php","line":132,"function":"getPreviewFolder","class":"OC\\Preview\\Generator","type":"->"},{"file":"/usr/local/www/nextcloud/lib/private/Preview/Generator.php","line":109,"function":"generatePreviews","class":"OC\\Preview\\Generator","type":"->"},{"file":"/usr/local/www/nextcloud/lib/private/PreviewManager.php","line":212,"function":"getPreview","class":"OC\\Preview\\Generator","type":"->"},{"file":"/usr/local/www/nextcloud/core/Controller/PreviewController.php","line":169,"function":"getPreview","class":"OC\\PreviewManager","type":"->"},{"file":"/usr/local/www/nextcloud/core/Controller/PreviewController.php","line":142,"function":"fetchPreview","class":"OC\\Core\\Controller\\PreviewController","type":"->"},{"file":"/usr/local/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":217,"function":"getPreviewByFileId","class":"OC\\Core\\Controller\\PreviewController","type":"->"},{"file":"/usr/local/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":126,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/local/www/nextcloud/lib/private/AppFramework/App.php","line":157,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/local/www/nextcloud/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/usr/local/www/nextcloud/lib/base.php","line":1006,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/usr/local/www/nextcloud/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/usr/local/www/nextcloud/lib/private/Files/Node/Folder.php","Line":173,"CustomMessage":"--"}}
{"reqId":"uHP5TWHo0fSlCmm7cJq0","level":2,"time":"2022-02-08T22:07:24+00:00","remoteAddr":"10.0.92.6","user":"--","app":"no app in context","method":"POST","url":"/index.php/login","message":"Login failed: admin (Remote IP: 10.0.92.6)","userAgent":"----","version":"23.0.0.10"}
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'apps_paths' =>
array (
0 =>
array (
'path' => '/usr/local/www/nextcloud/apps',
'url' => '/apps',
'writable' => true,
),
1 =>
array (
'path' => '/usr/local/www/nextcloud/apps-pkg',
'url' => '/apps-pkg',
'writable' => false,
),
),
'logfile' => '/var/log/nextcloud/nextcloud.log',
'memcache.local' => '\\OC\\Memcache\\APCu',
'instanceid' => '---',
'passwordsalt' => '---',
'secret' => '---',
'trusted_domains' =>
array (
0 => '-----',
),
'datadirectory' => '/usr/local/www/nextcloud/data',
'dbtype' => 'sqlite3',
'version' => '23.0.0.10',
'overwrite.cli.url' => '----',
'installed' => true,
);