[solved] Updater app failed (open_basedir restriction in effect...)

nobody1407 · April 25, 2017, 8:45am

Hey guys! I have some problems with the “Updater”-App.
I can’t update Nextcloud, because it failed at step “Check for write permissions”.

Nextcloud version:
11.0.2

Operating system and version:
Debian 8.7

Apache or nginx version:
1.10.3

PHP version:
PHP 7.0.17-1~dotdeb+8.1

Is this the first time you’ve seen this error?:
No (manual before)

Can you reliably replicate it? (If so, please outline steps):
Every time

The issue you are facing:
SplFileInfo::isDir(): open_basedir restriction in effect. File(/var/www/nextcloud/updater/…/…) is not within the allowed path(s): (/var/www/nextcloud:/var/www/nextcloud/updater:/tmp:/var/oc_data:/dev/urandom:/media/nfs-homeserver-backup-rsync:/media/nfs-homeserver-filme-musik:/srv/http/nextcloud/data:/var/www/data)

The output of your Nextcloud log in:
without errors

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php $CONFIG = array ( 'instanceid' => '***REMOVED***', 'passwordsalt' => '***REMOVED***', 'secret' => '***REMOVED***', 'trusted_domains' => array ( 0 => '***REMOVED***', 1 => '***REMOVED***', 2 => '***REMOVED***', 3 => 'https://localhost:9980', ), 'datadirectory' => '/var/www/data', 'overwrite.cli.url' => '***REMOVED***', 'dbtype' => 'mysql', 'version' => '11.0.2.7', 'dbname' => '***REMOVED***', 'dbhost' => 'localhost', 'dbtableprefix' => 'oc_', 'dbuser' => '***REMOVED***', 'dbpassword' => '***REMOVED***', 'logtimezone' => 'Europe/Berlin', 'installed' => true, 'memcache.local' => '\\OC\\Memcache\\Redis', 'filelocking.enabled' => 'true', 'memcache.distributed' => '\\OC\\Memcache\\Redis', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'redis' => array ( 'host' => 'localhost', 'port' => 6379, 'timeout' => 0, 'dbindex' => 0, ), 'log_type' => 'owncloud', 'log_authfailip' => true, 'mail_smtpmode' => 'php', 'mail_smtpsecure' => 'tls', 'mail_from_address' => 'nicht-antworten', 'mail_domain' => '***REMOVED***', 'mail_smtpauth' => 1, 'mail_smtphost' => '***REMOVED***', 'mail_smtpport' => '***REMOVED***', 'mail_smtpname' => '***REMOVED***', 'mail_smtppassword' => '***REMOVED***', 'mail_smtpauthtype' => 'LOGIN', 'maintenance' => false, 'appstore.experimental.enabled' => true, 'theme' => '', 'loglevel' => 1, 'activity_expire_days' => 30, 'enable_previews' => true, 'htaccess.RewriteBase' => '/', 'updater.secret' => '***REMOVED***', 'asset-pipeline.enabled' => true, 'preview_max_scale_factor' => 1, 'enabledPreviewProviders' => array ( 0 => 'OC\\Preview\\PNG', 1 => 'OC\\Preview\\JPEG', 2 => 'OC\\Preview\\GIF', 11 => 'OC\\Preview\\Illustrator', 12 => 'OC\\Preview\\Postscript', 13 => 'OC\\Preview\\Photoshop', 14 => 'OC\\Preview\\TIFF', ), 'updater.release.channel' => 'stable', ); The output of your Apache/nginx/system log: ***without nextcloud errors*** --- It would be nice if anyone can help me

nobody1407 · April 26, 2017, 6:55am

Okay, I can solve this problem temporary…

I changed

/etc/php/7.0/fpm/pool.d/nextcloud.conf
php_admin_value[open_basedir] = /var/www/nextcloud:/tmp:/var/oc_data:/dev/urandom:/srv/http/nextcloud/data:/var/www/data

into

php_admin_value[open_basedir] = none

This isn’t a good solution, but it works fine and its only for a few minutes… Maybe you can stopp the port forwarding on your router and start the updater app local…

If you found some grammar mistakes…sorry

eehmke · March 17, 2018, 2:30pm

This is indeed a bad solution, as it disables the open_basedir protection. In my case, I have the nextcloud instance installed as a virtual host in apache, and the vhost configuration contains the line:

php_admin_value open_basedir /<nc root here>:<data directory here>:/dev/urandom:/tmp

Works fine.

nobody1407 · March 20, 2018, 5:49am

Yes, I know. Thats the reason to change this line (manually) only to update Nextcloud. Since May/June 2017 it works without the changes.