Make sure that when a user copy a file from a directory they don't have
all permissions to a directory where they have more permissions, the
permissions are correctly set to the one from the parent taget folder.
This was caused by the ObjectStoreStorage::copyFromStorage using
the jailed storage and cache entry instead of the unjailed one like other
storages (the local one).
Steps to reproduce
+ Use object storage
+ Create a groupfolder with one group having full permission and another one
who can just read files.
+ With an user who is in the second group, copy a file from the groupfolder to
the home folder of this user.
+ The file in the home folder of the user will be read only and can't be deleted
even though it is in their home folder and they are the owner. In oc_filecache,
the permissions stored for this file are 1 (READ)
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
When using S3 storage, we sometimes have open_basedir errors due to aws-sdk-php trying to read ~/.aws/config which is out of open_basedir restrictions.
Christoph Wurst already added csm=false config in #21406 but it wasn't enough, we also need to set use_arn_region=false, added in this commit.
Signed-off-by: Florent <florent@coppint.com>
streams get closed automatically when dropped, and in some cases the stream seems to be already closed by the S3 library, in which case trying to close it again will raise an error
Signed-off-by: Robin Appelman <robin@icewind.nl>
The current phpdoc of IStorage#file_put_contents doesnt corresponds to
it's actual usage in code, e.g.
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
In the 99% case the bucket is just always there. And if it is not the
read/write will fail hard anyways. Esp on big instances the Objectstore
is not always fast and this can save a few hundered ms of each request
that acess the objectstore.
In short it is adding
'verify_bucket_exists' => false
To the S3 config part
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Since we try to do range requests this will fail hard.
However since empty files are not that interesting to read anyways we
just read from an emptry memory stream.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When we want to get the permissions we now do stat at least 5 times for
each entry. Which is a bit much. Especially since the permssions are all
just in the database already.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
If the object store errors we should not always delete the filecache
entry. As this might lead to people losing access to their files.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* introduces a new IRootMountProvider to register mount points inside the root storage
* adds a AppdataPreviewObjectStoreStorage to handle the split between preview folders and bucket number
Ref #22033
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
The S3 client enables this by default and then tries to read
`.aws/config`. This causes `open_basedir` restriction related error for
some setups. So this patch disables the CSM because it's most likely
unused anyway.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Some S3 providers need a custom upload part size (500 MB static value in Nextcloud).
Here is a commit to change this value via S3 configuration, instead of using S3_UPLOAD_PART_SIZE constant.
A new parameter is added for an S3 connection : uploadPartSize
Signed-off-by: Florent <florent@coppint.com>
Carl Schwan
Robin Appelman
Bernd Rederlechner
Julius Härtl
blizzz
Maxime Besson
Christoph Wurst
John Molakvoæ (skjnldsv)
Morris Jobke
Florent
Samuel
dependabot-preview[bot]
Roeland Jago Douma
Tigran Mkrtchyan
James Letendre
Roeland Jago Douma
Stephen Cuppett
Daniel Kesselberg