server
server copied to clipboard
nextcloud
[Bug]: Access control inhibits removal of remote share
⚠️ This issue respects the following points: ⚠️
- [X] This is a bug, not a question or a configuration/webserver/proxy issue.
- [X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- [X] I agree to follow Nextcloud's Code of Conduct.
Bug description
When sharing a directory with a remote nextcloud server, where the remote user can not access the directory due to access control, the remote user can accept a share, but it is impossible to leave the share, instead the interface complains: 'Error deleting file "<name of folder>"'
Steps to reproduce
- Block access to a folder in such a way that a remote user can not access it.
- Share that folder with a remote user
- Remote user accepts tha share, which is listed as pending, and tries to leave the share
Expected behavior
Remote user should be able to leave a share, no matter what the access control on the shareing server says
Installation method
None
Nextcloud Server version
27
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.2
Web server
Apache (supported)
Database engine version
MySQL
Is this bug present after an update or on a fresh install?
Fresh Nextcloud Server install
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
- [X] Default user-backend (database)
- [ ] LDAP/ Active Directory
- [X] SSO - SAML
- [X] Other
Configuration report
{
"system": {
"app_install_overwrite": [
"globalsiteselector"
],
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"appstoreenabled": false,
"config_is_read_only": true,
"csrf.disabled": true,
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"dbport": "3306",
"dbtableprefix": "oc_",
"dbtype": "mysql",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"default_phone_region": "SE",
"drive_email_template_text_left": "G\u00e5 till Sunet Drive",
"drive_email_template_plain_text_left": "G\u00e5 till Sunet Drive",
"drive_email_template_url_left": "https:\/\/drive.test.sunet.se\/",
"filelocking.debug": true,
"forcessl": true,
"gs.enabled": "true",
"gs.federation": "global",
"gs.trustedHosts": [
"*.sunet.se"
],
"gss.discovery.manual.mapping.file": "\/var\/www\/html\/mappingfile.json",
"gss.discovery.manual.mapping.parameter": "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
"gss.discovery.manual.mapping.regex": true,
"gss.jwt.key": "addisVecCymhuexjekBudWevHakgikCiraykPish",
"gss.master.admin": [
"admin",
"_berra",
"_carina",
"_freitag",
"_kano",
"_kjellman",
"_mariah",
"_ocs_drive",
"_pahol",
"_selenium_drive",
"_selenium_drive_mfa"
],
"gss.master.url": "https:\/\/drive.test.sunet.se",
"gss.mode": "slave",
"gss.user.discovery.module": "\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping",
"gss.username_format": "sanitize",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"integrity.check.disabled": true,
"log_type": "file",
"loglevel": 0,
"lookup_server": "https:\/\/lookup.drive.test.sunet.se\/index.php",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_sendmailmode": "smtp",
"mail_smtpauth": 1,
"mail_smtpauthtype": "LOGIN",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "587",
"mail_smtpsecure": "tls",
"mail_template_class": "OCA\\DriveEmailTemplate\\EMailTemplate",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.locking": "\\OC\\Memcache\\Redis",
"mysql.utf8mb4": true,
"objectstore": {
"class": "\\OC\\Files\\ObjectStore\\S3",
"arguments": {
"bucket": "primary-sunet-drive-test.sunet.se",
"key": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"region": "us-east-1",
"hostname": "s3.sto4.safedc.net",
"port": "",
"objectPrefix": "urn:oid:",
"autocreate": false,
"use_ssl": true,
"use_path_style": true,
"legacy_auth": false
}
},
"overwrite.cli.url": "https:\/\/sunet.drive.test.sunet.se",
"overwritehost": "sunet.drive.test.sunet.se",
"overwriteprotocol": "https",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"redis.cluster": {
"failover_mode": 1,
"password": "***REMOVED SENSITIVE VALUE***",
"read_timeout": 0,
"seeds": "***REMOVED SENSITIVE VALUE***",
"timeout": 1.1
},
"secret": "***REMOVED SENSITIVE VALUE***",
"skeletondirectory": "",
"templatedirectory": "",
"trusted_domains": [
"localhost",
"node1.sunet.drive.test.sunet.se",
"node2.sunet.drive.test.sunet.se",
"node3.sunet.drive.test.sunet.se",
"sunet.drive.test.sunet.se",
"rds-sunet.drive.test.sunet.se",
"describo-sunet.drive.test.sunet.se"
],
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"twofactor_enforced": "true",
"twofactor_enforced_groups": [
"admin",
"forcemfa"
],
"twofactor_enforced_excluded_groups": [],
"updatechecker": false,
"version": "27.1.6.3",
"maintenance": false
}
}
List of activated Apps
Enabled:
- activity: 2.19.0
- admin_audit: 1.17.0
- checksum: 1.2.3
- circles: 27.0.1
- cloud_federation_api: 1.10.0
- comments: 1.17.0
- contacts: 5.5.1
- contactsinteraction: 1.8.0
- dashboard: 7.7.0
- dav: 1.27.0
- federatedfilesharing: 1.17.0
- federation: 1.17.0
- files: 1.22.0
- files_accesscontrol: 1.17.1
- files_automatedtagging: 1.17.0
- files_external: 1.19.0
- files_pdfviewer: 2.8.0
- files_reminders: 1.0.0
- files_rightclick: 1.6.0
- files_sharing: 1.19.0
- files_trashbin: 1.17.0
- files_versions: 1.20.0
- firstrunwizard: 2.16.0
- globalsiteselector: 2.4.5
- integration_jupyterhub: 0.1.0
- logreader: 2.12.0
- lookup_server_connector: 1.15.0
- mfazones: 0.0.4
- nextcloud_announcements: 1.16.0
- notifications: 2.15.0
- oauth2: 1.15.2
- password_policy: 1.17.0
- photos: 2.3.0
- privacy: 1.11.0
- provisioning_api: 1.17.0
- rds: 0.0.2
- recommendations: 1.6.0
- related_resources: 1.2.0
- richdocuments: 8.2.4
- serverinfo: 1.17.0
- settings: 1.9.0
- sharebymail: 1.17.0
- stepupauth: 0.2.0
- support: 1.10.0
- systemtags: 1.17.0
- tasks: 0.15.0
- text: 3.8.0
- theming: 2.2.0
- twofactor_backupcodes: 1.16.0
- twofactor_totp: 9.0.0
- twofactor_webauthn: 1.3.2
- updatenotification: 1.17.0
- user_status: 1.7.0
- viewer: 2.1.0
- weather_status: 1.7.0
- workflowengine: 2.9.0
Disabled:
- announcementcenter: 6.7.0 (installed 6.7.0)
- approval: 1.1.1
- assistant: 1.0.2 (installed 1.0.2)
- bruteforcesettings: 2.7.0
- calendar: 4.6.4 (installed 4.5.3)
- collectives: 2.9.2 (installed 2.9.1)
- drive_email_template: 0.1
- encryption: 2.15.0
- files_confidential: 2.0.1
- files_lock: 27.0.3 (installed 27.0.2)
- forms: 3.4.4 (installed 3.3.1)
- integration_excalidraw: 2.0.4 (installed 2.0.4)
- integration_openai: 1.1.5 (installed 1.1.4)
- login_notes: 1.3.1
- loginpagebutton: 1.0.0
- maps: 1.2.0 (installed 1.1.1)
- polls: 5.4.2 (installed 5.2.0)
- sciencemesh: 0.5.0 (installed 0.5.0)
- survey_client: 1.15.0 (installed 1.14.0)
- suspicious_login: 5.0.0
- theming_customcss: 1.15.0
- twofactor_admin: 4.4.0 (installed 4.3.0)
- user_ldap: 1.17.0
- user_saml: 5.2.6 (installed 5.2.4)
Nextcloud Signing status
No response
Nextcloud Logs
{
"reqId": "TxqGWEGsf5dJC3x0aCx5",
"level": 0,
"time": "2024-01-30T15:01:07+00:00",
"remoteAddr": "89.46.21.238",
"user": "[email protected]",
"app": "webdav",
"method": "PROPFIND",
"url": "/remote.php/dav/files/[email protected]/LocalFolder",
"message": "Exception thrown: Sabre\\DAV\\Exception\\Forbidden",
"userAgent": "Mozilla/5.0 (Linux) mirall/3.4.2-1ubuntu1 (nextcloudcmd, ubuntu-5.4.0-169-generic ClientArchitecture: x86_64 OsArchitecture: x86_64)",
"version": "27.1.6.3",
"exception": {
"Exception": "Sabre\\DAV\\Exception\\Forbidden",
"Message": "",
"Code": 0,
"Trace": [
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Tree.php",
"line": 78,
"function": "getChild",
"class": "OCA\\DAV\\Connector\\Sabre\\Directory",
"type": "->",
"args": [
"LocalFolder"
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 971,
"function": "getNodeForPath",
"class": "Sabre\\DAV\\Tree",
"type": "->",
"args": [
"files/[email protected]/LocalFolder"
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 1662,
"function": "getPropertiesIteratorForPath",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": [
"files/[email protected]/LocalFolder",
[
"{DAV:}resourcetype",
"{DAV:}getlastmodified",
"{DAV:}getcontentlength",
"{DAV:}getetag",
"{http://owncloud.org/ns}size",
"{http://owncloud.org/ns}id",
"{http://owncloud.org/ns}fileid",
"{http://owncloud.org/ns}downloadURL",
"{http://owncloud.org/ns}dDC",
"{http://owncloud.org/ns}permissions",
"{http://owncloud.org/ns}checksums"
],
1
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 1647,
"function": "writeMultiStatus",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": [
[
"Sabre\\Xml\\Writer",
[],
"/remote.php/dav/",
[
"d",
"s",
"oc",
"nc"
],
[]
],
[
"Generator"
],
false
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/CorePlugin.php",
"line": 346,
"function": "generateMultiStatus",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": [
[
"Generator"
],
false
]
},
{
"file": "/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php",
"line": 89,
"function": "httpPropFind",
"class": "Sabre\\DAV\\CorePlugin",
"type": "->",
"args": [
[
"Sabre\\HTTP\\Request"
],
[
"Sabre\\HTTP\\Response"
]
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 472,
"function": "emit",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": [
"method:PROPFIND",
[
[
"Sabre\\HTTP\\Request"
],
[
"Sabre\\HTTP\\Response"
]
]
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 253,
"function": "invokeMethod",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": [
[
"Sabre\\HTTP\\Request"
],
[
"Sabre\\HTTP\\Response"
]
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 321,
"function": "start",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": []
},
{
"file": "/var/www/html/apps/dav/lib/Server.php",
"line": 365,
"function": "exec",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": []
},
{
"file": "/var/www/html/apps/dav/appinfo/v2/remote.php",
"line": 35,
"function": "exec",
"class": "OCA\\DAV\\Server",
"type": "->",
"args": []
},
{
"file": "/var/www/html/remote.php",
"line": 172,
"args": [
"/var/www/html/apps/dav/appinfo/v2/remote.php"
],
"function": "require_once"
}
],
"File": "/var/www/html/apps/dav/lib/Connector/Sabre/Directory.php",
"Line": 222,
"message": "",
"exception": {},
"CustomMessage": "Exception thrown: Sabre\\DAV\\Exception\\Forbidden"
}
}
Additional info
No response
