-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setting up S3 External Storage with open_basedir restriction throws InvalidArgumentException #23555
Comments
Same problem, from api got answer |
Ever since the system automatically updated to 21.0.1 SNAP version of nextcloud, this error seem to be back. Prior to the update the mount was working just fine. |
Is this Issue still valid in NC21.0.3? If not, please close this issue. Thanks! :) |
I'm also having this issue: I'm on a hosted nextcloud solution and therefore don't have access to the underlying file system or log files. |
This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions. |
Getting this error as well. The unusual thing is that the Android app accepts the bucket. |
Hi, please update to 24.0.9 or better 25.0.3 and report back if it fixes the issue. Thank you! My goal is to add a label like e.g. 25-feedback to this ticket of an up-to-date major Nextcloud version where the bug could be reproduced. However this is not going to work without your help. So thanks for all your effort! If you don't manage to reproduce the issue in time and the issue gets closed but you can reproduce the issue afterwards, feel free to create a new bug report with up-to-date information by following this link: https://github.com/nextcloud/server/issues/new?assignees=&labels=bug%2C0.+Needs+triage&template=BUG_REPORT.yml&title=%5BBug%5D%3A+ |
While trying to setup external storage using AWS S3 this error appears:
The nextcloud.log entry generated shows that something tries to read the default AWS config/credentials file which is outside of my php's restricted open_basedir setting - as far as I'm concerned only the webroot, temp folder, and data folders should be allowed access.
PS: It seems like the AWS credentials are not marked as sensitive in the nextcloud.log - I filtered these manually in the log below.
How to use GitHub
Steps to reproduce
/tmp:/www/yourvhostroot:/www/yourdataroot
and do not add/home/yourwebuser
Expected behaviour
The bucket should be setup correctly without InvalidArgumentExceptions.
Note that the open_basedir restriction works fine for the rest of nextcloud.
Actual behaviour
The admin interface throws an InvalidArgumentException.
Server configuration
Operating system: Slackware Linux 14.2
Web server: Apache HTTPD 2.4.46
Database: MariaDB 10.4
PHP version: 7.3.23 (fpm)
Nextcloud version: 19.0.4
Updated from an older Nextcloud/ownCloud or fresh install: Updated from 18
Where did you install Nextcloud from:
Signing status:
Signing status
List of activated apps:
App list
Nextcloud configuration:
Config report
Are you using external storage, if yes which one: local, trying to get S3 working
Are you using encryption: no
Are you using an external user-backend, if yes which one: no
Client configuration
Browser: Tried both Google Chrome 86.0, incognito tab and without, and Firefox 81.0.2
Operating system: Arch Linux
Logs
Web server error log
Web server error log
NothingNextcloud log (data/nextcloud.log)
Nextcloud log
``` {"reqId":"X41NTxtND-Fybi99iV8-6gAAVwM","level":3,"time":"2020-10-19T08:24:47+00:00","remoteAddr":"80.123.167.248","user":"myuser","app":"PHP","method":"PUT","url":"/apps/files_external/globalstorages/2","message":{"Exception":"Error","Message":"is_readable(): open_basedir restriction in effect. File(/home/www/.aws/config) is not within the allowed path(s): (/tmp:/www/vhosts/owl-ict.nl/cloud:/dev/urandom:/www/vhosts/owl-ict.nl/cloud-data) at /www/vhosts/owl-ict.nl/cloud/3rdparty/aws/aws-sdk-php/src/S3/UseArnRegion/ConfigurationProvider.php#131","Code":0,"Trace":[{"function":"onError","class":"OC\\Log\\ErrorHandler","type":"::","args":["*** sensitive parameter replaced ***","is_readable(): open_basedir restriction in effect. File(/home/www/.aws/config) is not within the allowed path(s): (/tmp:/www/vhosts/owl-ict.nl/cloud:/dev/urandom:/www/vhosts/owl-ict.nl/cloud-data)","/www/vhosts/owl-ict.nl/cloud/3rdparty/aws/aws-sdk-php/src/S3/UseArnRegion/ConfigurationProvider.php",131,{"profile":"default","filename":"/home/www/.aws/config"}]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/aws/aws-sdk-php/src/S3/UseArnRegion/ConfigurationProvider.php","line":131,"function":"is_readable","args":["/home/www/.aws/config"]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/guzzlehttp/promises/src/RejectedPromise.php","line":40,"function":"Aws\\S3\\UseArnRegion\\{closure}","class":"Aws\\S3\\UseArnRegion\\ConfigurationProvider","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/guzzlehttp/promises/src/TaskQueue.php","line":47,"function":"GuzzleHttp\\Promise\\{closure}","class":"GuzzleHttp\\Promise\\RejectedPromise","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":246,"function":"run","class":"GuzzleHttp\\Promise\\TaskQueue","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":223,"function":"invokeWaitFn","class":"GuzzleHttp\\Promise\\Promise","type":"->","args":[]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":267,"function":"waitIfPending","class":"GuzzleHttp\\Promise\\Promise","type":"->","args":[]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":225,"function":"invokeWaitList","class":"GuzzleHttp\\Promise\\Promise","type":"->","args":[]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":62,"function":"waitIfPending","class":"GuzzleHttp\\Promise\\Promise","type":"->","args":[]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/aws/aws-sdk-php/src/S3/S3Client.php","line":406,"function":"wait","class":"GuzzleHttp\\Promise\\Promise","type":"->","args":[]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/aws/aws-sdk-php/src/ClientResolver.php","line":314,"function":"_apply_use_arn_region","class":"Aws\\S3\\S3Client","type":"::","args":[{"__class__":"GuzzleHttp\\Promise\\Promise"},{"version":"latest","credentials":{"__class__":"Closure"},"endpoint":"https://s3.eu-central-1.amazonaws.com:443/","region":"eu-central-1","use_path_style_endpoint":"*** sensitive parameter replaced ***","signature_provider":{"__class__":"Closure"},"csm":{"__class__":"Aws\\ClientSideMonitoring\\Configuration"},"s3_us_east_1_regional_endpoint":{"__class__":"Closure"},"service":"s3","exception_class":"Aws\\S3\\Exception\\S3Exception","config":{"signature_version":"s3v4","signing_name":"s3","signing_region":"eu-central-1"},"scheme":"https","disable_host_prefix_injection":"*** sensitive parameter replaced ***","api_provider":{"__class__":"Aws\\Api\\ApiProvider"},"api":{"__class__":"Aws\\Api\\Service"},"parser":{"__class__":"Aws\\S3\\GetBucketLocationParser"},"error_parser":{"__class__":"Aws\\Api\\ErrorParser\\XmlErrorParser"},"endpoint_provider":{"__class__":"Aws\\Endpoint\\Partition"},"serializer":{"__class__":"Aws\\Api\\Serializer\\RestXmlSerializer"},"__partition_result":"*** sensitive parameter replaced ***","signature_version":"s3v4","signing_name":"s3","signing_region":"eu-central-1","endpoint_discovery":{"__class__":"Closure"},"stats":{"http":"*** sensitive parameter replaced ***","retries":"*** sensitive parameter replaced ***","timer":"*** sensitive parameter replaced ***"},"retries":3,"validate":"*** sensitive parameter replaced ***","http":"*** sensitive parameter replaced ***","handler":{"__class__":"Aws\\WrappedHttpHandler"},"ua_append":["aws-sdk-php/3.133.27"],"idempotency_auto_fill":"*** sensitive parameter replaced ***","use_arn_region":{"__class__":"Closure"}},{"__class__":"Aws\\HandlerList"}]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/aws/aws-sdk-php/src/AwsClient.php","line":187,"function":"resolve","class":"Aws\\ClientResolver","type":"->","args":[{"version":"latest","credentials":{"__class__":"Closure"},"endpoint":"https://s3.eu-central-1.amazonaws.com:443/","region":"eu-central-1","use_path_style_endpoint":"*** sensitive parameter replaced ***","signature_provider":{"__class__":"Closure"},"csm":{"__class__":"Aws\\ClientSideMonitoring\\Configuration"},"s3_us_east_1_regional_endpoint":{"__class__":"Closure"},"service":"s3","exception_class":"Aws\\S3\\Exception\\S3Exception","config":{"signature_version":"s3v4","signing_name":"s3","signing_region":"eu-central-1"},"scheme":"https","disable_host_prefix_injection":"*** sensitive parameter replaced ***","api_provider":{"__class__":"Aws\\Api\\ApiProvider"},"api":{"__class__":"Aws\\Api\\Service"},"parser":{"__class__":"Aws\\S3\\GetBucketLocationParser"},"error_parser":{"__class__":"Aws\\Api\\ErrorParser\\XmlErrorParser"},"endpoint_provider":{"__class__":"Aws\\Endpoint\\Partition"},"serializer":{"__class__":"Aws\\Api\\Serializer\\RestXmlSerializer"},"__partition_result":"*** sensitive parameter replaced ***","signature_version":"s3v4","signing_name":"s3","signing_region":"eu-central-1","endpoint_discovery":{"__class__":"Closure"},"stats":{"http":"*** sensitive parameter replaced ***","retries":"*** sensitive parameter replaced ***","timer":"*** sensitive parameter replaced ***"},"retries":3,"validate":"*** sensitive parameter replaced ***","http":"*** sensitive parameter replaced ***","handler":{"__class__":"Aws\\WrappedHttpHandler"},"ua_append":["aws-sdk-php/3.133.27"],"idempotency_auto_fill":"*** sensitive parameter replaced ***","use_arn_region":{"__class__":"Closure"}},{"__class__":"Aws\\HandlerList"}]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/aws/aws-sdk-php/src/S3/S3Client.php","line":325,"function":"__construct","class":"Aws\\AwsClient","type":"->","args":[{"version":"latest","credentials":{"key":"**SENSITIVE VALUE!!!**","secret":"**SENSITIVE VALUE!!!**"},"endpoint":"https://s3.eu-central-1.amazonaws.com:443/","region":"eu-central-1","use_path_style_endpoint":"*** sensitive parameter replaced ***","signature_provider":{"__class__":"Closure"},"csm":"*** sensitive parameter replaced ***","s3_us_east_1_regional_endpoint":{"__class__":"Closure"},"service":"s3","exception_class":"Aws\\S3\\Exception\\S3Exception"}]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/private/Files/ObjectStore/S3ConnectionTrait.php","line":111,"function":"__construct","class":"Aws\\S3\\S3Client","type":"->","args":[{"version":"latest","credentials":{"key":"** SENSITIVE VALUE **","secret":"** SENSITIVE VALUE **"},"endpoint":"https://s3.eu-central-1.amazonaws.com:443/","region":"eu-central-1","use_path_style_endpoint":"*** sensitive parameter replaced ***","signature_provider":{"__class__":"Closure"},"csm":"*** sensitive parameter replaced ***","s3_us_east_1_regional_endpoint":{"__class__":"Closure"}}]},{"file":"/www/vhosts/owl-ict.nl/cloud/apps/files_external/lib/Lib/Storage/AmazonS3.php","line":683,"function":"getConnection","class":"OCA\\Files_External\\Lib\\Storage\\AmazonS3","type":"->","args":[]},{"file":"/www/vhosts/owl-ict.nl/cloud/apps/files_external/lib/config.php","line":262,"function":"test","class":"OCA\\Files_External\\Lib\\Storage\\AmazonS3","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"/www/vhosts/owl-ict.nl/cloud/apps/files_external/lib/Controller/StoragesController.php","line":257,"function":"getBackendStatus","class":"OC_Mount_Config","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/www/vhosts/owl-ict.nl/cloud/apps/files_external/lib/Controller/GlobalStoragesController.php","line":180,"function":"updateStorageStatus","class":"OCA\\Files_External\\Controller\\StoragesController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/private/AppFramework/Http/Dispatcher.php","line":170,"function":"update","class":"OCA\\Files_External\\Controller\\GlobalStoragesController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/private/AppFramework/Http/Dispatcher.php","line":100,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\Files_External\\Controller\\GlobalStoragesController"},"update"]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/private/AppFramework/App.php","line":137,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\Files_External\\Controller\\GlobalStoragesController"},"update"]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/private/AppFramework/Routing/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\Files_External\\Controller\\GlobalStoragesController","update",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"id":"2","_route":"files_external.global_storages.update"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"id":"2","_route":"files_external.global_storages.update"}]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/private/Route/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"id":"2","_route":"files_external.global_storages.update"}]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/base.php","line":1011,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/apps/files_external/globalstorages/2"]},{"file":"/www/vhosts/owl-ict.nl/cloud/index.php","line":37,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/www/vhosts/owl-ict.nl/cloud/lib/private/Log/ErrorHandler.php","Line":91,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36","version":"19.0.4.2"} {"reqId":"X41NTxtND-Fybi99iV8-6gAAVwM","level":3,"time":"2020-10-19T08:24:47+00:00","remoteAddr":"84.107.167.248","user":"myuser","app":"files_external","method":"PUT","url":"/apps/files_external/globalstorages/2","message":{"Exception":"InvalidArgumentException","Message":"Invalid configuration value provided for \"use_path_style_endpoint\". Expected bool, but got string(36) \"*** sensitive parameter replaced ***\"\n\nuse_path_style_endpoint: (bool)\n\n Set to true to send requests to an S3 path style endpoint by default. Can\n be enabled or disabled on individual operations by setting\n '@use_path_style_endpoint' to true or false.","Code":0,"Trace":[{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/aws/aws-sdk-php/src/ClientResolver.php","line":309,"function":"invalidType","class":"Aws\\ClientResolver","type":"->","args":["use_path_style_endpoint","*** sensitive parameter replaced ***"]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/aws/aws-sdk-php/src/AwsClient.php","line":187,"function":"resolve","class":"Aws\\ClientResolver","type":"->","args":[{"version":"latest","credentials":{"__class__":"Closure"},"endpoint":"https://s3.eu-central-1.amazonaws.com:443/","region":"eu-central-1","use_path_style_endpoint":"*** sensitive parameter replaced ***","signature_provider":{"__class__":"Closure"},"csm":{"__class__":"Aws\\ClientSideMonitoring\\Configuration"},"s3_us_east_1_regional_endpoint":{"__class__":"Closure"},"service":"s3","exception_class":"Aws\\S3\\Exception\\S3Exception","config":{"signature_version":"s3v4","signing_name":"s3","signing_region":"eu-central-1","use_arn_region":{"__class__":"Aws\\S3\\UseArnRegion\\Configuration"},"use_accelerate_endpoint":"*** sensitive parameter replaced ***","use_dual_stack_endpoint":"*** sensitive parameter replaced ***"},"scheme":"https","disable_host_prefix_injection":"*** sensitive parameter replaced ***","api_provider":{"__class__":"Aws\\Api\\ApiProvider"},"api":{"__class__":"Aws\\Api\\Service"},"parser":{"__class__":"Aws\\S3\\GetBucketLocationParser"},"error_parser":{"__class__":"Aws\\Api\\ErrorParser\\XmlErrorParser"},"endpoint_provider":{"__class__":"Aws\\Endpoint\\Partition"},"serializer":{"__class__":"Aws\\Api\\Serializer\\RestXmlSerializer"},"__partition_result":"*** sensitive parameter replaced ***","signature_version":"s3v4","signing_name":"s3","signing_region":"eu-central-1","endpoint_discovery":{"__class__":"Closure"},"stats":{"http":"*** sensitive parameter replaced ***","retries":"*** sensitive parameter replaced ***","timer":"*** sensitive parameter replaced ***"},"retries":3,"validate":"*** sensitive parameter replaced ***","http":"*** sensitive parameter replaced ***","handler":{"__class__":"Aws\\WrappedHttpHandler"},"ua_append":["aws-sdk-php/3.133.27"],"idempotency_auto_fill":"*** sensitive parameter replaced ***","use_arn_region":{"__class__":"Aws\\S3\\UseArnRegion\\Configuration"},"use_accelerate_endpoint":"*** sensitive parameter replaced ***","use_dual_stack_endpoint":"*** sensitive parameter replaced ***"},{"__class__":"Aws\\HandlerList"}]},{"file":"/www/vhosts/owl-ict.nl/cloud/3rdparty/aws/aws-sdk-php/src/S3/S3Client.php","line":325,"function":"__construct","class":"Aws\\AwsClient","type":"->","args":[{"version":"latest","credentials":{"key":"** SENSITIVE VALUE **","secret":"** SENSITIVE VALUE **"},"endpoint":"https://s3.eu-central-1.amazonaws.com:443/","region":"eu-central-1","use_path_style_endpoint":"*** sensitive parameter replaced ***","signature_provider":{"__class__":"Closure"},"csm":"*** sensitive parameter replaced ***","s3_us_east_1_regional_endpoint":{"__class__":"Closure"},"service":"s3","exception_class":"Aws\\S3\\Exception\\S3Exception"}]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/private/Files/ObjectStore/S3ConnectionTrait.php","line":111,"function":"__construct","class":"Aws\\S3\\S3Client","type":"->","args":[{"version":"latest","credentials":{"key":"** SENSITIVE VALUE **","secret":"** SENSITIVE VALUE **"},"endpoint":"https://s3.eu-central-1.amazonaws.com:443/","region":"eu-central-1","use_path_style_endpoint":"*** sensitive parameter replaced ***","signature_provider":{"__class__":"Closure"},"csm":"*** sensitive parameter replaced ***","s3_us_east_1_regional_endpoint":{"__class__":"Closure"}}]},{"file":"/www/vhosts/owl-ict.nl/cloud/apps/files_external/lib/Lib/Storage/AmazonS3.php","line":683,"function":"getConnection","class":"OCA\\Files_External\\Lib\\Storage\\AmazonS3","type":"->","args":[]},{"file":"/www/vhosts/owl-ict.nl/cloud/apps/files_external/lib/config.php","line":262,"function":"test","class":"OCA\\Files_External\\Lib\\Storage\\AmazonS3","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"/www/vhosts/owl-ict.nl/cloud/apps/files_external/lib/Controller/StoragesController.php","line":257,"function":"getBackendStatus","class":"OC_Mount_Config","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/www/vhosts/owl-ict.nl/cloud/apps/files_external/lib/Controller/GlobalStoragesController.php","line":180,"function":"updateStorageStatus","class":"OCA\\Files_External\\Controller\\StoragesController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/private/AppFramework/Http/Dispatcher.php","line":170,"function":"update","class":"OCA\\Files_External\\Controller\\GlobalStoragesController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/private/AppFramework/Http/Dispatcher.php","line":100,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\Files_External\\Controller\\GlobalStoragesController"},"update"]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/private/AppFramework/App.php","line":137,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\Files_External\\Controller\\GlobalStoragesController"},"update"]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/private/AppFramework/Routing/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\Files_External\\Controller\\GlobalStoragesController","update",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"id":"2","_route":"files_external.global_storages.update"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"id":"2","_route":"files_external.global_storages.update"}]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/private/Route/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"id":"2","_route":"files_external.global_storages.update"}]},{"file":"/www/vhosts/owl-ict.nl/cloud/lib/base.php","line":1011,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/apps/files_external/globalstorages/2"]},{"file":"/www/vhosts/owl-ict.nl/cloud/index.php","line":37,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/www/vhosts/owl-ict.nl/cloud/3rdparty/aws/aws-sdk-php/src/ClientResolver.php","Line":374,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36","version":"19.0.4.2"} ```Browser log
Browser log
The text was updated successfully, but these errors were encountered: