"Access denied" after fresh install on ubuntu 18.04


#1

Steps to reproduce

  1. Install ubuntu 18.04 LTS server
  2. Install apache2, PHP 7.2 & MySQL-Server 5.7.24
  3. create a new db user and database
  4. create a vHost with https Support (let’s encrypt)
  5. Install Owncloud X (10.0.10) via apt-get
  6. fill in the initial setup information

Expected behaviour

a login should be possible

Actual behaviour

a website which shows the message “Access denied” is displayed. The Apache error log shows the message
AH01071: Got error 'Access to the script '/var/www/owncloud/login' has been denied (see security.limit_extensions)\n', referer: https://my.domain.com

Server configuration

Operating system:
ubuntu 18.04. LTS Server
Web server:
Apache 2.4.29

<VirtualHost *:80>
    ServerName my.domain.com
    Redirect / https://my.domain.com/
</VirtualHost>
<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName my.domain.com

        ServerAdmin msc@keineantwort.de
        DocumentRoot /var/www/owncloud
  
        SSLCertificateFile /etc/letsencrypt/live/my.domain.comfullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/my.domain.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        
        Alias /owncloud "/var/www/owncloud/"

        <Directory /var/www/owncloud/>
            Options +FollowSymlinks
            AllowOverride All

            <IfModule mod_dav.c>
                Dav off
            </IfModule>

            SetEnv HOME /var/www/owncloud
            SetEnv HTTP_HOME /var/www/owncloud

        </Directory>
    </VirtualHost>
</IfModule>

Database:
MySQL 5.7.24
PHP version:
7.2
ownCloud version: (see ownCloud admin page)
owncloud X 10.0.10
Updated from an older ownCloud or fresh install:
fresh install
Where did you install ownCloud from:
ubuntu Repository (apt-get install owncloud
Signing status (ownCloud 9.0 and above):
Access denied.

The content of config/config.php:

{
    "system": {
        "updatechecker": false,
        "instanceid": "oc1rwddci890",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "owncloud.august.de"
        ],
        "datadirectory": "\/media\/rsc8tb2\/owncloud_data",
        "overwrite.cli.url": "https:\/\/owncloud.august.de",
        "dbtype": "mysql",
        "version": "10.0.10.4",
        "dbname": "owncloud",
        "dbhost": "localhost:3306",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "UTC",
        "installed": true
    }
}

List of activated apps:

Enabled:
  - comments: 0.3.0
  - configreport: 0.1.1
  - dav: 0.4.0
  - federatedfilesharing: 0.3.1
  - federation: 0.1.0
  - files: 1.5.1
  - files_external: 0.7.1
  - files_sharing: 0.11.0
  - files_trashbin: 0.9.1
  - files_versions: 1.3.0
  - files_videoplayer: 0.9.8
  - firstrunwizard: 1.1
  - market: 0.2.5
  - notifications: 0.3.5
  - provisioning_api: 0.5.0
  - systemtags: 0.3.0
  - updatenotification: 0.2.1
Disabled:
  - encryption
  - external
  - user_external

Are you using external storage, if yes which one: local/smb/sftp/…
no

Are you using encryption: yes/no
did not configure it -> default

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…
no

Client configuration

Browser:
Chome 71

Operating system:
MacOS 10.13.2

Logs

Web server error log

[Fri Dec 28 10:52:44.446749 2018] [proxy_fcgi:error] [pid 4580:tid 140122544654080] [client 192.168.1.1:56119] AH01071: Got error 'Access to the script '/var/www/owncloud/login' has been denied (see security.limit_extensions)\n', referer: https://my.domain.com
[Fri Dec 28 11:23:21.894332 2018] [proxy_fcgi:error] [pid 4580:tid 140122678871808] [client 192.168.1.1:58461] AH01071: Got error 'Access to the script '/var/www/owncloud/core/js/oc.js' has been denied (see security.limit_extensions)\n'
[Fri Dec 28 11:23:37.727492 2018] [proxy_fcgi:error] [pid 4580:tid 140122687264512] [client 192.168.1.1:58486] AH01071: Got error 'Access to the script '/var/www/owncloud/settings/integrity/failed' has been denied (see security.limit_extensions)\n'

ownCloud log (data/owncloud.log)

empty

#2

Hey,

it looks to me that your web server is giving you some hints where to look for in its configuration:


#3

Already checked that and chowned everything to the www-data User:

drwxr-xr-x 22 www-data www-data  4096 Dez 25 21:47 apps/
drwxr-xr-x  2 www-data www-data  4096 Sep 18 11:35 assets/
-rw-r--r--  1 www-data www-data  8859 Sep 17 13:05 AUTHORS
-rw-r--r--  1 www-data www-data 83056 Sep 17 13:05 CHANGELOG.md
drwxrwxr-x  2 www-data www-data  4096 Dez 28 11:48 config/
-rw-r--r--  1 www-data www-data  4371 Sep 17 13:05 console.php
-rw-r--r--  1 www-data www-data 34520 Sep 17 13:05 COPYING
drwxr-xr-x 17 www-data www-data  4096 Dez 25 21:47 core/
-rw-r--r--  1 www-data www-data  5033 Sep 17 13:05 cron.php
drwxr-xr-x  2 www-data www-data  4096 Dez 26 16:51 data/
-rw-r--r--  1 www-data www-data 30898 Sep 17 13:05 db_structure.xml
drwxr-xr-x  2 www-data www-data  4096 Sep 18 11:35 etc/
-rw-rw-r--  1 www-data www-data  3014 Dez 26 20:16 .htaccess
-rw-r--r--  1 www-data www-data   179 Sep 17 13:05 index.html
-rw-r--r--  1 www-data www-data  3678 Sep 17 13:05 index.php
drwxr-xr-x  3 www-data www-data  4096 Dez 25 21:47 l10n/
drwxr-xr-x  6 www-data www-data  4096 Dez 25 21:47 lib/
-rwxr-xr-x  1 www-data www-data   283 Sep 17 13:05 occ*
drwxr-xr-x  2 www-data www-data  4096 Dez 25 21:47 ocs/
drwxr-xr-x  2 www-data www-data  4096 Dez 25 21:47 ocs-provider/
-rw-r--r--  1 www-data www-data  3201 Sep 17 13:05 public.php
-rw-r--r--  1 www-data www-data  5488 Sep 17 13:05 remote.php
drwxr-xr-x  4 www-data www-data  4096 Dez 25 21:47 resources/
-rw-r--r--  1 www-data www-data    26 Sep 17 13:05 robots.txt
drwxr-xr-x 12 www-data www-data  4096 Dez 25 21:47 settings/
-rw-r--r--  1 www-data www-data  1968 Sep 17 13:05 status.php
drwxr-xr-x  6 www-data www-data  4096 Dez 25 21:47 updater/
-rw-rw-r--  1 www-data www-data   163 Sep 18 11:35 .user.ini
-rw-r--r--  1 www-data www-data   273 Sep 17 13:07 version.php

What I don’t understand, why is the webserver looking for /var/www/owncloud/login, when the Request goes to my.domain.com/index.php/login. Of course /var/www/owncloud/login is not accessible, because the directory does not exist. There should be some .htaccess magic for finding the needed resources…


#4

Hey,

maybe you can review your web server environment and configuration against the resources below to find out why your environment is showing this issue:

https://doc.owncloud.org/server/administration_manual/installation/manual_installation.html#configure-apache-web-server

https://doc.owncloud.org/server/administration_manual/installation/system_requirements.html#server

From what i know those are some kind of “pretty” URLs:

https://doc.owncloud.org/server/administration_manual/configuration/server/index_php_less_urls.html

It seems to me that your web server is blocking / can’t handle the URLs which ownCloud tries to use.


#5

Hm… That worked. I reran sudo apt-get install -y libapache2-mod-php7.2 openssl php-imagick php7.2-common php7.2-curl php7.2-gd php7.2-imap php7.2-intl php7.2-json php7.2-ldap php7.2-mbstring php7.2-mysql php7.2-pgsql php-smbclient php-ssh2 php7.2-sqlite3 php7.2-xml php7.2-zip.
Some packages were installed. I have no idea, why. :roll_eyes:
Never mind. It’s working now.