Cannot change upload_max_filesize on a owncloud docker container v10.15.0

juanma81 · September 4, 2024, 1:09pm

Steps to reproduce

Install an owncloud container v10.15.0 with docker.
Trying to modify upload_max_filesize value to 1GB.
2.1 Via global environment OWNCLOUD_MAX_UPLOAD=1G in docker-compose.yaml file.
2.2 Modifyng the value in owncloud root folder .htaccess and .users.ini
2.3 Modifying the value in the file /etc/php/7.4/cli/php.ini and /etc/php/7,4/apache2/php.ini

Expected behaviour

Uploads must be limited to 1GB.

Actual behaviour

I can upload files without limits.

Server configuration

Ubuntu 20.04

Web server:
172.18.0.4:8080 Not securized yet.

Database:
Create with docker-compose in another container

PHP version:
7.4

ownCloud version: (see ownCloud admin page)
10.15.0

Updated from an older ownCloud or fresh install:
Fresh install.

Where did you install ownCloud from:
On my local machine.

Signing status (ownCloud 9.0 and above):
OK

Login as admin user into your ownCloud and access 
paste the results into https://gist.github.com/ and puth the link here.
  Integrity checker has been disabled. Integrity cannot be verified.


**The content of config/config.php:**

Log in to the web-UI with an administrator account and click on
‘admin’ → ‘Generate Config Report’ → ‘Download ownCloud config report’
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

{
“system”: {
“apps_paths”: [
{
“path”: “/var/www/owncloud/apps”,
“url”: “/apps”,
“writable”: false
},
{
“path”: “/var/www/owncloud/custom”,
“url”: “/custom”,
“writable”: true
}
],
“trusted_domains”: [
“localhost:8087”,
“172.18.0.100:8080”,
“192.168.18.251:8087”
],
“datadirectory”: “/mnt/data/files”,
“dbtype”: “mysql”,
“dbhost”: “mariadb”,
“dbname”: “owncloud”,
“dbuser”: “REMOVED SENSITIVE VALUE”,
“dbpassword”: “REMOVED SENSITIVE VALUE”,
“dbtableprefix”: “oc_”,
“log_type”: “owncloud”,
“supportedDatabases”: [
“sqlite”,
“mysql”,
“pgsql”
],
“upgrade.disable-web”: true,
“default_language”: “es”,
“overwrite.cli.url”: “http://172.18.0.100:8080/”,
“htaccess.RewriteBase”: “/”,
“logfile”: “/mnt/data/files/owncloud.log”,
“memcache.local”: “\OC\Memcache\APCu”,
“mysql.utf8mb4”: true,
“filelocking.enabled”: true,
“memcache.distributed”: “\OC\Memcache\Redis”,
“memcache.locking”: “\OC\Memcache\Redis”,
“redis”: {
“host”: “redis”,
“port”: “6379”
},
“passwordsalt”: “REMOVED SENSITIVE VALUE”,
“secret”: “REMOVED SENSITIVE VALUE”,
“version”: “10.15.0.2”,
“dbconnectionstring”: “”,
“allow_user_to_change_mail_address”: “”,
“logtimezone”: “UTC”,
“installed”: true,
“instanceid”: “ociwg729mtt8”
}
}
root@9e69025c5e8a:/var/www/owncloud# cat /etc/os-release
NAME=“Ubuntu”
VERSION=“20.04.6 LTS (Focal Fossa)”
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME=“Ubuntu 20.04.6 LTS”
VERSION_ID=“20.04”
HOME_URL=“”
SUPPORT_URL=“”
BUG_REPORT_URL=“”
PRIVACY_POLICY_URL=“”
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
root@9e69025c5e8a:/var/www/owncloud# cd config
root@9e69025c5e8a:/var/www/owncloud/config# nano config.php
root@9e69025c5e8a:/var/www/owncloud/config# cd …
root@9e69025c5e8a:/var/www/owncloud# sudo -u www-data php occ config:list system
{
“system”: {
“apps_paths”: [
{
“path”: “/var/www/owncloud/apps”,
“url”: “/apps”,
“writable”: false
},
{
“path”: “/var/www/owncloud/custom”,
“url”: “/custom”,
“writable”: true
}
],
“trusted_domains”: [
“localhost:8087”,
“172.18.0.100:8080”,
“192.168.18.251:8087”
],
“datadirectory”: “/mnt/data/files”,
“dbtype”: “mysql”,
“dbhost”: “mariadb”,
“dbname”: “owncloud”,
“dbuser”: “REMOVED SENSITIVE VALUE”,
“dbpassword”: “REMOVED SENSITIVE VALUE”,
“dbtableprefix”: “oc_”,
“log_type”: “owncloud”,
“supportedDatabases”: [
“sqlite”,
“mysql”,
“pgsql”
],
“upgrade.disable-web”: true,
“default_language”: “es”,
“overwrite.cli.url”: “http://172.18.0.100:8080/”,
“htaccess.RewriteBase”: “/”,
“logfile”: “/mnt/data/files/owncloud.log”,
“memcache.local”: “\OC\Memcache\APCu”,
“mysql.utf8mb4”: true,
“filelocking.enabled”: true,
“memcache.distributed”: “\OC\Memcache\Redis”,
“memcache.locking”: “\OC\Memcache\Redis”,
“redis”: {
“host”: “redis”,
“port”: “6379”
},
“passwordsalt”: “REMOVED SENSITIVE VALUE”,
“secret”: “REMOVED SENSITIVE VALUE”,
“version”: “10.15.0.2”,
“dbconnectionstring”: “”,
“allow_user_to_change_mail_address”: “”,
“logtimezone”: “UTC”,
“installed”: true,
“instanceid”: “ociwg729mtt8”,
“integrity.check.disabled”: true
}
}

ATTENTION: Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove all host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.


**List of activated apps:**

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

  - activity:
    - Version: 2.7.2
    - Path: /var/www/owncloud/apps/activity
  - comments:
    - Version: 0.3.0
    - Path: /var/www/owncloud/apps/comments
  - configreport:
    - Version: 0.3.0
    - Path: /var/www/owncloud/apps/configreport
  - dav:
    - Version: 0.7.0
    - Path: /var/www/owncloud/apps/dav
  - diagnostics:
    - Version: 0.2.1
    - Path: /var/www/owncloud/apps/diagnostics
  - federatedfilesharing:
    - Version: 0.5.0
    - Path: /var/www/owncloud/apps/federatedfilesharing
  - federation:
    - Version: 0.1.0
    - Path: /var/www/owncloud/apps/federation
  - files:
    - Version: 1.6.0
    - Path: /var/www/owncloud/apps/files
  - files_external:
    - Version: 0.9.0
    - Path: /var/www/owncloud/apps/files_external
  - files_mediaviewer:
    - Version: 1.0.5
    - Path: /var/www/owncloud/apps/files_mediaviewer
  - files_pdfviewer:
    - Version: 1.0.2
    - Path: /var/www/owncloud/apps/files_pdfviewer
  - files_sharing:
    - Version: 0.14.0
    - Path: /var/www/owncloud/apps/files_sharing
  - files_texteditor:
    - Version: 2.6.1
    - Path: /var/www/owncloud/apps/files_texteditor
  - files_trashbin:
    - Version: 0.9.1
    - Path: /var/www/owncloud/apps/files_trashbin
  - files_versions:
    - Version: 1.3.0
    - Path: /var/www/owncloud/apps/files_versions
  - firstrunwizard:
    - Version: 1.3.0
    - Path: /var/www/owncloud/apps/firstrunwizard
  - market:
    - Version: 0.9.0
    - Path: /var/www/owncloud/apps/market
  - notifications:
    - Version: 0.6.0
    - Path: /var/www/owncloud/apps/notifications
  - provisioning_api:
    - Version: 0.5.0
    - Path: /var/www/owncloud/apps/provisioning_api
  - systemtags:
    - Version: 0.3.0
    - Path: /var/www/owncloud/apps/systemtags
  - updatenotification:
    - Version: 0.2.1
    - Path: /var/www/owncloud/apps/updatenotification
Disabled:
  - admin_audit:
    - Path: /var/www/owncloud/apps/admin_audit
  - announcementcenter:
    - Path: /var/www/owncloud/apps/announcementcenter
  - customgroups:
    - Path: /var/www/owncloud/apps/customgroups
  - drawio:
    - Path: /var/www/owncloud/apps/drawio
  - encryption:
    - Path: /var/www/owncloud/apps/encryption
  - enterprise_key:
    - Path: /var/www/owncloud/apps/enterprise_key
  - external:
    - Path: /var/www/owncloud/apps/external
  - files_antivirus:
    - Path: /var/www/owncloud/apps/files_antivirus
  - files_classifier:
    - Path: /var/www/owncloud/apps/files_classifier
  - files_external_dropbox:
    - Path: /var/www/owncloud/apps/files_external_dropbox
  - files_external_ftp:
    - Path: /var/www/owncloud/apps/files_external_ftp
  - files_ldap_home:
    - Path: /var/www/owncloud/apps/files_ldap_home
  - files_lifecycle:
    - Path: /var/www/owncloud/apps/files_lifecycle
  - files_primary_s3:
    - Path: /var/www/owncloud/apps/files_primary_s3
  - firewall:
    - Path: /var/www/owncloud/apps/firewall
  - graphapi:
    - Path: /var/www/owncloud/apps/graphapi
  - guests:
    - Path: /var/www/owncloud/apps/guests
  - impersonate:
    - Path: /var/www/owncloud/apps/impersonate
  - kerberos:
    - Path: /var/www/owncloud/apps/kerberos
  - metrics:
    - Path: /var/www/owncloud/apps/metrics
  - oauth2:
    - Path: /var/www/owncloud/apps/oauth2
  - onlyoffice:
    - Path: /var/www/owncloud/apps/onlyoffice
  - openidconnect:
    - Path: /var/www/owncloud/apps/openidconnect
  - password_policy:
    - Path: /var/www/owncloud/apps/password_policy
  - ransomware_protection:
    - Path: /var/www/owncloud/apps/ransomware_protection
  - sharepoint:
    - Path: /var/www/owncloud/apps/sharepoint
  - systemtags_management:
    - Path: /var/www/owncloud/apps/systemtags_management
  - templateeditor:
    - Path: /var/www/owncloud/apps/templateeditor
  - theme-enterprise:
    - Path: /var/www/owncloud/apps/theme-enterprise
  - user_external:
    - Path: /var/www/owncloud/apps/user_external
  - user_ldap:
    - Path: /var/www/owncloud/apps/user_ldap
  - user_shibboleth:
    - Path: /var/www/owncloud/apps/user_shibboleth
  - web:
    - Path: /var/www/owncloud/apps/web
  - windows_network_drive:
    - Path: /var/www/owncloud/apps/windows_network_drive
  - wopi:
    - Path: /var/www/owncloud/apps/wopi
  - workflow:
    - Path: /var/www/owncloud/apps/workflow


**Are you using external storage, if yes which one:** local/smb/sftp/...
No

**Are you using encryption:** yes/no
No

**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...
No

### Client configuration
**Browser:**
Google Chrome.

**Operating system:**
Ubuntu 20.04

### Logs
#### Web server error log

Insert your webserver log here


#### ownCloud log (data/owncloud.log)
is empty
Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

tom42 · September 5, 2024, 9:10am

Hey,

from what i know / have read in the past ownCloud is uploading files in smaller “chunks” of around 15 MB so i don’t think that this setting can be used to limit the maximal allowed file size because i think a 1 GB large file will be still uploaded in such smaller chunks.

juanma81 · September 5, 2024, 11:17am

Thank you very much for your response, this would explain a lot of things.

juanma81 · September 5, 2024, 1:03pm

Thanks for the response. Those are the steps that I am following precisely when establishing that parameter. Even so, it still allows any upload limit

tom42 · September 13, 2024, 5:45pm

Hey @juanma81,

unfortunately i turned out that this user is a spam bot (See Spam attacks for days - #13 by tom42 for my summary) which probably used some AI to create legit looking postings. So i think i wouldn’t trust any content that user has posted because it might be not valid

system · December 12, 2024, 5:45pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.