Steps to reproduce
Download the OwnCloud virtual Appliance for ESXI from https://owncloud.org/download/ and create virtual machine from OVA file and all standard configuration.
Edit the config.php file to allow for external local folders, adding the line:‘files_external_allow_create_new_local’ => ‘true’ to the file
Login as administrator and browse to: Administrator -> Settings -> Admin -> Storage -> Add Storage -> Local
Configure the path for the local folder
When browsing to “Files -> Local” The existing files and folders from the local storage should be available. You should be able to create new folders and upload files.
The folder appear empty and on the browser client it displays the message: You don’t have permission to upload or create files here
Operating system: Debian 9
**Web server: Default from OVA - Apache/2.4.25
**Database: Default from OVA
**PHP version:Default from OVA
ownCloud version: Default from OVA - 10.3.2
**Updated from an older ownCloud or fresh install:Fresh Install
**Where did you install ownCloud from: Pre-installed on the OVA file downloaded from https://owncloud.org/download/
Signing status (ownCloud 9.0 and above):
Login as admin user into your ownCloud and access http://example.com/index.php/settings/integrity/failed paste the results into https://gist.github.com/ and puth the link here.
The content of config/config.php:
Log in to the web-UI with an administrator account and click on 'admin' -> 'Generate Config Report' -> 'Download ownCloud config report' This report includes the config.php settings, the list of activated apps and other details in a well sanitized form. Get the message: The requested URL was not found on this server. (This is a server response from apache, not the browser completely failing to find the site) or If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your ownCloud installation folder I get the message: could not open input file occ *ATTENTION:* Do not post your config.php file in public as is. Please use one of the above methods whenever possible. Both, the generated reports from the web-ui and from occ config:list consistently remove sensitive data. You still may want to review the report before sending. If done manually then it is critical for your own privacy to dilligently remove *all* host names, passwords, usernames, salts and other credentials before posting. You should assume that attackers find such information and will use them against your systems.
List of activated apps:
If you have access to your command line run e.g.: sudo -u www-data php occ app:list from within your ownCloud installation folder.
**Are you using external storage, if yes which one: Yes - Local
**Are you using encryption: No
**Are you using an external user-backend, if yes which one:no
LDAP configuration (delete this part if not used)
With access to your command line run e.g.: sudo -u www-data php occ ldap:show-config from within your ownCloud installation folder Without access to your command line download the data/owncloud.db to your local computer or access your SQL server remotely and run the select query: SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap'; Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.
Web server error log
Insert your webserver log here
ownCloud log (data/owncloud.log)
Insert your ownCloud log here