Koozali.org: home of the SME Server

Contribs.org Forums => Koozali SME Server 10.x Contribs => Topic started by: Mace on June 16, 2021, 06:23:57 PM

Title: Nextcloud "shell_exec() has been disabled for security reasons"
Post by: Mace on June 16, 2021, 06:23:57 PM

I have Nextcloud installed via the contrib and it seems to be running great on the surface. I am getting a lot of

Code: [Select]

Error: shell_exec() has been disabled for security reasons at /usr/share/nextcloud/apps/serverinfo/lib/OperatingSystems/DefaultOs.php#134
    <<closure>>
    OC\Log\ErrorHandler::onError()
    /usr/share/nextcloud/apps/serverinfo/lib/OperatingSystems/DefaultOs.php - line 134:
    shell_exec()
    /usr/share/nextcloud/apps/serverinfo/lib/Os.php - line 90:
    OCA\ServerInfo\OperatingSystems\DefaultOs->getTimeServers()
    /usr/share/nextcloud/apps/serverinfo/lib/Controller/ApiController.php - line 118:
    OCA\ServerInfo\Os->getTimeServers()
    /usr/share/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 169:
    OCA\ServerInfo\Controller\ApiController->BasicData()
    /usr/share/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 100:
    OC\AppFramework\Http\Dispatcher->executeController()
    /usr/share/nextcloud/lib/private/AppFramework/App.php - line 152:
    OC\AppFramework\Http\Dispatcher->dispatch()
    /usr/share/nextcloud/lib/private/Route/Router.php - line 308:
    OC\AppFramework\App::main()
    /usr/share/nextcloud/ocs/v1.php - line 88:
    OC\Route\Router->match()
    /usr/share/nextcloud/ocs/v2.php - line 24:
    require_once("/usr/share/ ... p")

Error: shell_exec() has been disabled for security reasons at /usr/share/nextcloud/apps/serverinfo/lib/OperatingSystems/DefaultOs.php#133
    <<closure>>
    OC\Log\ErrorHandler::onError()
    /usr/share/nextcloud/apps/serverinfo/lib/OperatingSystems/DefaultOs.php - line 133:
    shell_exec()
    /usr/share/nextcloud/apps/serverinfo/lib/Os.php - line 90:
    OCA\ServerInfo\OperatingSystems\DefaultOs->getTimeServers()
    /usr/share/nextcloud/apps/serverinfo/lib/Controller/ApiController.php - line 118:
    OCA\ServerInfo\Os->getTimeServers()
    /usr/share/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 169:
    OCA\ServerInfo\Controller\ApiController->BasicData()
    /usr/share/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 100:
    OC\AppFramework\Http\Dispatcher->executeController()
    /usr/share/nextcloud/lib/private/AppFramework/App.php - line 152:
    OC\AppFramework\Http\Dispatcher->dispatch()
    /usr/share/nextcloud/lib/private/Route/Router.php - line 308:
    OC\AppFramework\App::main()
    /usr/share/nextcloud/ocs/v1.php - line 88:
    OC\Route\Router->match()
    /usr/share/nextcloud/ocs/v2.php - line 24:
    require_once("/usr/share/ ... p")

Error: shell_exec() has been disabled for security reasons at /usr/share/nextcloud/apps/serverinfo/lib/OperatingSystems/DefaultOs.php#111
    <<closure>>
    OC\Log\ErrorHandler::onError()
    /usr/share/nextcloud/apps/serverinfo/lib/OperatingSystems/DefaultOs.php - line 111:
    shell_exec()
    /usr/share/nextcloud/apps/serverinfo/lib/Os.php - line 78:
    OCA\ServerInfo\OperatingSystems\DefaultOs->getTime()
    /usr/share/nextcloud/apps/serverinfo/lib/Controller/ApiController.php - line 116:
    OCA\ServerInfo\Os->getTime()
    /usr/share/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 169:
    OCA\ServerInfo\Controller\ApiController->BasicData()
    /usr/share/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 100:
    OC\AppFramework\Http\Dispatcher->executeController()
    /usr/share/nextcloud/lib/private/AppFramework/App.php - line 152:
    OC\AppFramework\Http\Dispatcher->dispatch()
    /usr/share/nextcloud/lib/private/Route/Router.php - line 308:
    OC\AppFramework\App::main()
    /usr/share/nextcloud/ocs/v1.php - line 88:
    OC\Route\Router->match()
    /usr/share/nextcloud/ocs/v2.php - line 24:
    require_once("/usr/share/ ... p") repeated in the log though, so I wonder if something behind the scenes isn't working like it should. Is there a way to allow shell_exec() for only Nextcloud for now, or would that be a bad idea?

Title: Re: Nextcloud "shell_exec() has been disabled for security reasons"
Post by: Mace on June 16, 2021, 08:51:26 PM

I did install a lot of Nextcloud apps too.

Title: Re: Nextcloud "shell_exec() has been disabled for security reasons"
Post by: Jean-Philippe Pialasse on June 16, 2021, 08:54:52 PM

this is related to serverinfo app

which is convenient but a potential security flaw as you will allow easy informations on your server.

by default we disable potentially dangerous for the system functions if they are not in use. seems we miss this one that is needed.

normally the template allow modifying of default disabled functions.