Create a user "files_encryption"

[cs35-owncloud]

Hello everyone,

first don't do this on an ownCloud production !
I've noticed that the apps files_external and files_encryption create a directory in the datadirectory. It's then possible to destroy them by creating a user with the same name.

Steps to reproduce

1. Install ownCloud
2. Enable master key encryption
3. Create the user "files_encryption"
4. Delete the user "files_encryption"

Expected behaviour

I'm thinking you shouldn't be able to create that user, there should be a blacklist of usernames. Or maybe not put any useful thing in the datadirectory.

Actual behaviour

The content of datadirectory/files_encryption will be destroyed, your encryption keys too. The same happens for files_external if you create a user with that name. It seems the keys get re-generated but are not the same as previously (I checked the md5sum) and previously uploaded files can be browsed. But newly uploaded files are failing the preview. I'm a bit puzzled since everything seems to be working even if the keys have been destroyed and then changed.

Server configuration

Operating system:

Web server: NGinx 1.16.1

Database: MySQL 5.7

PHP version: 7.3.16

ownCloud version: 10.3.2

Updated from an older ownCloud or fresh install: fresh install

Where did you install ownCloud from: tarball

Signing status (ownCloud 9.0 and above): all good

The content of config/config.php:

# occ config:list system
{
    "system": {
        "datadirectory": "\/var\/owncloud\/data",
        "version.hide": true,
        "logtimezone": "UTC",
        "installed": true,
        "upgrade.disable-web": true,
        "upgrade.automatic-app-update": false,
        "updatechecker": false,
        "updater.server.url": "127.0.0.1",
        "maintenance": false,
        "user.search_min_length": 2,
        "loglevel": 2,
        "log_type": "syslog",
        "singleuser": false,
        "filelocking.enabled": true,
        "memcache.local": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "localhost",
            "port": 6379,
            "timeout": 0
        },
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "apps_paths": [
            {
                "path": "\/var\/owncloud\/apps_orig",
                "url": "\/apps_orig",
                "writable": false
            },
            {
                "path": "\/var\/owncloud\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/owncloud\/theme",
                "url": "\/theme",
                "writable": false
            }
        ],
        "mail_smtpmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "tls",
        "dbdriveroptions": {
            "1007": "\/etc\/ssl\/client-key.pem",
            "1008": "\/etc\/ssl\/client-cert.pem",
            "1009": "\/etc\/ssl\/ca.pem",
            "1014": false
        },
        "trashbin_retention_obligation": "30,auto",
        "versions_retention_obligation": "auto, 7",
        "trashbin_purge_limit": 25,
        "skeletondirectory": "",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "overwrite.cli.url": "http:\/\/localhost",
        "dbtype": "mysql",
        "version": "10.3.2.2",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "***REMOVED SENSITIVE VALUE***",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
    }
}

List of activated apps:

# occ app:list
Enabled:
  - activity: 2.5.3
  - brute_force_protection: 1.0.1
  - calendar: 1.6.4
  - comments: 0.3.0
  - configreport: 0.2.0
  - contacts: 1.5.5
  - dav: 0.5.0
  - encryption: 1.4.0
  - federatedfilesharing: 0.5.0
  - federation: 0.1.0
  - files: 1.5.2
  - files_external: 0.7.1
  - files_external_dropbox: 1.2.0
  - files_external_ftp: 0.2.1
  - files_mediaviewer: 1.0.2
  - files_pdfviewer: 0.11.1
  - files_sharing: 0.12.0
  - files_trashbin: 0.9.1
  - files_versions: 1.3.0
  - guests: 0.8.2
  - notifications: 0.5.0
  - provisioning_api: 0.5.0
  - systemtags: 0.3.0
  - tasks: 0.9.7
Disabled:
  - external
  - market
  - user_external

Are you using external storage, if yes which one: no

Are you using encryption: yes, master encryption

Are you using an external user-backend, if yes which one: no

I'm aware it's a bit pushed, you have to create a user with a specific name, but it might happen. I think the best would be to keep datadirectory only for the users, and move the app folders somewhere else. And/or to have a blacklist of usernames.
If you need more informations let me know.
Thanks for your help.

[mmattel]

@micbar fyi ...

[phil-davis]

I had raised an issue about various "special" strings like this that should not be allowed as user names. Struggling to find it now - see #32547

[cs35-owncloud]

Thanks @phil-davis I hadn't seen this issue before, well that's too bad, it seems old :/

[prsnbrg]

Duplicate of #30438

[phil-davis]

PR #37268 has been merged. The special usernames will not be able to be "accidentally" created in future. Should be released in 10.5.0

[cs35-owncloud]

Thanks a lot @phil-davis :)