[Owncloud] Accessing files outside the users home folder

Robin Appelman icewind at owncloud.com
Fri Jan 20 17:47:47 UTC 2012 

On Friday 20 January 2012 17:48:51 Klaas Freitag wrote:
> On 20.01.2012 01:06, Robin Appelman wrote:
> 
> Hi Robin,
> 
> > Trowing some idea out here for whoever is interested and/or wants to
> > provide some ideas or feedback.
> 
> Please take into account that I haven't worked a lot with OC_Filesystem
> yet, so maybe that my comments feel stupid here and there...
> 
> > Currently the only "correct" way of accessing any file of a user,
> > oc_filesystem, is limited to files within the users home folder
> > (/username/files in the complete virtual filesytem).
> > While this is fine for most uses, there are plenty of valid cases where an
> > app needs to access files outside the home folder.
> 
> This rings a bell for me. Imagine in the future, we make it way easier
> to upload apps on an owncloud, ie. writing apps could become as easy as
> writing macros in a text processor and the users can upload their apps
> into their ownCloud. In that case it would be cool to have a hard jail
> to the user directory for apps. But as I wrote it I realize that its
> probably hard to prevent a 'bad' app from accessing the file system at all.
> Anyhow, if we allow apps to get out their jail easily that raises the
> risk for security issues if things go wrong somewhere.
There is no way that I'm aware of to prevent apps from doing something bad, 
since there is nothing stopping them from using php's internal filesystem api.

> 
> > Sharing needs to access files
> > owned by other users, gallary needs to store thumbnails of photos and
> > galleries and media might want to store album covers somewhere.
> 
> The gallery- and media-example sound like a usecase for a kind of /var
> directory, which contains data that is not neccessarily user related
> (such as cover pics) and/or is fluent and can be reproduced. Moreover,
> these data will probably always be local, right?
> 
> It might be an alternative to not change the OC_Filesystem for the
> benefit of hard jailing and implement a class that supports the
> var-directory-functionality that can be used for this kind of data.
imo, thumbnails and album covers are still user data, since it provides 
information about the pictures/music the user has, if a user wants his photo's 
encrypted, the thumbnails of said photos also should be encrypted.

For the need for user-independent storage, a standard directory could be 
created for that is the data folder (say, /_appdata_/myapp) which can then be 
exposed by the new filesystem views

> 
> > All apps that currently need to do something like this currently have
> > their
> > own implementation that bypasses oc_filesystem partly of completly, while
> > that may work for now, bypassing oc_filesystem would, in the future, mean
> > not having things like encryption, metadata storage or not having the
> > file at all due to it being mounted from a remote source.
> 
> Yes, thats bad.
> 
> > My idea for providing a proper way to access files outside the users home
> > folder without making oc_filesystem harder to use for 90% of the use cases
> > is to add a new class oc_filesystemview, which can create a "view" into
> > ownCloud's virtual file system simular to oc_filesystem, only without
> > having to be locked into the users home folder.
> > 
> > Every view can have it's own chroot, giving it access to a part of the
> > filesystem and will provide the same functionality oc_filesystem provides.
> > The sharing app could create a new view on /otheruser/files to gain access
> > to the files and application that need to store files outside the users
> > view can create a view on /username/appid.
> 
> The view idea also sounds clever to me.
> 
> > To retain compatibility with the current way of using oc_filesystem,
> > oc_filesystem will provide a static default view on /username/files with
> > zero api changes for apps using oc_filesystem the "normal" way.
> 
> Would that mean that existing code have to be adopted to the new view
> classes?
No, oc_filesystem will continue to provide the same api, only apps that need 
data outside of the home folder will have to use the new views

> 
> > Looking foreward to ideas/feedback on this increasingly relevant topic.
> 
> Thanks for sharing, I hope my ideas aren't too fanciful :-)
> 
> Klaas

 - Robin Appelman

More information about the Owncloud mailing list