Nextcloud "occ files:scan --all" fails

General Discussion
14

I guess the Samba cache dir does not need to be in the public /var/www, i.e. looks more like a potential security issue. Maybe there is a way to change that directory to e.g. /run/php or something like that. Funnily first search machine finds are in Nextcloud context, even that it is stated there to be a general smbclient issue:

But also:

Seems to have been solved in recent Samba, so probably Debian Trixie solves it. … the other reports indicate that cache dir is created in the user’s home, so looks like no way to change it. And I would probably ignore it unless there are actual issues with the mounts. Else, assure to deny public access to this directory in webserver config. Seems to be a common issue with services (and related service users) using libsmbclient, which often have no write access to their home directory, or no home dir at all. some /run sub directory does then often exist, so making that cache dir adjustable would then be a sane solution, probably implemented in recent versions already. … though checking the patch https://launchpadlibrarian.net/586046474/add_dir_create_or_exists_recursive.patch there the solution was to recursively create parent directories if missing. So in our case with www-data that wouldn’t help.

So if you want to mute that error:

cat << '_EOF_' > /etc/apache2/conf-available/samba-cache.conf
<Directory /var/www/.cache>
	Require all denied
</Directory>
_EOF_
a2enconf samba-cache
apachectl -t # verify it returns OK
systemctl restart apache2
mkdir -p /var/www/.cache/samba
chown www-data /var/www/.cache/samba

And then it would be interesting to see what is inside, once you did some SMB mounts. There seem to be credentials caches for two backends in smbclient, likely it’s that.

Btw, Icewind is the nickname of a developer from Nextcloud, not the name of the PHP extension :slightly_smiling_face:.