Merge pull request #12419 from owncloud/read-only-config

Allow read-only configuration

5 files changed, 38 insertions, 6 deletions

diff --git a/config/config.sample.php b/config/config.sample.php
index 26cc356fd04..78faf064a8b 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -441,6 +441,15 @@ $CONFIG = array(
  */
 'check_for_working_htaccess' => true,
 
+/**
+ * In certain environments it is desired to have a read-only config file.
+ * When this switch is set to ``true`` ownCloud will not verify whether the
+ * configuration is writable. However, it will not be possible to configure
+ * all options via the web-interface. Furthermore, when updating ownCloud
+ * it is required to make the config file writable again for the update
+ * process.
+ */
+'config_is_read_only' => false,
 
 /**
  * Logging
diff --git a/lib/base.php b/lib/base.php
index cd5d8feb1f6..74b668551ab 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -188,9 +188,9 @@ class OC {
 
 	public static function checkConfig() {
 		$l = \OC::$server->getL10N('lib');
-		if (file_exists(self::$configDir . "/config.php")
-			and !is_writable(self::$configDir . "/config.php")
-		) {
+		$configFileWritable = file_exists(self::$configDir . "/config.php") && is_writable(self::$configDir . "/config.php");
+		if (!$configFileWritable && !OC_Helper::isReadOnlyConfigEnabled()
+			|| !$configFileWritable && \OCP\Util::needUpgrade()) {
 			if (self::$CLI) {
 				echo $l->t('Cannot write into "config" directory!')."\n";
 				echo $l->t('This can usually be fixed by giving the webserver write access to the config directory')."\n";
diff --git a/lib/private/helper.php b/lib/private/helper.php
index d43eefcdc52..0e302275540 100644
--- a/lib/private/helper.php
+++ b/lib/private/helper.php
@@ -973,4 +973,12 @@ class OC_Helper {
 		return array('free' => $free, 'used' => $used, 'total' => $total, 'relative' => $relative);
 
 	}
+
+	/**
+	 * Returns whether the config file is set manually to read-only
+	 * @return bool
+	 */
+	public static function isReadOnlyConfigEnabled() {
+		return \OC::$server->getConfig()->getSystemValue('config_is_read_only', false);
+	}
 }
diff --git a/settings/admin.php b/settings/admin.php
index a669974891c..50a4ac4f1c8 100644
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -33,6 +33,7 @@ $template->assign('mail_smtppassword', $config->getSystemValue("mail_smtppasswor
 $template->assign('entries', $entries);
 $template->assign('entriesremain', $entriesRemaining);
 $template->assign('htaccessworking', $htAccessWorking);
+$template->assign('readOnlyConfigEnabled', OC_Helper::isReadOnlyConfigEnabled());
 $template->assign('isLocaleWorking', OC_Util::isSetLocaleWorking());
 $template->assign('isPhpCharSetUtf8', OC_Util::isPhpCharSetUtf8());
 $template->assign('isAnnotationsWorking', OC_Util::isAnnotationsWorking());
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index 166e36a3605..d29ea4c7f7f 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -86,14 +86,28 @@ if (!$_['isConnectedViaHTTPS']) {
 // is htaccess working ?
 if (!$_['htaccessworking']) {
 	?>
-<div class="section">
-	<h2><?php p($l->t('Security Warning'));?></h2>
+	<div class="section">
+		<h2><?php p($l->t('Security Warning')); ?></h2>
 
 	<span class="securitywarning">
 		<?php p($l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.')); ?>
 	</span>
 
-</div>
+	</div>
+<?php
+}
+
+// is read only config enabled
+if ($_['readOnlyConfigEnabled']) {
+?>
+<div class="section">
+	<h2><?php p($l->t('Read-Only config enabled'));?></h2>
+
+	<span class="securitywarning">
+		<?php p($l->t('The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update.')); ?>
+	</span>
+
+	</div>
 <?php
 }
 // Are doc blocks accessible?