My YunoHost server
Matériel: VPS Kimsufi
Version de YunoHost: 11.0.10.2 (stable)
Version de Nextcloud: 24.0.5~ynh1
J’ai accès à mon serveur : by SSH | Through the webadmin
Any particuliar edit on your instance? : Yes, some shared folders were renamed in /home/yunohost.multimedia/shared/ see below
Issue description
Hello, a year after my previous issue, I’m back with a Nextcloud related one.
I enabled files encryption a while ago, and through some user issues, I had to disable it. Nextcloud did consider the decryption done but the files were still encrypted. I relied on nextcloud-tools/decrypt-all-files to get them all back and it mostly went ok apart from the “Shared Multimedia” folder. I cannot decrypt it at all, neither from a user symlink or directly through the main path. A user renamed some folders and I wonder what impact it could have.
Shared folder structure (user 998 matches nextcloud):
$> ls -la /home/yunohost.multimedia/share/
total 44
drwxrwxr-x+ 9 root root 4096 Nov 23 17:22 .
drwxrwxr-x+ 8 root root 4096 Nov 27 10:50 ..
drwxrwxr-x+ 2 root root 4096 Nov 23 17:22 eBook
drwxrwxr-x+ 27 998 998 4096 Nov 23 21:50 eBooks
drwxrwxr-x+ 3 998 998 4096 Jun 9 16:22 Jeux
drwxrwxr-x+ 2 root root 4096 Nov 23 17:22 Music
drwxrwxr-x+ 110 998 998 12288 Jun 28 18:33 Musique
drwxrwxr-x+ 2 root root 4096 Nov 23 17:22 Picture
drwxrwxr-x+ 2 root root 4096 Nov 23 17:22 Video
A user multimedia folder:
$> ls -la /home/yunohost.multimedia/sampson_s/
total 36
drwxrwxr-x+ 9 sampson_s root 4096 Nov 23 17:22 .
drwxrwxr-x+ 8 root root 4096 Nov 27 10:50 ..
drwxrwxr-x+ 2 sampson_s root 4096 Oct 20 11:57 eBook
drwxrwxr-x+ 3 sampson_s 998 4096 Oct 12 12:26 eBooks
drwxrwxr-x+ 26 sampson_s 998 4096 May 7 2022 Images
drwxrwxr-x+ 2 sampson_s root 4096 Oct 20 11:57 Music
drwxrwxr-x+ 2 sampson_s root 4096 Oct 20 11:57 Picture
lrwxrwxrwx 1 sampson_s root 31 Nov 23 17:22 Share -> /home/yunohost.multimedia/share
drwxrwxr-x+ 2 sampson_s root 4096 Oct 20 11:57 Video
drwxrwxr-x+ 6 sampson_s 998 4096 May 12 2022 Videos
A tree on the keys folder:
root@sso:/home/yunohost.app/nextcloud/data/files_encryption/keys/files# tree -L 2
.
├── Multimedia
│ ├── eBooks
│ ├── Musiques
│ └── Picture
├── Shared multimedia
│ └── 1621362954139.jpg
└── Shared Multimedia
└── eBooks
and on a user keys folder:
root@sso:/home/yunohost.app/nextcloud/data/sampson_s/files_encryption/keys/files/Shared Multimedia# tree -L 1
.
├── eBooks
├── Films
├── Jeux
├── Musique
└── Séries
decrypt-all-files config:
// nextcloud definitions - you can get these values from config/config.php
define("DATADIRECTORY", "/home/yunohost.app/nextcloud/data");
define("INSTANCEID", "[REDACTED]");
define("SECRET", "[REDACTED]");
// recovery password definition
define("RECOVERY_PASSWORD", "");
// user password definitions
// replace "USERNAMEA", "USERNAMEB", "USERNAMEC" with the actual usernames
// you can add or remove entries as necessary
define("USER_PASSWORD_sampson_s", "[REDACTED]");
define("USER_PASSWORD_romain_f", "[REDACTED]");
// external storage definitions
// replace "STORAGEA", "STORAGEB", "STORAGEC" with the actual external storage names
// you can add or remove entries as necessary
define("EXTERNAL_STORAGE_sampson_s/Multimedia", "/home/yunohost.multimedia/sampson_s");
define("EXTERNAL_STORAGE_Shared Multimedia", "/home/yunohost.multimedia/share/");
Debug output from decrypt-all-files on a sinigle file through a user share:
$> ./decrypt-all-files.php backup/ /home/yunohost.multimedia/sampson_s/Share/
[...]
DEBUG: filename = /home/yunohost.multimedia/sampson_s/Share/Musique/Belle and Sebastian/Belle And Sebastian - Rare Tracks/Belle And Sebastian - Rare - - London Has Let Me Down (demo).mp3
DEBUG: target = backup/sampson_s/EXTERNAL_STORAGE_Multimedia/Share/Musique/Belle and Sebastian/Belle And Sebastian - Rare Tracks/Belle And Sebastian - Rare - - London Has Let Me Down (demo).mp3
DEBUG: datafilename = Multimedia/Share/Musique/Belle and Sebastian/Belle And Sebastian - Rare Tracks/Belle And Sebastian - Rare - - London Has Let Me Down (demo).mp3
DEBUG: istrashbin = false
DEBUG: username = sampson_s
DEBUG: secretkey = unavailable
DEBUG: trying to copy file...
DEBUG: success = false
and directly on the folder:
$> ./decrypt-all-files.php backup/ /home/yunohost.multimedia/share/
[...]
DEBUG: filename = /home/yunohost.multimedia/share/Musique/Alexandra Poulain - Le mouvement des marées/Le mouvement des marées.pdf
DEBUG: target = backup/EXTERNAL_STORAGE_Shared Multimedia/Musique/Alexandra Poulain - Le mouvement des marées/Le mouvement des marées.pdf
DEBUG: datafilename = Shared Multimedia/Musique/Alexandra Poulain - Le mouvement des marées/Le mouvement des marées.pdf
DEBUG: istrashbin = false
DEBUG: username =
DEBUG: secretkey = unavailable
DEBUG: trying to copy file...
DEBUG: success = false
From what I can see, the missing secretkey prevents the decryption, or, as it is a shared folder, I’m unsure on where to find the key and make them match during the script execution.
Since I don’t have so many users, I consider reinstalling Nextcloud from scratch but before, I gotta get the files back.
Does anyone know what to do?
Thanks a lot.
Mon serveur YunoHost
Matériel: VPS Kimsufi
Version de YunoHost: 11.0.10.2 (stable)
Version de Nextcloud: 24.0.5~ynh1
J’ai accès à mon serveur : En SSH | Par la webadmin
Êtes-vous dans un contexte particulier ou avez-vous effectué des modificiations particulières sur votre instance ? : Oui, des modifications sur les noms de dossiers dans /home/yunohost.multimedia/shared/ décrites ci-dessous.
Description du problème
Bonjour, un an après, me voici de retour avec un souci sur Nextcloud.
J’ai activé l’encryption des données, et suite à quelques mauvaises manipulations des utilisateurs, j’ai dû la désactiver. Le 1er souci: Nextcloud a bien calculé que l’encryption était désactivée mais certains fichiers sont restés encryptés. J’ai utilisé nextcloud-tools/decrypt-all-files pour les récupérer et cela s’est globalement bien passé à l’exception du dossier externe “Shared Multimedia”.
Je n’arrive pas à décrypter ce dernier via les dossers des users (à travers le symlink) ni en direct. Un user a renommé des dossiers et je me demande si cela a eu un impact.
La structure du Shared (le user 998 correspond à nextcloud):
$> ls -la /home/yunohost.multimedia/share/
total 44
drwxrwxr-x+ 9 root root 4096 Nov 23 17:22 .
drwxrwxr-x+ 8 root root 4096 Nov 27 10:50 ..
drwxrwxr-x+ 2 root root 4096 Nov 23 17:22 eBook
drwxrwxr-x+ 27 998 998 4096 Nov 23 21:50 eBooks
drwxrwxr-x+ 3 998 998 4096 Jun 9 16:22 Jeux
drwxrwxr-x+ 2 root root 4096 Nov 23 17:22 Music
drwxrwxr-x+ 110 998 998 12288 Jun 28 18:33 Musique
drwxrwxr-x+ 2 root root 4096 Nov 23 17:22 Picture
drwxrwxr-x+ 2 root root 4096 Nov 23 17:22 Video
La structure du dossier multimedia d’un user:
$> ls -la /home/yunohost.multimedia/sampson_s/
total 36
drwxrwxr-x+ 9 sampson_s root 4096 Nov 23 17:22 .
drwxrwxr-x+ 8 root root 4096 Nov 27 10:50 ..
drwxrwxr-x+ 2 sampson_s root 4096 Oct 20 11:57 eBook
drwxrwxr-x+ 3 sampson_s 998 4096 Oct 12 12:26 eBooks
drwxrwxr-x+ 26 sampson_s 998 4096 May 7 2022 Images
drwxrwxr-x+ 2 sampson_s root 4096 Oct 20 11:57 Music
drwxrwxr-x+ 2 sampson_s root 4096 Oct 20 11:57 Picture
lrwxrwxrwx 1 sampson_s root 31 Nov 23 17:22 Share -> /home/yunohost.multimedia/share
drwxrwxr-x+ 2 sampson_s root 4096 Oct 20 11:57 Video
drwxrwxr-x+ 6 sampson_s 998 4096 May 12 2022 Videos
un tree sur le dossier des clés de Nextcloud:
root@sso:/home/yunohost.app/nextcloud/data/files_encryption/keys/files# tree -L 2
.
├── Multimedia
│ ├── eBooks
│ ├── Musiques
│ └── Picture
├── Shared multimedia
│ └── 1621362954139.jpg
└── Shared Multimedia
└── eBooks
et sur le dossier des clés d’un user:
root@sso:/home/yunohost.app/nextcloud/data/sampson_s/files_encryption/keys/files/Shared Multimedia# tree -L 1
.
├── eBooks
├── Films
├── Jeux
├── Musique
└── Séries
La config de decrypt-all-files:
// nextcloud definitions - you can get these values from config/config.php
define("DATADIRECTORY", "/home/yunohost.app/nextcloud/data");
define("INSTANCEID", "[REDACTED]");
define("SECRET", "[REDACTED]");
// recovery password definition
define("RECOVERY_PASSWORD", "");
// user password definitions
// replace "USERNAMEA", "USERNAMEB", "USERNAMEC" with the actual usernames
// you can add or remove entries as necessary
define("USER_PASSWORD_sampson_s", "[REDACTED]");
define("USER_PASSWORD_romain_f", "[REDACTED]");
// external storage definitions
// replace "STORAGEA", "STORAGEB", "STORAGEC" with the actual external storage names
// you can add or remove entries as necessary
define("EXTERNAL_STORAGE_sampson_s/Multimedia", "/home/yunohost.multimedia/sampson_s");
define("EXTERNAL_STORAGE_Shared Multimedia", "/home/yunohost.multimedia/share/");
L’output de decrypt-all-files en mode debug sur un fichier via un user:
$> ./decrypt-all-files.php backup/ /home/yunohost.multimedia/sampson_s/Share/
[...]
DEBUG: filename = /home/yunohost.multimedia/sampson_s/Share/Musique/Belle and Sebastian/Belle And Sebastian - Rare Tracks/Belle And Sebastian - Rare - - London Has Let Me Down (demo).mp3
DEBUG: target = backup/sampson_s/EXTERNAL_STORAGE_Multimedia/Share/Musique/Belle and Sebastian/Belle And Sebastian - Rare Tracks/Belle And Sebastian - Rare - - London Has Let Me Down (demo).mp3
DEBUG: datafilename = Multimedia/Share/Musique/Belle and Sebastian/Belle And Sebastian - Rare Tracks/Belle And Sebastian - Rare - - London Has Let Me Down (demo).mp3
DEBUG: istrashbin = false
DEBUG: username = sampson_s
DEBUG: secretkey = unavailable
DEBUG: trying to copy file...
DEBUG: success = false
et directement sur le dossier:
$> ./decrypt-all-files.php backup/ /home/yunohost.multimedia/share/
[...]
DEBUG: filename = /home/yunohost.multimedia/share/Musique/Alexandra Poulain - Le mouvement des marées/Le mouvement des marées.pdf
DEBUG: target = backup/EXTERNAL_STORAGE_Shared Multimedia/Musique/Alexandra Poulain - Le mouvement des marées/Le mouvement des marées.pdf
DEBUG: datafilename = Shared Multimedia/Musique/Alexandra Poulain - Le mouvement des marées/Le mouvement des marées.pdf
DEBUG: istrashbin = false
DEBUG: username =
DEBUG: secretkey = unavailable
DEBUG: trying to copy file...
DEBUG: success = false
De ce que je vois, la décryption est impossible car la secretkey n’est pas disponible.Or, comme il s’agit d’un dossier partagé, je ne sais pas qui est l’owner (dans nextcloud?) et où trouver la secretkey qui correspond.
Etant donné que j’ai peu d’users (5), je suis prêt à tout backup puis reinstaller Nextcloud pour totalement le nettoyer, mais il me faut récupérer les différents fichiers qui ne sont pas encore décryptés.
Quelqu’un aurait une idée?
Merci d’avance.