From d62a14ca4ee42703f41ef06db01ae343906eb845 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Wed, 29 Apr 2026 08:25:11 -0700 Subject: [PATCH] scc: pavon owncloud diagnostic scratch scripts from 2026-04-29 session MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Six small bash scripts uploaded to /tmp on 172.16.3.22 during the OwnCloud cron stacking incident — investigation, group enumeration, failed group-restrict attempt, occ subcommand discovery. Captured for audit; full context in clients/pavon/session-logs/2026-04-29-session.md. Co-Authored-By: Claude Opus 4.7 (1M context) --- temp/occ-versions-help.sh | 20 ++++++++++++++++++ temp/owncloud-groups-check.sh | 9 ++++++++ temp/owncloud-investigate.sh | 21 +++++++++++++++++++ temp/owncloud-pavon-groups.sh | 10 +++++++++ temp/owncloud-versioning-check.sh | 19 +++++++++++++++++ temp/owncloud-versioning-restrict.sh | 31 ++++++++++++++++++++++++++++ 6 files changed, 110 insertions(+) create mode 100644 temp/occ-versions-help.sh create mode 100644 temp/owncloud-groups-check.sh create mode 100644 temp/owncloud-investigate.sh create mode 100644 temp/owncloud-pavon-groups.sh create mode 100644 temp/owncloud-versioning-check.sh create mode 100644 temp/owncloud-versioning-restrict.sh diff --git a/temp/occ-versions-help.sh b/temp/occ-versions-help.sh new file mode 100644 index 0000000..e27a6fb --- /dev/null +++ b/temp/occ-versions-help.sh @@ -0,0 +1,20 @@ +#!/bin/bash +OCC="sudo -u apache php /var/www/owncloud/occ" +echo "=== ALL versions:* COMMANDS ===" +$OCC list 2>&1 | grep -E '^\s+versions:' +echo +echo "=== ALL trashbin:* COMMANDS ===" +$OCC list 2>&1 | grep -E '^\s+trashbin:' +echo +echo "=== versions:cleanup HELP ===" +$OCC versions:cleanup --help 2>&1 | head -25 +echo +echo "=== versions:expire HELP ===" +$OCC versions:expire --help 2>&1 | head -25 +echo +echo "=== files_versions DIR STATE BEFORE ===" +du -sh /owncloud/pavon/files_versions 2>&1 +find /owncloud/pavon/files_versions -type f 2>/dev/null | wc -l +echo +echo "=== filecache rows for pavon's versions ===" +mysql owncloud --skip-column-names <<<'SELECT COUNT(*) FROM oc_filecache fc JOIN oc_storages s ON fc.storage=s.numeric_id WHERE s.id="home::pavon" AND fc.path LIKE "files_versions/%"' 2>&1 diff --git a/temp/owncloud-groups-check.sh b/temp/owncloud-groups-check.sh new file mode 100644 index 0000000..a31f899 --- /dev/null +++ b/temp/owncloud-groups-check.sh @@ -0,0 +1,9 @@ +#!/bin/bash +echo "=== EXISTING GROUPS ===" +sudo -u apache php /var/www/owncloud/occ group:list 2>&1 +echo +echo "=== PAVON'S GROUPS ===" +sudo -u apache php /var/www/owncloud/occ user:show pavon 2>&1 | grep -iE 'group|enabled' +echo +echo "=== APP ENABLE/DISABLE PER-GROUP SUPPORT ===" +sudo -u apache php /var/www/owncloud/occ help app:enable 2>&1 | head -20 diff --git a/temp/owncloud-investigate.sh b/temp/owncloud-investigate.sh new file mode 100644 index 0000000..ff29d05 --- /dev/null +++ b/temp/owncloud-investigate.sh @@ -0,0 +1,21 @@ +#!/bin/bash +echo === LOAD === +uptime +echo +echo === CIFS UTILS === +rpm -q cifs-utils 2>&1 +which mount.cifs 2>&1 +echo +echo === EXISTING SMB MOUNTS === +mount | grep -iE 'cifs|smb|172.16.3.21' || echo "(none)" +echo +echo === SUBDIR FILE COUNTS === +for d in /owncloud/pavon/files/*/; do + name="${d#/owncloud/pavon/files/}" + name="${name%/}" + count=$(find "$d" -maxdepth 4 -type f 2>/dev/null | wc -l) + echo "$count files: $name" +done +echo +echo === ESTIMATED FILES OLDER THAN 365 DAYS === +find /owncloud/pavon/files -type f -mtime +365 2>/dev/null | wc -l diff --git a/temp/owncloud-pavon-groups.sh b/temp/owncloud-pavon-groups.sh new file mode 100644 index 0000000..6bbd50c --- /dev/null +++ b/temp/owncloud-pavon-groups.sh @@ -0,0 +1,10 @@ +#!/bin/bash +echo "=== PAVON USER DETAILS ===" +sudo -u apache php /var/www/owncloud/occ user:list-groups pavon 2>&1 +echo +echo "=== ALL USERS WITH GROUPS ===" +for u in $(sudo -u apache php /var/www/owncloud/occ user:list 2>&1 | awk -F': ' '{print $2}' | tr -d ' '); do + [ -z "$u" ] && continue + grps=$(sudo -u apache php /var/www/owncloud/occ user:list-groups "$u" 2>&1 | grep -E '^\s+-' | awk -F'- ' '{print $2}' | paste -sd, -) + echo "$u: ${grps:-(no groups)}" +done diff --git a/temp/owncloud-versioning-check.sh b/temp/owncloud-versioning-check.sh new file mode 100644 index 0000000..0fab9d3 --- /dev/null +++ b/temp/owncloud-versioning-check.sh @@ -0,0 +1,19 @@ +#!/bin/bash +echo "=== VERSIONING APP STATUS ===" +sudo -u apache php /var/www/owncloud/occ app:list 2>&1 | grep -iE 'versions|trash' +echo +echo "=== GLOBAL VERSIONS RETENTION ===" +sudo -u apache php /var/www/owncloud/occ config:system:get versions_retention_obligation 2>&1 +echo +echo "=== TRASH RETENTION ===" +sudo -u apache php /var/www/owncloud/occ config:system:get trashbin_retention_obligation 2>&1 +echo +echo "=== EXISTING VERSIONS DIR FOR PAVON ===" +du -sh /owncloud/pavon/files_versions 2>&1 +ls /owncloud/pavon/ 2>&1 +echo +echo "=== USER LIST ===" +sudo -u apache php /var/www/owncloud/occ user:list 2>&1 +echo +echo "=== PER-USER VERSIONING SETTING (if any) ===" +sudo -u apache php /var/www/owncloud/occ user:setting pavon files_versions 2>&1 || true diff --git a/temp/owncloud-versioning-restrict.sh b/temp/owncloud-versioning-restrict.sh new file mode 100644 index 0000000..de199bd --- /dev/null +++ b/temp/owncloud-versioning-restrict.sh @@ -0,0 +1,31 @@ +#!/bin/bash +set -e +OCC="sudo -u apache php /var/www/owncloud/occ" + +echo "=== STEP 1: Create group 'versioning_users' ===" +$OCC group:add versioning_users 2>&1 || true + +echo +echo "=== STEP 2: Add all non-pavon users to the group ===" +for u in Martell anaise bst jburger mara minrec rohrbach sysadmin themarcgroup; do + $OCC group:add-member versioning_users --member "$u" 2>&1 || true +done + +echo +echo "=== STEP 3: Verify membership ===" +$OCC group:list-members versioning_users 2>&1 + +echo +echo "=== STEP 4: Disable files_versions globally ===" +$OCC app:disable files_versions 2>&1 + +echo +echo "=== STEP 5: Re-enable for versioning_users group only ===" +$OCC app:enable files_versions --groups versioning_users 2>&1 + +echo +echo "=== STEP 6: Verify app status ===" +$OCC app:list 2>&1 | grep -A 2 -i versions +echo +echo "=== STEP 7: Verify pavon excluded ===" +$OCC user:list-groups pavon 2>&1