Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] No permission to access file - when downloading any file #2877

Open
AndyTempel opened this issue Jan 26, 2025 · 3 comments
Open

[BUG] No permission to access file - when downloading any file #2877

AndyTempel opened this issue Jan 26, 2025 · 3 comments

Comments

@AndyTempel
Copy link

AndyTempel commented Jan 26, 2025
edited
Loading

I'm using docker image for my SeaFile deployment. I was running 11.0-latest and upgraded to 12.0-latest using this guide: manual.seafile.com/latest/upgrade/upgrade_docker/

I can't figure out why I can't download/open files, the SeaFile responds with 403 Error and message No permission to access file. If I create a public share link and try to download the file that way in a private window, the seafile responds with Bad Request.
But if I open any Office files (using collabora) they open normally.

Request looks like this (repo id, domain and cookie contents changed):

curl 'https://example.com/seafhttp/repos/REPO_ID/files/test.pdf/?op=download' 
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0' 
  -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' 
  -H 'Accept-Encoding: gzip, deflate, br, zstd' 
  -H 'Referer: https://example.com/lib/REPO_ID/file/test.pdf'  
  -H 'Cookie: sfcsrftoken=...; sessionid=...'

My docker-compose.yml (note I use separate Caddy config)

services:
  db:
    image: mariadb:10.11
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}  # Required, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
      - MARIADB_AUTO_UPGRADE=1
    volumes:
      - /mnt/user/seafile/db:/var/lib/mysql  # Required, specifies the path to MySQL data persistent store.
    networks:
      - seafile-net
    ports:
      - 2295:3306
    healthcheck:
      test:
        [
          "CMD",
          "/usr/local/bin/healthcheck.sh",
          "--connect",
          "--mariadbupgrade",
          "--innodb_initialized",
        ]
      interval: 20s
      start_period: 30s
      timeout: 5s
      retries: 10
      
  collabora:
    image: ${COLLABORA_IMAGE:-collabora/code:24.04.5.1.1}
    container_name: seafile-collabora
    ports:
      - 2294:9980
    cap_add:
      - MKNOD
    environment:
      - server_name=coll.example.com:443
      - username=${COLLABORA_USERNAME:?Variable is not set or empty}
      - password=${COLLABORA_PASSWORD:?Variable is not set or empty}
      - DONT_GEN_SSL_CERT=true
      - TZ=${TIME_ZONE:-Europe/Berlin}
      - extra_params=--o:admin_console.enable=${COLLABORA_ENABLE_ADMIN_CONSOLE:-true}
        --o:ssl.enable=false
        --o:ssl.termination=true
        --o:user_interface.mode=classic
        --o:remote_font_config.url=${COLLABORA_REMOTE_FONT:-}
        --o:logging.file[@enable]=${COLLABORA_ENABLE_FILE_LOGGING:-false}
        --o:logging.file.property[0]=/opt/cool/logs/coolwsd.log
    networks:
      - seafile-net
          
  seafile:
    image: seafileltd/seafile-mc:12.0-latest
    container_name: seafile
    ports:
      - "2293:80"
    volumes:
      - /mnt/user/seafile/data:/shared
    environment:
      - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
      - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
      - DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
      - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
      - DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
      - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
      - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
      - SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=${SEAFILE_MYSQL_DB_SEAHUB_DB_NAME:-seahub_db}
      - TIME_ZONE=${TIME_ZONE:-Etc/UTC}
      - INIT_SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL:-me@example.com}
      - INIT_SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD:-asecret}
      - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
      - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-http}
      - SITE_ROOT=${SITE_ROOT:-/}
      - NON_ROOT=${NON_ROOT:-false}
      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
      - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
      - ENABLE_SEADOC=${ENABLE_SEADOC:-false}
      - SEADOC_SERVER_URL=${SEADOC_SERVER_URL:-http://seafile.example.com/sdoc-server}
    depends_on:
      db:
        condition: service_healthy
    networks:
      - seafile-net

networks:
  seafile-net:
@makidoll
Copy link

Same issue. I just updated to version 12

@killing
Copy link
Member

killing commented Jan 28, 2025

Do you see any error messages in the seafile.log on the server?

@AndyTempel
Copy link
Author

AndyTempel commented Feb 5, 2025
edited
Loading

I apologize for the late response. There are no errors in the seafile.log, there are errors in seahub.log about pdf thumbnails, but I saw that issue is already open.
I should add that desktop clients work perfectly, issue is isolated in the web client.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@killing @makidoll @AndyTempel