copyparty 1.16.15__tar.gz → 1.16.17__tar.gz

{copyparty-1.16.15 → copyparty-1.16.17}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: copyparty
-Version: 1.16.15
+Version: 1.16.17
 Summary:   Portable file server with accelerated resumable uploads, deduplication, WebDAV, FTP, zeroconf, media indexer, video thumbnails, audio transcoding, and write-only folders
 Author-email: ed <copyparty@ocv.me>
 License: MIT
@@ -157,6 +157,7 @@ turn almost any device into a file server with resumable uploads/downloads using
         * [custom mimetypes](#custom-mimetypes) - change the association of a file extension
         * [GDPR compliance](#GDPR-compliance) - imagine using copyparty professionally...
         * [feature chickenbits](#feature-chickenbits) - buggy feature? rip it out
+        * [feature beefybits](#feature-beefybits) - force-enable incompatible features
 * [packages](#packages) - the party might be closer than you think
     * [arch package](#arch-package) - now [available on aur](https://aur.archlinux.org/packages/copyparty) maintained by [@icxes](https://github.com/icxes)
     * [fedora package](#fedora-package) - does not exist yet
@@ -1893,7 +1894,7 @@ tell search engines you don't wanna be indexed,  either using the good old [robo
 * volflag `[...]:c,norobots` does the same thing for that single volume
 * volflag `[...]:c,robots` ALLOWS search-engine crawling for that volume, even if `--no-robots` is set globally
 
-also, `--force-js` disables the plain HTML folder listing, making things harder to parse for search engines
+also, `--force-js` disables the plain HTML folder listing, making things harder to parse for *some* search engines -- note that crawlers which understand javascript (such as google) will not be affected
 
 
 ## themes
@@ -2194,6 +2195,15 @@ buggy feature? rip it out  by setting any of the following environment variables
 example: `PRTY_NO_IFADDR=1 python3 copyparty-sfx.py`
 
 
+### feature beefybits
+
+force-enable features with known issues on your OS/env  by setting any of the following environment variables, also affectionately known as `fuckitbits` or `hail-mary-bits`
+
+| env-var                  | what it does |
+| ------------------------ | ------------ |
+| `PRTY_FORCE_MP`          | force-enable multiprocessing (real multithreading) on MacOS and other broken platforms |
+
+
 # packages
 
 the party might be closer than you think

{copyparty-1.16.15 → copyparty-1.16.17}/README.md

@@ -100,6 +100,7 @@ turn almost any device into a file server with resumable uploads/downloads using
         * [custom mimetypes](#custom-mimetypes) - change the association of a file extension
         * [GDPR compliance](#GDPR-compliance) - imagine using copyparty professionally...
         * [feature chickenbits](#feature-chickenbits) - buggy feature? rip it out
+        * [feature beefybits](#feature-beefybits) - force-enable incompatible features
 * [packages](#packages) - the party might be closer than you think
     * [arch package](#arch-package) - now [available on aur](https://aur.archlinux.org/packages/copyparty) maintained by [@icxes](https://github.com/icxes)
     * [fedora package](#fedora-package) - does not exist yet
@@ -1836,7 +1837,7 @@ tell search engines you don't wanna be indexed,  either using the good old [robo
 * volflag `[...]:c,norobots` does the same thing for that single volume
 * volflag `[...]:c,robots` ALLOWS search-engine crawling for that volume, even if `--no-robots` is set globally
 
-also, `--force-js` disables the plain HTML folder listing, making things harder to parse for search engines
+also, `--force-js` disables the plain HTML folder listing, making things harder to parse for *some* search engines -- note that crawlers which understand javascript (such as google) will not be affected
 
 
 ## themes
@@ -2137,6 +2138,15 @@ buggy feature? rip it out  by setting any of the following environment variables
 example: `PRTY_NO_IFADDR=1 python3 copyparty-sfx.py`
 
 
+### feature beefybits
+
+force-enable features with known issues on your OS/env  by setting any of the following environment variables, also affectionately known as `fuckitbits` or `hail-mary-bits`
+
+| env-var                  | what it does |
+| ------------------------ | ------------ |
+| `PRTY_FORCE_MP`          | force-enable multiprocessing (real multithreading) on MacOS and other broken platforms |
+
+
 # packages
 
 the party might be closer than you think

{copyparty-1.16.15 → copyparty-1.16.17}/copyparty/__main__.py

@@ -65,6 +65,7 @@ from .util import (
     load_resource,
     min_ex,
     pybin,
+    read_utf8,
     termsize,
     wrap,
 )
@@ -249,8 +250,7 @@ def get_srvname(verbose)  :
     if verbose:
         lprint("using hostname from {}\n".format(fp))
     try:
-        with open(fp, "rb") as f:
-            ret = f.read().decode("utf-8", "replace").strip()
+        return read_utf8(None, fp, True).strip()
     except:
         ret = ""
         namelen = 5
@@ -259,47 +259,18 @@ def get_srvname(verbose)  :
             ret = re.sub("[234567=]", "", ret)[:namelen]
         with open(fp, "wb") as f:
             f.write(ret.encode("utf-8") + b"\n")
-
-    return ret
-
-
-def get_fk_salt()  :
-    fp = os.path.join(E.cfg, "fk-salt.txt")
-    try:
-        with open(fp, "rb") as f:
-            ret = f.read().strip()
-    except:
-        ret = b64enc(os.urandom(18))
-        with open(fp, "wb") as f:
-            f.write(ret + b"\n")
-
-    return ret.decode("utf-8")
-
-
-def get_dk_salt()  :
-    fp = os.path.join(E.cfg, "dk-salt.txt")
-    try:
-        with open(fp, "rb") as f:
-            ret = f.read().strip()
-    except:
-        ret = b64enc(os.urandom(30))
-        with open(fp, "wb") as f:
-            f.write(ret + b"\n")
-
-    return ret.decode("utf-8")
+        return ret
 
 
-def get_ah_salt()  :
-    fp = os.path.join(E.cfg, "ah-salt.txt")
+def get_salt(name , nbytes )  :
+    fp = os.path.join(E.cfg, "%s-salt.txt" % (name,))
     try:
-        with open(fp, "rb") as f:
-            ret = f.read().strip()
+        return read_utf8(None, fp, True).strip()
     except:
-        ret = b64enc(os.urandom(18))
+        ret = b64enc(os.urandom(nbytes))
         with open(fp, "wb") as f:
             f.write(ret + b"\n")
-
-    return ret.decode("utf-8")
+        return ret.decode("utf-8")
 
 
 def ensure_locale()  :
@@ -1257,6 +1228,10 @@ def add_optouts(ap):
     ap2.add_argument("-nih", action="store_true", help="no info hostname -- don't show in UI")
     ap2.add_argument("-nid", action="store_true", help="no info disk-usage -- don't show in UI")
     ap2.add_argument("-nb", action="store_true", help="no powered-by-copyparty branding in UI")
+    ap2.add_argument("--zipmaxn", metavar="N", type=u, default="0", help="reject download-as-zip if more than \033[33mN\033[0m files in total; optionally takes a unit suffix: [\033[32m256\033[0m], [\033[32m9K\033[0m], [\033[32m4G\033[0m] (volflag=zipmaxn)")
+    ap2.add_argument("--zipmaxs", metavar="SZ", type=u, default="0", help="reject download-as-zip if total download size exceeds \033[33mSZ\033[0m bytes; optionally takes a unit suffix: [\033[32m256M\033[0m], [\033[32m4G\033[0m], [\033[32m2T\033[0m] (volflag=zipmaxs)")
+    ap2.add_argument("--zipmaxt", metavar="TXT", type=u, default="", help="custom errormessage when download size exceeds max (volflag=zipmaxt)")
+    ap2.add_argument("--zipmaxu", action="store_true", help="authenticated users bypass the zip size limit (volflag=zipmaxu)")
     ap2.add_argument("--zip-who", metavar="LVL", type=int, default=3, help="who can download as zip/tar? [\033[32m0\033[0m]=nobody, [\033[32m1\033[0m]=admins, [\033[32m2\033[0m]=authenticated-with-read-access, [\033[32m3\033[0m]=everyone-with-read-access (volflag=zip_who)\n\033[1;31mWARNING:\033[0m if a nested volume has a more restrictive value than a parent volume, then this will be \033[33mignored\033[0m if the download is initiated from the parent, more lenient volume")
     ap2.add_argument("--no-zip", action="store_true", help="disable download as zip/tar; same as \033[33m--zip-who=0\033[0m")
     ap2.add_argument("--no-tarcmp", action="store_true", help="disable download as compressed tar (?tar=gz, ?tar=bz2, ?tar=xz, ?tar=gz:9, ...)")
@@ -1544,9 +1519,9 @@ def run_argparse(
 
     cert_path = os.path.join(E.cfg, "cert.pem")
 
-    fk_salt = get_fk_salt()
-    dk_salt = get_dk_salt()
-    ah_salt = get_ah_salt()
+    fk_salt = get_salt("fk", 18)
+    dk_salt = get_salt("dk", 30)
+    ah_salt = get_salt("ah", 18)
 
     # alpine peaks at 5 threads for some reason,
     # all others scale past that (but try to avoid SMT),

{copyparty-1.16.15 → copyparty-1.16.17}/copyparty/__version__.py

@@ -1,8 +1,8 @@
 # coding: utf-8
 
-VERSION = (1, 16, 15)
+VERSION = (1, 16, 17)
 CODENAME = "COPYparty"
-BUILD_DT = (2025, 2, 25)
+BUILD_DT = (2025, 3, 16)
 
 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)

{copyparty-1.16.15 → copyparty-1.16.17}/copyparty/authsrv.py

@@ -33,6 +33,7 @@ from .util import (
     get_df,
     humansize,
     odfusion,
+    read_utf8,
     relchk,
     statdir,
     ub64enc,
@@ -64,6 +65,8 @@ SSEELOG = " ({})".format(SEE_LOG)
 BAD_CFG = "invalid config; {}".format(SEE_LOG)
 SBADCFG = " ({})".format(BAD_CFG)
 
+PTN_U_GRP = re.compile(r"\$\{u%([+-])([^}]+)\}")
+
 
 class CfgEx(Exception):
     pass
@@ -335,22 +338,26 @@ class VFS(object):
         log ,
         realpath ,
         vpath ,
+        vpath0 ,
         axs ,
         flags  ,
     )  :
         self.log = log
         self.realpath = realpath  # absolute path on host filesystem
         self.vpath = vpath  # absolute path in the virtual filesystem
+        self.vpath0 = vpath0  # original vpath (before idp expansion)
         self.axs = axs
         self.flags = flags  # config options
         self.root = self
         self.dev = 0  # st_dev
+        self.badcfg1 = False
         self.nodes   = {}  # child nodes
         self.histtab   = {}  # all realpath->histpath
         self.dbv  = None  # closest full/non-jump parent
         self.lim  = None  # upload limits; only set for dbv
         self.shr_src   = None  # source vfs+rem of a share
         self.shr_files  = set()  # filenames to include from shr_src
+        self.shr_owner  = ""  # uname
         self.aread   = {}
         self.awrite   = {}
         self.amove   = {}
@@ -368,7 +375,7 @@ class VFS(object):
             vp = vpath + ("/" if vpath else "")
             self.histpath = os.path.join(realpath, ".hist")  # db / thumbcache
             self.all_vols = {vpath: self}  # flattened recursive
-            self.all_nodes = {vpath: self}  # also jumpvols
+            self.all_nodes = {vpath: self}  # also jumpvols/shares
             self.all_aps = [(rp, self)]
             self.all_vps = [(vp, self)]
         else:
@@ -408,7 +415,7 @@ class VFS(object):
         for v in self.nodes.values():
             v.get_all_vols(vols, nodes, aps, vps)
 
-    def add(self, src , dst )  :
+    def add(self, src , dst , dst0 )  :
         """get existing, or add new path to the vfs"""
         assert src == "/" or not src.endswith("/")  # nosec
         assert not dst.endswith("/")  # nosec
@@ -416,20 +423,22 @@ class VFS(object):
         if "/" in dst:
             # requires breadth-first population (permissions trickle down)
             name, dst = dst.split("/", 1)
+            name0, dst0 = dst0.split("/", 1)
             if name in self.nodes:
                 # exists; do not manipulate permissions
-                return self.nodes[name].add(src, dst)
+                return self.nodes[name].add(src, dst, dst0)
 
             vn = VFS(
                 self.log,
                 os.path.join(self.realpath, name) if self.realpath else "",
                 "{}/{}".format(self.vpath, name).lstrip("/"),
+                "{}/{}".format(self.vpath0, name0).lstrip("/"),
                 self.axs,
                 self._copy_flags(name),
             )
             vn.dbv = self.dbv or self
             self.nodes[name] = vn
-            return vn.add(src, dst)
+            return vn.add(src, dst, dst0)
 
         if dst in self.nodes:
             # leaf exists; return as-is
@@ -437,7 +446,8 @@ class VFS(object):
 
         # leaf does not exist; create and keep permissions blank
         vp = "{}/{}".format(self.vpath, dst).lstrip("/")
-        vn = VFS(self.log, src, vp, AXS(), {})
+        vp0 = "{}/{}".format(self.vpath0, dst0).lstrip("/")
+        vn = VFS(self.log, src, vp, vp0, AXS(), {})
         vn.dbv = self.dbv or self
         self.nodes[dst] = vn
         return vn
@@ -854,7 +864,7 @@ class AuthSrv(object):
         self.indent = ""
 
         # fwd-decl
-        self.vfs = VFS(log_func, "", "", AXS(), {})
+        self.vfs = VFS(log_func, "", "", "", AXS(), {})
         self.acct   = {}  # uname->pw
         self.iacct   = {}  # pw->uname
         self.ases   = {}  # uname->session
@@ -922,7 +932,7 @@ class AuthSrv(object):
         self,
         src ,
         dst ,
-        mount  ,
+        mount   ,
         daxs  ,
         mflags   ,
         un_gns  ,
@@ -938,12 +948,24 @@ class AuthSrv(object):
             un_gn = [("", "")]
 
         for un, gn in un_gn:
+            m = PTN_U_GRP.search(dst0)
+            if m:
+                req, gnc = m.groups()
+                hit = gnc in (un_gns.get(un) or [])
+                if req == "+":
+                    if not hit:
+                        continue
+                elif hit:
+                    continue
+
             # if ap/vp has a user/group placeholder, make sure to keep
             # track so the same user/group is mapped when setting perms;
             # otherwise clear un/gn to indicate it's a regular volume
 
             src1 = src0.replace("${u}", un or "\n")
             dst1 = dst0.replace("${u}", un or "\n")
+            src1 = PTN_U_GRP.sub(un or "\n", src1)
+            dst1 = PTN_U_GRP.sub(un or "\n", dst1)
             if src0 == src1 and dst0 == dst1:
                 un = ""
 
@@ -960,7 +982,7 @@ class AuthSrv(object):
                 continue
             visited.add(label)
 
-            src, dst = self._map_volume(src, dst, mount, daxs, mflags)
+            src, dst = self._map_volume(src, dst, dst0, mount, daxs, mflags)
             if src:
                 ret.append((src, dst, un, gn))
                 if un or gn:
@@ -972,7 +994,8 @@ class AuthSrv(object):
         self,
         src ,
         dst ,
-        mount  ,
+        dst0 ,
+        mount   ,
         daxs  ,
         mflags   ,
     )   :
@@ -982,13 +1005,13 @@ class AuthSrv(object):
 
         if dst in mount:
             t = "multiple filesystem-paths mounted at [/{}]:\n  [{}]\n  [{}]"
-            self.log(t.format(dst, mount[dst], src), c=1)
+            self.log(t.format(dst, mount[dst][0], src), c=1)
             raise Exception(BAD_CFG)
 
         if src in mount.values():
             t = "filesystem-path [{}] mounted in multiple locations:"
             t = t.format(src)
-            for v in [k for k, v in mount.items() if v == src] + [dst]:
+            for v in [k for k, v in mount.items() if v[0] == src] + [dst]:
                 t += "\n  /{}".format(v)
 
             self.log(t, c=3)
@@ -997,7 +1020,7 @@ class AuthSrv(object):
         if not bos.path.isdir(src):
             self.log("warning: filesystem-path does not exist: {}".format(src), 3)
 
-        mount[dst] = src
+        mount[dst] = (src, dst0)
         daxs[dst] = AXS()
         mflags[dst] = {}
         return (src, dst)
@@ -1058,7 +1081,7 @@ class AuthSrv(object):
         grps  ,
         daxs  ,
         mflags   ,
-        mount  ,
+        mount   ,
     )  :
         self.line_ctr = 0
 
@@ -1083,7 +1106,7 @@ class AuthSrv(object):
         grps  ,
         daxs  ,
         mflags   ,
-        mount  ,
+        mount   ,
         npass ,
     )  :
         self.line_ctr = 0
@@ -1442,8 +1465,8 @@ class AuthSrv(object):
         acct   = {}  # username:password
         grps   = {}  # groupname:usernames
         daxs   = {}
-        mflags    = {}  # moutpoint:flags
-        mount   = {}  # dst:src (mountpoint:realpath)
+        mflags    = {}  # vpath:flags
+        mount    = {}  # dst:src (vp:(ap,vp0))
 
         self.idp_vols = {}  # yolo
 
@@ -1522,8 +1545,8 @@ class AuthSrv(object):
         # case-insensitive; normalize
         if WINDOWS:
             cased = {}
-            for k, v in mount.items():
-                cased[k] = absreal(v)
+            for vp, (ap, vp0) in mount.items():
+                cased[vp] = (absreal(ap), vp0)
 
             mount = cased
 
@@ -1538,25 +1561,28 @@ class AuthSrv(object):
                 t = "Read-access has been disabled due to failsafe: No volumes were defined by the config-file. This failsafe is to prevent unintended access if this is due to accidental loss of config. You can override this safeguard and allow read/write to the working-directory by adding the following arguments:  -v .::rw"
                 self.log(t, 1)
                 axs = AXS()
-            vfs = VFS(self.log_func, absreal("."), "", axs, {})
+            vfs = VFS(self.log_func, absreal("."), "", "", axs, {})
+            if not axs.uread:
+                vfs.badcfg1 = True
         elif "" not in mount:
             # there's volumes but no root; make root inaccessible
             zsd = {"d2d": True, "tcolor": self.args.tcolor}
-            vfs = VFS(self.log_func, "", "", AXS(), zsd)
+            vfs = VFS(self.log_func, "", "", "", AXS(), zsd)
 
         maxdepth = 0
         for dst in sorted(mount.keys(), key=lambda x: (x.count("/"), len(x))):
             depth = dst.count("/")
             assert maxdepth <= depth  # nosec
             maxdepth = depth
+            src, dst0 = mount[dst]
 
             if dst == "":
                 # rootfs was mapped; fully replaces the default CWD vfs
-                vfs = VFS(self.log_func, mount[dst], dst, daxs[dst], mflags[dst])
+                vfs = VFS(self.log_func, src, dst, dst0, daxs[dst], mflags[dst])
                 continue
 
             assert vfs  # type: ignore
-            zv = vfs.add(mount[dst], dst)
+            zv = vfs.add(src, dst, dst0)
             zv.axs = daxs[dst]
             zv.flags = mflags[dst]
             zv.dbv = None
@@ -1577,12 +1603,8 @@ class AuthSrv(object):
         for vol in vfs.all_vols.values():
             unknown_flags = set()
             for k, v in vol.flags.items():
-                stripped = k.lstrip("-")
-                if k != stripped and stripped not in vol.flags:
-                    t = "WARNING: the config for volume [/%s] tried to remove volflag [%s] by specifying [%s] but that volflag was not already set"
-                    self.log(t % (vol.vpath, stripped, k), 3)
-                k = stripped
-                if k not in flagdescs and k not in k_ign:
+                ks = k.lstrip("-")
+                if ks not in flagdescs and ks not in k_ign:
                     unknown_flags.add(k)
             if unknown_flags:
                 t = "WARNING: the config for volume [/%s] has unrecognized volflags; will ignore: '%s'"
@@ -1594,7 +1616,8 @@ class AuthSrv(object):
         if enshare:
             import sqlite3
 
-            shv = VFS(self.log_func, "", shr, AXS(), {})
+            zsd = {"d2d": True, "tcolor": self.args.tcolor}
+            shv = VFS(self.log_func, "", shr, shr, AXS(), zsd)
 
             db_path = self.args.shr_db
             db = sqlite3.connect(db_path)
@@ -1628,9 +1651,8 @@ class AuthSrv(object):
 
                 # don't know the abspath yet + wanna ensure the user
                 # still has the privs they granted, so nullmap it
-                shv.nodes[s_k] = VFS(
-                    self.log_func, "", "%s/%s" % (shr, s_k), s_axs, shv.flags.copy()
-                )
+                vp = "%s/%s" % (shr, s_k)
+                shv.nodes[s_k] = VFS(self.log_func, "", vp, vp, s_axs, shv.flags.copy())
 
             vfs.nodes[shr] = vfs.all_vols[shr] = shv
             for vol in shv.nodes.values():
@@ -1791,6 +1813,24 @@ class AuthSrv(object):
             rhisttab[histp] = zv
             vfs.histtab[zv.realpath] = histp
 
+        for vol in vfs.all_vols.values():
+            use = False
+            for k in ["zipmaxn", "zipmaxs"]:
+                try:
+                    zs = vol.flags[k]
+                except:
+                    zs = getattr(self.args, k)
+                if zs in ("", "0"):
+                    vol.flags[k] = 0
+                    continue
+
+                zf = unhumanize(zs)
+                vol.flags[k + "_v"] = zf
+                if zf:
+                    use = True
+            if use:
+                vol.flags["zipmax"] = True
+
         for vol in vfs.all_vols.values():
             lim = Lim(self.log_func)
             use = False
@@ -2174,8 +2214,13 @@ class AuthSrv(object):
         for vol in vfs.all_nodes.values():
             for k in list(vol.flags.keys()):
                 if re.match("^-[^-]+$", k):
-                    vol.flags.pop(k[1:], None)
                     vol.flags.pop(k)
+                    zs = k[1:]
+                    if zs in vol.flags:
+                        vol.flags.pop(k[1:])
+                    else:
+                        t = "WARNING: the config for volume [/%s] tried to remove volflag [%s] by specifying [%s] but that volflag was not already set"
+                        self.log(t % (vol.vpath, zs, k), 3)
 
             if vol.flags.get("dots"):
                 for name in vol.axs.uread:
@@ -2268,22 +2313,56 @@ class AuthSrv(object):
         except Pebkac:
             self.warn_anonwrite = True
 
-        idp_err = "WARNING! The following IdP volumes are mounted directly below another volume where anonymous users can read and/or write files. This is a SECURITY HAZARD!! When copyparty is restarted, it will not know about these IdP volumes yet. These volumes will then be accessible by anonymous users UNTIL one of the users associated with their volume sends a request to the server. RECOMMENDATION: You should create a restricted volume where nobody can read/write files, and make sure that all IdP volumes are configured to appear somewhere below that volume."
+        self.idp_warn = []
+        self.idp_err = []
         for idp_vp in self.idp_vols:
-            parent_vp = vsplit(idp_vp)[0]
-            vn, _ = vfs.get(parent_vp, "*", False, False)
-            zs = (
-                "READABLE"
-                if "*" in vn.axs.uread
-                else "WRITABLE"
-                if "*" in vn.axs.uwrite
-                else ""
-            )
-            if zs:
-                t = '\nWARNING: Volume "/%s" appears below "/%s" and would be WORLD-%s'
-                idp_err += t % (idp_vp, vn.vpath, zs)
-        if "\n" in idp_err:
-            self.log(idp_err, 1)
+            idp_vn, _ = vfs.get(idp_vp, "*", False, False)
+            idp_vp0 = idp_vn.vpath0
+
+            sigils = set(re.findall(r"(\${[ug][}%])", idp_vp0))
+            if len(sigils) > 1:
+                t = '\nWARNING: IdP-volume "/%s" created by "/%s" has multiple IdP placeholders: %s'
+                self.idp_warn.append(t % (idp_vp, idp_vp0, list(sigils)))
+                continue
+
+            sigil = sigils.pop()
+            par_vp = idp_vp
+            while par_vp:
+                par_vp = vsplit(par_vp)[0]
+                par_vn, _ = vfs.get(par_vp, "*", False, False)
+                if sigil in par_vn.vpath0:
+                    continue  # parent was spawned for and by same user
+
+                oth_read = []
+                oth_write = []
+                for usr in par_vn.axs.uread:
+                    if usr not in idp_vn.axs.uread:
+                        oth_read.append(usr)
+                for usr in par_vn.axs.uwrite:
+                    if usr not in idp_vn.axs.uwrite:
+                        oth_write.append(usr)
+
+                if "*" in oth_read:
+                    taxs = "WORLD-READABLE"
+                elif "*" in oth_write:
+                    taxs = "WORLD-WRITABLE"
+                elif oth_read:
+                    taxs = "READABLE BY %r" % (oth_read,)
+                elif oth_write:
+                    taxs = "WRITABLE BY %r" % (oth_write,)
+                else:
+                    break  # no sigil; not idp; safe to stop
+
+                t = '\nWARNING: IdP-volume "/%s" created by "/%s" has parent/grandparent "/%s" and would be %s'
+                self.idp_err.append(t % (idp_vp, idp_vp0, par_vn.vpath, taxs))
+
+        if self.idp_warn:
+            t = "WARNING! Some IdP volumes include multiple IdP placeholders; this is too complex to automatically determine if safe or not. To ensure that no users gain unintended access, please use only a single placeholder for each IdP volume."
+            self.log(t + "".join(self.idp_warn), 1)
+
+        if self.idp_err:
+            t = "WARNING! The following IdP volumes are mounted below another volume where other users can read and/or write files. This is a SECURITY HAZARD!! When copyparty is restarted, it will not know about these IdP volumes yet. These volumes will then be accessible by an unexpected set of permissions UNTIL one of the users associated with their volume sends a request to the server. RECOMMENDATION: You should create a restricted volume where nobody can read/write files, and make sure that all IdP volumes are configured to appear somewhere below that volume."
+            self.log(t + "".join(self.idp_err), 1)
 
         self.vfs = vfs
         self.acct = acct
@@ -2318,11 +2397,6 @@ class AuthSrv(object):
                 for x, y in vfs.all_vols.items()
                 if x != shr and not x.startswith(shrs)
             }
-            vfs.all_nodes = {
-                x: y
-                for x, y in vfs.all_nodes.items()
-                if x != shr and not x.startswith(shrs)
-            }
 
             assert db and cur and cur2 and shv  # type: ignore
             for row in cur.execute("select * from sh"):
@@ -2352,6 +2426,7 @@ class AuthSrv(object):
                 else:
                     shn.ls = shn._ls
 
+                shn.shr_owner = s_un
                 shn.shr_src = (s_vfs, s_rem)
                 shn.realpath = s_vfs.canonical(s_rem)
 
@@ -2369,7 +2444,7 @@ class AuthSrv(object):
                     continue  # also fine
                 for zs in svn.nodes.keys():
                     # hide subvolume
-                    vn.nodes[zs] = VFS(self.log_func, "", "", AXS(), {})
+                    vn.nodes[zs] = VFS(self.log_func, "", "", "", AXS(), {})
 
             cur2.close()
             cur.close()
@@ -2377,7 +2452,9 @@ class AuthSrv(object):
 
         self.js_ls = {}
         self.js_htm = {}
-        for vn in self.vfs.all_nodes.values():
+        for vp, vn in self.vfs.all_nodes.items():
+            if enshare and vp.startswith(shrs):
+                continue  # propagates later in this func
             vf = vn.flags
             vn.js_ls = {
                 "idx": "e2d" in vf,
@@ -2434,8 +2511,12 @@ class AuthSrv(object):
 
         vols = list(vfs.all_nodes.values())
         if enshare:
-            vols.append(shv)
-            vols.extend(list(shv.nodes.values()))
+            for vol in shv.nodes.values():
+                if vol.vpath not in vfs.all_nodes:
+                    self.log("BUG: /%s not in all_nodes" % (vol.vpath,), 1)
+                    vols.append(vol)
+            if shr in vfs.all_nodes:
+                self.log("BUG: %s found in all_nodes" % (shr,), 1)
 
         for vol in vols:
             dbv = vol.get_dbv("")[0]
@@ -2538,8 +2619,8 @@ class AuthSrv(object):
             if not bos.path.exists(ap):
                 pwdb = {}
             else:
-                with open(ap, "r", encoding="utf-8") as f:
-                    pwdb = json.load(f)
+                jtxt = read_utf8(self.log, ap, True)
+                pwdb = json.loads(jtxt)
 
             pwdb = [x for x in pwdb if x[0] != uname]
             pwdb.append((uname, self.defpw[uname], hpw))
@@ -2562,8 +2643,8 @@ class AuthSrv(object):
         if not self.args.chpw or not bos.path.exists(ap):
             return
 
-        with open(ap, "r", encoding="utf-8") as f:
-            pwdb = json.load(f)
+        jtxt = read_utf8(self.log, ap, True)
+        pwdb = json.loads(jtxt)
 
         useen = set()
         urst = set()
@@ -3059,8 +3140,9 @@ def expand_config_file(
     ipath += " -> " + fp
     ret.append("#\033[36m opening cfg file{}\033[0m".format(ipath))
 
-    with open(fp, "rb") as f:
-        for oln in [x.decode("utf-8").rstrip() for x in f]:
+    cfg_lines = read_utf8(log, fp, True).split("\n")
+    if True:  # diff-golf
+        for oln in [x.rstrip() for x in cfg_lines]:
             ln = oln.split("  #")[0].strip()
             if ln.startswith("% "):
                 pad = " " * len(oln.split("%")[0])