Author Topic: can't get apache to execute chpasswd for roundcube  (Read 81 times)

Offline billo

  • Newbie
  • *
  • Posts: 1
can't get apache to execute chpasswd for roundcube
« on: March 27, 2021, 08:08:11 AM »
I have installed roundcube using the ubuntu 20.04 package (i.e apt install) rather than just downloading it.  It seems to be working fine, so I decided to add the password plugin.

I chose to use  "chpasswd" as the driver with a python wrapper that limits the UID and such. The python script attempts to run /usr/sbin/ as user "www-data" for apache2.

In order to do that, I have added this to /etc/sudoers:

Defaults:www-data !requiretty

www-data ALL=(root) NOPASSWD: /usr/sbin/

... and it seems to be accepted:

$ sudo -l -U www-data

Matching Defaults entries for www-data on <machine>:

    env_reset, mail_badpass,

    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, !requiretty

User www-data may run the following commands on <machine>:

    (root) NOPASSWD: /usr/sbin/

So far, so good.  And I can run it using sudo -u www-data /usr/sbin/

However, it will not run when invoked.  In /etc/syslog, I get the error:

Mar 27 02:43:46 <machine> sudo: www-data : command not allowed ; TTY=unknown ; PWD=/usr/share/roundcube ; USER=www-data ; COMMAND=/usr/sbin/

In the /var/log/roundcube/errors.log file, I get:

[27-Mar-2021 02:43:46 +0100]: <fuu628ek> PHP Error: Password plugin: Unable to execute sudo /usr/sbin/ 2> /tmp/rnd in /usr/share/roundcube/plugins/password/drivers/chpasswd.php on line 50 (POST /mail/?_task=settings&_action=plugin.password-save)

Here's the /etc/passwd entry for www-data


I get the same error if I attempt to execute chpasswd directly without the wrapper.

Any help would be appreciated.