I have installed roundcube using the ubuntu 20.04 package (i.e apt install) rather than just downloading it. It seems to be working fine, so I decided to add the password plugin.
I chose to use "chpasswd" as the driver with a python wrapper that limits the UID and such. The python script attempts to run /usr/sbin/chpasswd-wrapper.py as user "www-data" for apache2.
In order to do that, I have added this to /etc/sudoers:
Defaults:www-data !requiretty
www-data ALL=(root) NOPASSWD: /usr/sbin/chpasswd-wrapper.py
... and it seems to be accepted:
$ sudo -l -U www-data
Matching Defaults entries for www-data on <machine>:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, !requiretty
User www-data may run the following commands on <machine>:
(root) NOPASSWD: /usr/sbin/chpasswd-wrapper.py
So far, so good. And I can run it using sudo -u www-data /usr/sbin/chpasswd-wrapper.py.
However, it will not run when invoked. In /etc/syslog, I get the error:
Mar 27 02:43:46 <machine> sudo: www-data : command not allowed ; TTY=unknown ; PWD=/usr/share/roundcube ; USER=www-data ; COMMAND=/usr/sbin/chpasswd-wrapper.py
In the /var/log/roundcube/errors.log file, I get:
[27-Mar-2021 02:43:46 +0100]: <fuu628ek> PHP Error: Password plugin: Unable to execute sudo /usr/sbin/chpasswd-wrapper.py 2> /tmp/rnd in /usr/share/roundcube/plugins/password/drivers/chpasswd.php on line 50 (POST /mail/?_task=settings&_action=plugin.password-save)
Here's the /etc/passwd entry for www-data
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
I get the same error if I attempt to execute chpasswd directly without the wrapper.
Any help would be appreciated.
Thanks,
billo