Ubuntu
roundcube package

roundcube tries to run cleandb.sh as unprivileged www-data user from cron

Bug #1896366 reported by Simon Arlott
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
roundcube (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

The roundcube-core package contains this cron job:
0 5 * * * www-data test -x /usr/share/roundcube/bin/cleandb.sh && /usr/share/roundcube/bin/cleandb.sh >/dev/null

The Roundcube packages do not install configuration files for any webserver so they should not presume that it will be possible to run a daily cron job as the unprivileged "www-data" user.

This user does not have access to the Roundcube configuration files and it definitely doesn't have access to the database.

This results in a daily email where the script tries to access the default mysql database because it can't read the custom config file:
PHP Fatal error: Uncaught Error: Undefined class constant 'MYSQL_ATTR_FOUND_ROWS' in /usr/share/roundcube/program/lib/Roundcube/rcube_db_mysql.php:144
Stack trace:
#0 /usr/share/roundcube/program/lib/Roundcube/rcube_db.php(153): rcube_db_mysql->dsn_options(Array)
#1 /usr/share/roundcube/program/lib/Roundcube/rcube_db.php(138): rcube_db->conn_create(Array)
#2 /usr/share/roundcube/program/lib/Roundcube/rcube_db.php(231): rcube_db->dsn_connect(Array, 'w')
#3 /usr/share/roundcube/program/include/rcmail_utils.php(47): rcube_db->db_connect('w')
#4 /usr/share/roundcube/program/include/rcmail_utils.php(271): rcmail_utils::db()
#5 /usr/share/roundcube/bin/cleandb.sh(31): rcmail_utils::db_clean(7)
#6 {main}
  thrown in /usr/share/roundcube/program/lib/Roundcube/rcube_db_mysql.php on line 144

The cron job needs to be removed or put in a separate package specifically for running Roundcube in a specific webserver environment where shared users like "www-data" are used.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: roundcube-core 1.3.6+dfsg.1-1
ProcVersionSignature: Ubuntu 4.15.0-117.118-generic 4.15.18
Uname: Linux 4.15.0-117-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.17
Architecture: amd64
Date: Sun Sep 20 08:46:16 2020
InstallationDate: Installed on 2016-03-31 (1633 days ago)
InstallationMedia: Ubuntu-Server 15.10 "Wily Werewolf" - Release amd64 (20151021)
PackageArchitecture: all
SourcePackage: roundcube
UpgradeStatus: Upgraded to bionic on 2020-09-19 (0 days ago)
modified.conffile..etc.roundcube.plugins.jqueryui.config.inc.php: [inaccessible: [Errno 13] Permission denied: '/etc/roundcube/plugins/jqueryui/config.inc.php']

Revision history for this message
Simon Arlott (sa.me.uk) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in roundcube (Ubuntu):
status: New → Confirmed
Revision history for this message
Kaleb Hornsby (kzh) wrote :

If I run the command with `sudo -u www-data` I am able to run it successfully. I believe the issue here is that the www-data user cannot log in via cron. Would an entry in /etc/security/access.conf allowing the www-data user to log in with cron work?

Revision history for this message
Simon Arlott (sa.me.uk) wrote :

The issue is not that the www-data user cannot login. The www-data user does not have access to any roundcube files or the roundcube database.

The issue is that the roundcube package must not assume any particular webserver configuration, including the existence of a www-data user.

Revision history for this message
Kaleb Hornsby (kzh) wrote :

I am curious, does `sudo sudo -u www-data /usr/share/roundcube/bin/cleandb.sh` work without permission errors for you?

I have the db owned by www-data

```
$ sudo ls -l /var/lib/dbconfig-common/sqlite3/roundcube
total 176
-rw-rw---- 1 www-data www-data 176128 May 6 12:34 roundcube
```

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.