Console has to be executed with the user that owns the file config/config.php

mohsenasm commented 6 years ago

I use this playbook.yml

---
- hosts: localhost
  roles:
   - role: aalaesar.install_nextcloud
     nextcloud_version_channel: "releases"
     nextcloud_get_latest: true
     nextcloud_websrv: "apache2"
     nextcloud_admin_name: "admin"
     nextcloud_admin_pwd: "password"
     nextcloud_webroot: "/opt/nextcloud"
     nextcloud_install_redis_server: true
     nextcloud_install_db: true
     nextcloud_db_backend: "mysql"
     nextcloud_db_name: "nextcloud"
     nextcloud_db_admin: "ncadmin"
     nextcloud_db_pwd: "secret"

then with this command sudo ansible-playbook playbook.yml, I have this error:

TASK [aalaesar.install_nextcloud : [NC apps] - lists the number of apps available in the instance.] **************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": ["php", "occ", "app:list", "--output=json_pretty", "--no-warnings"], "delta": "0:00:00.114899", "end": "2018-05-16 04:37:10.269491", "msg": "non-zero return code", "rc": 1, "start": "2018-05-16 04:37:10.154592", "stderr": "", "stderr_lines": [], "stdout": "Console has to be executed with the user that owns the file config/config.php\nCurrent user: root\nOwner of config.php: www-data\nTry adding 'sudo -u www-data ' to the beginning of the command (without the single quotes)", "stdout_lines": ["Console has to be executed with the user that owns the file config/config.php", "Current user: root", "Owner of config.php: www-data", "Try adding 'sudo -u www-data ' to the beginning of the command (without the single quotes)"]}

My OS Version:

Distributor ID: Debian
Description:    Debian GNU/Linux 9.3 (stretch)
Release:    9.3
Codename:   stretch

Full log if needed:

 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [localhost] *************************************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : controls nextcloud_trusted_domain type] ***************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [ENV] - ca-certificate are up to date] ****************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [ENV] - Load environment for OS using php 5] **********************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [ENV] - Load environment for OS using php 7.0] ********************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [ENV] - Debian only : checking sudo.] *****************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [ENV] - rolling back to su.] **************************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC] - Adding ACL on trusty.] *************************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : set_fact] *********************************************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : set_fact] *********************************************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : set_fact] *********************************************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : set_fact] *********************************************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : set_fact] *********************************************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [SIGNED TLS] - Certificate is on the host] ************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [SIGNED TLS] - Key is on the host] ********************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [SIGNED TLS] - check TLS certificate permissions] *****************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [SIGNED TLS] - check TLS key permissions] *************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : set_fact] *********************************************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : set_fact] *********************************************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [selfsigned TLS] - create self-signed SSL cert] *******************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [selfsigned TLS] - check TLS certificate permissions] *************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [selfsigned TLS] - check TLS key permissions] *********************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [NGINX] -  Required and recommended packages are installed.] ******************************************************************************************
skipping: [localhost] => (item=nginx) 
skipping: [localhost] => (item=smbclient) 
skipping: [localhost] => (item=php7.0-fpm) 
skipping: [localhost] => (item=php7.0-gd) 
skipping: [localhost] => (item=php7.0-ldap) 
skipping: [localhost] => (item=php7.0-imap) 
skipping: [localhost] => (item=php7.0-json) 
skipping: [localhost] => (item=php7.0-curl) 
skipping: [localhost] => (item=php7.0-intl) 
skipping: [localhost] => (item=php7.0-mcrypt) 

TASK [aalaesar.install_nextcloud : [NGINX] -  Some other packages are installed.] ********************************************************************************************************
skipping: [localhost] => (item=php-imap) 
skipping: [localhost] => (item=php-imagick) 
skipping: [localhost] => (item=php7.0-xml) 
skipping: [localhost] => (item=php7.0-zip) 
skipping: [localhost] => (item=php7.0-mbstring) 

TASK [aalaesar.install_nextcloud : [NGINX] -  APCu is installed.] ************************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NGINX] -  Configure trusty backports.] ***************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NGINX] -  Install APCu from backports.] **************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NGINX] -  remove some commented line in php-fpm conf] ************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NGINX] -  Add path variable to php-fpm] **************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NGINX] -  enable APC for php CLI] ********************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NGINX] -  Public Diffie-Hellman Parameter are generated. This might take a while.] *******************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NGINX] -  php handler configuration is present.] *****************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NGINX] -  php handler is enabled] ********************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NGINX] -  generate Nextcloud configuration for nginx] ************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NGINX] -  Enable Nextcloud in nginx conf] ************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [APACHE] -  Required and recommended packages are installed.] *****************************************************************************************
ok: [localhost] => (item=apache2)
ok: [localhost] => (item=smbclient)
ok: [localhost] => (item=libapache2-mod-php7.0)
ok: [localhost] => (item=php7.0-ldap)
ok: [localhost] => (item=php7.0-imap)
ok: [localhost] => (item=php7.0-gd)
ok: [localhost] => (item=php7.0-json)
ok: [localhost] => (item=php7.0-curl)
ok: [localhost] => (item=php7.0-intl)
ok: [localhost] => (item=php7.0-mcrypt)

TASK [aalaesar.install_nextcloud : [APACHE] -  Some other packages are installed.] *******************************************************************************************************
ok: [localhost] => (item=php-imap)
ok: [localhost] => (item=php-imagick)
ok: [localhost] => (item=php7.0-xml)
ok: [localhost] => (item=php7.0-zip)
ok: [localhost] => (item=php7.0-mbstring)

TASK [aalaesar.install_nextcloud : [APACHE] -  APCu is installed.] ***********************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [APACHE] -  Configure trusty backports.] **************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [APACHE] -  Install APCu from backports.] *************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [APACHE] -  enable APC for php CLI] *******************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [APACHE] -  Required Apache2 modules are enabled] *****************************************************************************************************
ok: [localhost] => (item=ssl)
ok: [localhost] => (item=rewrite)
ok: [localhost] => (item=headers)
ok: [localhost] => (item=env)
ok: [localhost] => (item=dir)
ok: [localhost] => (item=mime)

TASK [aalaesar.install_nextcloud : [APACHE] -  generate Nextcloud configuration for apache] **********************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [APACHE] -  Enable Nextcloud site in apache conf] *****************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [mySQL] - Service is installed.] **********************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [mySQL] - PHP module is installed.] *******************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [mySQL] - the python module mysqldb is present] *******************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [mySQL] - generate mysql root Password:] **************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [mySQL] - Update mysql root password] *****************************************************************************************************************
skipping: [localhost] => (item=127.0.0.1) 
skipping: [localhost] => (item=::1) 
skipping: [localhost] => (item=localhost) 

TASK [aalaesar.install_nextcloud : [mySQL] - Delete the anonymous user.] *****************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [mySQL] - Removes the MySQL test database] ************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [mySQL] - Check credentials] **************************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [mySQL] - Make the file .my.cnf] **********************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [mySQL] - Add content to .my.cnf] *********************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [mySQL] - Fix mysql binary logging for nextcloud] *****************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [mySQL] - Generate database user Password.] ***********************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [mySQL] - Add Database nextcloud.] ********************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [mySQL] - Configure the database user.] ***************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [PostgreSQL] - PostgreSQL packages are installed] *****************************************************************************************************
skipping: [localhost] => (item=postgresql) 
skipping: [localhost] => (item=php7.0-pgsql) 
skipping: [localhost] => (item=python-psycopg2) 

TASK [aalaesar.install_nextcloud : [PostgreSQL] - generate nextcloud role password.] *****************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [PostgreSQL] - nextcloud role is created.] ************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [PostgreSQL] - nextcloud database is created.] ********************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : Check Nextcloud installed] ****************************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [NC-DL] - Unzip is installed] *************************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC-DL] - bunzip2 is installed] ***********************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC-DL] - Create the download link for *latest*.] *****************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC-DL] - Create the download link.] ******************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : Download & extract Nextcloud to /tmp.] ****************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC-DL] - Move extracted files to /opt/nextcloud.] ****************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC-DL] - Remove nextcloud archive files] *************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : Check Nextcloud configuration exists.] ****************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : Check Nextcloud is configured] ************************************************************************************************************************
ok: [localhost]

TASK [aalaesar.install_nextcloud : [Fix su] - Save current shell for www-data.] **********************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [Fix su] - Temporary change www-data shell.] **********************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC] - Setting directory ownership & permissions for the data folder] *********************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC] - generate admin password:] **********************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC] - Set temporary permissions for command line installation.] **************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : set_fact] *********************************************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : set_fact] *********************************************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC] - removing possibly old or incomplete config.php] ************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC] - Run occ installation command] ******************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC] - Verify config.php - check filesize] ************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC] - Verify config.php - php syntax check] **********************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC] - Add trusted domain in config.php] **************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC] - Add trusted domains in config.php] *************************************************************************************************************
skipping: [localhost] => (item=(0, u'192.168.0.182')) 

TASK [aalaesar.install_nextcloud : [NC] - Add local cache and urandom in config.php] *****************************************************************************************************
skipping: [localhost] => (item=  'memcache.local' => '\OC\Memcache\APCu',) 
skipping: [localhost] => (item=  'open_basedir' => '/dev/urandom') 

TASK [aalaesar.install_nextcloud : [NC] - Ensure Nextcloud directories are 0750] *********************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC] - Ensure Nextcloud files are 0640] ***************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC] - Setting stronger directory ownership] **********************************************************************************************************
skipping: [localhost] => (item=apps) 
skipping: [localhost] => (item=assets) 
skipping: [localhost] => (item=config) 
skipping: [localhost] => (item=themes) 
skipping: [localhost] => (item=updater) 

TASK [aalaesar.install_nextcloud : [NC] - Give back execution permission to occ] *********************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [NC apps] - lists the number of apps available in the instance.] **************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": ["php", "occ", "app:list", "--output=json_pretty", "--no-warnings"], "delta": "0:00:00.114899", "end": "2018-05-16 04:37:10.269491", "msg": "non-zero return code", "rc": 1, "start": "2018-05-16 04:37:10.154592", "stderr": "", "stderr_lines": [], "stdout": "Console has to be executed with the user that owns the file config/config.php\nCurrent user: root\nOwner of config.php: www-data\nTry adding 'sudo -u www-data ' to the beginning of the command (without the single quotes)", "stdout_lines": ["Console has to be executed with the user that owns the file config/config.php", "Current user: root", "Owner of config.php: www-data", "Try adding 'sudo -u www-data ' to the beginning of the command (without the single quotes)"]}

TASK [aalaesar.install_nextcloud : [Unfix su] - Check current shell for www-data.] *******************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : [Unfix su] - Restore www-data shell.] *****************************************************************************************************************
skipping: [localhost]

TASK [aalaesar.install_nextcloud : fail] *************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "An error Occured during Apps installation."}
    to retry, use: --limit @/home/mohsen/nextcloud/playbook.retry

PLAY RECAP *******************************************************************************************************************************************************************************
localhost                  : ok=26   changed=0    unreachable=0    failed=2

aalaesar commented 6 years ago

Hi. Thank you for the feed back.

this is a odd error. Apparently your nextcloud instance is already installed so the roles has already passed various occ commands for setup. yet it fails on this task : https://github.com/aalaesar/install_nextcloud/blob/master/tasks/main.yml#L67 most of the "occ" tasks are build the same, with the become_user: "{{ nextcloud_websrv_user }}" directive.

somehow ansible didn't or failed to switch to the www-data user.

can you tel me more about your environment: what version of ansible is used ? do the system has sudo installed ? (if yes , can you switch to www-data with sudo -su www-data ?) what's the default shell for www-data ?

you can get more verbose output and get directly to the failing task with --tags install_aps -vvv to see what's appening.

Regards, Aal.

mohsenasm commented 6 years ago

Hi

Thanks for your response, But I installed nextcloud itself after that error.

what version of ansible is used?

$ ansible --version
ansible 2.5.2
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/mohsen/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.13 (default, Nov 24 2017, 17:33:09) [GCC 6.3.0 20170516]

Do the system has sudo installed? Yes

$ sudo -su www-data
www-data@server:/home/user$

what's the default shell for www-data? Bash

$ echo $0
/bin/bash

aalaesar commented 6 years ago

OK thank you for your answers. I'm not sure what prevented Ansible to run occ as ww-data for this task

Thanks for your response, But I installed nextcloud itself after that error.

Not sure I understand properly: you tried to install nextcloud and the role failed first but when running it again (for logs) make it looks like it is installed already. So you tried another way.

Regards.

nono-lqdn commented 1 year ago

Hello,

I'm having the same issue @aalaesar ;


TASK [nextcloud.admin.install_nextcloud : Check Nextcloud is configured] *******
ok: [molecule-local-instance-0]

TASK [nextcloud.admin.install_nextcloud : Nextcloud installation] **************
skipping: [molecule-local-instance-0]

TASK [nextcloud.admin.install_nextcloud : [NC apps] - lists the number of apps available in the instance.] ***
fatal: [molecule-local-instance-0]: FAILED! => changed=false 
  cmd:
  - php
  - occ
  - app:list
  - --output=json_pretty
  - --no-warnings
  delta: '0:00:00.308773'
  end: '2023-05-22 15:21:35.909991'
  msg: non-zero return code
  rc: 1
  start: '2023-05-22 15:21:35.601218'
  stderr: ''
  stderr_lines: <omitted>
  stdout: |-
    Console has to be executed with the user that owns the file config/config.php
    Current user id: 0
    Owner id of config.php: 33
    Try adding 'sudo -u #33' to the beginning of the command (without the single quotes)
    If running with 'docker exec' try adding the option '-u 33' to the docker command (without the single quotes)
  stdout_lines: <omitted>

PLAY RECAP *********************************************************************
molecule-local-instance-0  : ok=158  changed=27   unreachable=0    failed=1    skipped=62   rescued=0    ignored=0

It's weird because the variables used are the ones by default.

» ansible --version                                
ansible [core 2.14.4]
  config file = /home/x/Documents/Sysadmin/piops/ansible.cfg
  configured module search path = ['/home/x/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  ansible collection location = /home/x/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.10 (main, Mar  5 2023, 22:26:53) [GCC 12.2.1 20230201] (/usr/bin/python)
  jinja version = 3.1.2
  libyaml = True


# echo $0
bash

The system does have sudo installed.

From what I understand, I'm connecting in the context of a Molecule test, with Vagrant as the user. It might make it difficult or buggy to become another user. So I've tried to run with the verbose options and see what happens.

nono-lqdn commented 1 year ago

I did set the become user as root by default in the vars for the connection, so this might break the installation of apps.

test:
  hosts:
    molecule-local-instance-0:
  vars:
    ansible_user: root
    ansible_become: true
    ansible_become_user: root

The issue is that I cannot remove this, as it breaks other roles, namely the ones that install PHP versions ( or any role that uses APT ).

nono-lqdn commented 1 year ago

I'm still facing this issue. It's weird because the rest of the install works fine.

nono-lqdn commented 1 year ago

From what I understand, it's a dead end in my case because Privilege escalation must be general. Thus, I become root, after what I cannot become the www-data user later in the play.

nono-lqdn commented 1 year ago

I fixed it by changing the way I become. Protip : don't become for a whole playbook.

breinhardt-dtec commented 2 months ago

@nono-lqdn I'm facing the same problem. First I wrote become in my playbook which resulted in the same error mentioned above. But without writing it in to my playbook I cannot use the role at all. It complains about not being able to install some packages with app (i.e. acl and ca-certificates, in tasks/setup_env.yml -->- name: setup_env | Update ca-certificate). So I added become: true to this specific task which also results in ansible complaining about not having the right permission to use apt. Where exactly did you use become?

nextcloud / ansible-collection-nextcloud-admin

Console has to be executed with the user that owns the file config/config.php #42