[Bug]: Setting db password with `occ` does not work if you nextcloud does not have access to the db.

[stavros-k]

⚠️ This issue respects the following points: ⚠️

• [X] This is a bug, not a question or a configuration/webserver/proxy issue.
• [X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• [X] I agree to follow Nextcloud's Code of Conduct.

Bug description

Trying to update db password with

occ config:system:set dbpassword --value="some-secret"

throws

An unhandled exception has been thrown:
Doctrine\DBAL\Exception: Failed to connect to the database: An exception occurred in the driver: SQLSTATE[08006] [7] connection to server at "postgres" (192.168.192.2), port 5432 failed: FATAL:  password authentication failed for user "nextcloud" in /var/www/html/lib/private/DB/Connection.php:139
Stack trace:
#0 /var/www/html/3rdparty/doctrine/dbal/src/Connection.php(1654): OC\DB\Connection->connect()
#1 /var/www/html/3rdparty/doctrine/dbal/src/Connection.php(1081): Doctrine\DBAL\Connection->getWrappedConnection()
#2 /var/www/html/lib/private/DB/Connection.php(261): Doctrine\DBAL\Connection->executeQuery('SELECT * FROM "...', Array, Array, NULL)
#3 /var/www/html/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php(337): OC\DB\Connection->executeQuery('SELECT * FROM "...', Array, Array, NULL)
#4 /var/www/html/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php(377): Doctrine\DBAL\Query\QueryBuilder->executeQuery()
#5 /var/www/html/lib/private/DB/QueryBuilder/QueryBuilder.php(280): Doctrine\DBAL\Query\QueryBuilder->execute()
#6 /var/www/html/lib/private/AppConfig.php(421): OC\DB\QueryBuilder\QueryBuilder->execute()
#7 /var/www/html/lib/private/AppConfig.php(187): OC\AppConfig->loadConfigValues()
#8 /var/www/html/lib/private/AppConfig.php(377): OC\AppConfig->getApps()
#9 /var/www/html/lib/private/App/AppManager.php(128): OC\AppConfig->getValues(false, 'enabled')
#10 /var/www/html/lib/private/App/AppManager.php(149): OC\App\AppManager->getInstalledAppsValues()
#11 /var/www/html/lib/private/legacy/OC_App.php(231): OC\App\AppManager->getInstalledApps()
#12 /var/www/html/lib/private/AppFramework/Bootstrap/Coordinator.php(90): OC_App::getEnabledApps()
#13 /var/www/html/lib/base.php(700): OC\AppFramework\Bootstrap\Coordinator->runInitialRegistration()
#14 /var/www/html/lib/base.php(1200): OC::init()
#15 /var/www/html/console.php(48): require_once('/var/www/html/l...')
#16 /var/www/html/occ(11): require_once('/var/www/html/c...')
#17 {main}

Steps to reproduce

1. Setup an instance with postgres 2 .occ config:system:set dbpassword --value="incorrect"
2. occ config:system:set dbpassword --value="correct"
3. Observe the trace

Expected behavior

The password to update

Installation method

Community Docker image

Nextcloud Server version

28

Operating system

Other

PHP engine version

PHP 8.2

Web server

Nginx

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

• [X] Default user-backend (database)
• [ ] LDAP/ Active Directory
• [ ] SSO - SAML
• [ ] Other

Configuration report

{
    "system": {
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "28.0.4.1",
        "overwrite.cli.url": "https:\/\/cloud.domain.me",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "5432",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "upgrade.disable-web": true,
        "default_phone_region": "GR",
        "share_folder": "Shared",
        "log_type": "file",
        "log_type_audit": "file",
        "loglevel": "2",
        "logfile": "\/var\/www\/html\/data\/logs\/nextcloud.log",
        "logfile_audit": "\/var\/www\/html\/data\/logs\/audit.log",
        "logdateformat": "d\/m\/Y H:i:s",
        "logtimezone": "Europe\/Athens",
        "overwritehost": "cloud.domain.me",
        "overwriteprotocol": "https",
        "activity_expire_days": "60",
        "trashbin_retention_obligation": "30,60",
        "versions_retention_obligation": "30,60",
        "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
        "enable_previews": "true",
        "jpeg_quality": "60",
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "preview_max_memory": "1024",
        "preview_max_filesize_image": "50",
        "onlyoffice": "",
        "allow_local_remote_servers": "true",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpauthtype": "login",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "app_install_overwrite": [
            "news"
        ],
        "trusted_domains": [
            "localhost",
            "cloud.domain.me",
            "kube.internal.healthcheck",
            "collabora.domain.me"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "enabledPreviewProviders": [
            "OC\\Preview\\Imaginary",
            "OC\\Preview\\Image",
            "OC\\Preview\\MP3",
            "OC\\Preview\\TXT",
            "OC\\Preview\\PDF",
            "OC\\Preview\\Movie",
            "OC\\Preview\\Photoshop",
            "OC\\Preview\\TIFF",
            "OC\\Preview\\SVG",
            "OC\\Preview\\OpenDocument",
            "OC\\Preview\\HEIC",
            "OC\\Preview\\PNG",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\GIF",
            "OC\\Preview\\TIFF",
            "OC\\Preview\\BMP",
            "OC\\Preview\\MarkDown"
        ]
    }
}

List of activated Apps

Enabled:
  - activity: 2.20.0
  - admin_audit: 1.18.0
  - bookmarks: 13.1.3
  - bruteforcesettings: 2.8.0
  - calendar: 4.6.7
  - circles: 28.0.0
  - cloud_federation_api: 1.11.0
  - comments: 1.18.0
  - contacts: 5.5.3
  - contactsinteraction: 1.9.0
  - dashboard: 7.8.0
  - dav: 1.29.1
  - deck: 1.12.2
  - federatedfilesharing: 1.18.0
  - federation: 1.18.0
  - files: 2.0.0
  - files_antivirus: 5.5.0
  - files_pdfviewer: 2.9.0
  - files_reminders: 1.1.0
  - files_sharing: 1.20.0
  - files_trashbin: 1.18.0
  - files_versions: 1.21.0
  - firstrunwizard: 2.17.0
  - logreader: 2.13.0
  - lookup_server_connector: 1.16.0
  - mail: 3.5.8
  - news: 24.0.0
  - nextcloud_announcements: 1.17.0
  - notes: 4.9.4
  - notifications: 2.16.0
  - notify_push: 0.6.10
  - oauth2: 1.16.3
  - password_policy: 1.18.0
  - photos: 2.4.0
  - previewgenerator: 5.5.0
  - privacy: 1.12.0
  - provisioning_api: 1.18.0
  - recommendations: 2.0.0
  - related_resources: 1.3.0
  - richdocuments: 8.3.4
  - serverinfo: 1.18.0
  - settings: 1.10.1
  - sharebymail: 1.18.0
  - support: 1.11.1
  - survey_client: 1.16.0
  - systemtags: 1.18.0
  - tasks: 0.15.0
  - text: 3.9.1
  - theming: 2.3.0
  - twofactor_backupcodes: 1.17.0
  - twofactor_totp: 10.0.0-beta.2
  - updatenotification: 1.18.0
  - user_status: 1.8.1
  - viewer: 2.2.0
  - weather_status: 1.8.0
  - workflowengine: 2.10.0
Disabled:
  - encryption: 2.16.0
  - files_external: 1.20.0
  - suspicious_login: 6.0.0
  - user_ldap: 1.19.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

No response

Additional info

No response

[joshtrichards]

I'm not sure this is really a bug. Maybe technical debt, but it's expected at present. Need to change parameters like that via config.php rather than occ.

Related/same issue (basically): #40904

EDIT: Might be something worth documenting somehow too I suppose.