0

first question here, take me slow.

I have installed dovecot, postfix and Roundcube webmail in a VM to test a new mail server for the company I work for. All good until I try changing a password as a logged in user from roundcube settings->password.

What I have done:

  • Enabled password plugin in roundcube
  • Set the driver to "chpasswd" as my users are system users created with "useradd -m user password"
  • I have created a new file in sudoers.d and added this www-data ALL=NOPASSWD:/usr/sbin/chpasswd as I understand apache2 runs under www-data user and it need sudo privileges. Still after doing all these things, I get the same error "Could not save password"

No logs that I can find show me other information about the problem. If there is a specific log I should look into, please tell me and I will do. If any configuration should I provide to you, ask and I will provide. Thank you!

EDIT: auth.log shows this when using sudo -u www-data /usr/sbin/chpasswd

sudo: pam_unix(sudo:session): session opened for user www-data(uid=33) by (uid=0)
Feb  2 11:08:54 mail unix_chkpwd[7140]: check pass; user unknown
Feb  2 11:08:54 mail unix_chkpwd[7141]: check pass; user unknown
Feb  2 11:08:54 mail unix_chkpwd[7141]: password check failed for user (test2)
Feb  2 11:08:54 mail chpasswd[7139]: pam_unix(chpasswd:chauthtok): authentication failure; logname= uid=33 euid=33 tty= ruser= rhost=  user=test2
Feb  2 11:09:01 mail CRON[7144]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Feb  2 11:09:01 mail CRON[7144]: pam_unix(cron:session): session closed for user root
Feb  2 11:09:05 mail sudo: pam_unix(sudo:session): session closed for user www-data
Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
bogdaN
  • 1
  • 1

1 Answers1

0

Check in config.inc.php how is logiin file or syslog

// LOGGING
$config['log_driver'] = 'file'; 
$config['syslog_facility'] = error.log;

then check syslog or roundcube log Dir for errors, if is file type of logging should be /var/www/html/roundcube/logs

Update: Probably user www-data don't have permissions for sudo or command to check:

sudo -u www-data /usr/sbin/chpasswd

Try this: https://www.tecmint.com/fix-passwd-authentication-token-manipulation-error-in-linux/

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
nih
  • 26
  • 3
  • I have checked roundcube/logs/errors.logs (I dont know how I missed this file) and found this entry: Unable to execute sudo /usr/sbin/chpasswd 2> /dev/null in /var/www/roundcube/plugins/password/drivers/chpasswd.php . Ok, now I need to interpret it. I gues it is a privilege problem. – bogdaN Jan 31 '22 at 13:21
  • Further addition: The permissions problem may be for /dev/null file. Permissions on it look like this: crw-rw-rw- 1 root root 1 . I cannot see anything wrong with it. I will continue my troubleshooting – bogdaN Jan 31 '22 at 13:34
  • After running that commant I get this: chpasswd: pam_chauthtok() failed, error: Authentication token manipulation error . And from my research I have found that it may be a permissions problem or maybe shadow or passwd file problem. I will continue my troubleshooting. – bogdaN Feb 01 '22 at 08:23
  • I have tried that already, unfortunately no success. I will edit my question with other log information I have found. – bogdaN Feb 02 '22 at 09:11