Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't suggest a chown root:root #18746

Open
e7o-de opened this issue Feb 5, 2022 · 2 comments
Open

Don't suggest a chown root:root #18746

e7o-de opened this issue Feb 5, 2022 · 2 comments
Labels
Better processes Indicates an issue is about improving how we work. Bug For errors / faults / flaws / inconsistencies etc. c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.

Comments

@e7o-de
Copy link

e7o-de commented Feb 5, 2022

Did an update via console core:update. Was doing it as root, as ... yeah, bash of www-data isn't that functional :) Anyway, got that message at the end:

It appears you have executed this update with user root:root, while your Matomo files are owned by www-data:www-data. 

To ensure that the Matomo files are readable by the correct user, you may need to run the following command (or a similar command depending on your server configuration):

$ chown -R root:root /var/www/piwik/piwik

Of course, I just copied and executed that command, as it looked ok. Then I figured out, that Matomo doesn't want to run anymore, so I did a chown with www-data:www-data.

I suggest to think about that hint. Not entirely sure wether it's more likely that the files are usually owned by the correct user and it should be assumed that this is correct or there should be a simple check like "something will break with root ownership for sure".

@e7o-de e7o-de added the Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. label Feb 5, 2022
@tsteur tsteur added Better processes Indicates an issue is about improving how we work. Bug For errors / faults / flaws / inconsistencies etc. c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. and removed Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. labels Feb 7, 2022
@tsteur tsteur added this to the 4.9.0 milestone Feb 7, 2022
@tsteur
Copy link
Member

tsteur commented Feb 7, 2022

Thanks for mentioning this @e7o-de

It will also fix #17862 and will close that issue as a duplicate.

I think in this example we could adjust the wording and mention that the command may be executed using the wrong user and not only suggest the chown command to prevent such cases. If the user is root we could also mention specifically that this is likely executed with wrong user.

@justinvelluppillai
Copy link
Contributor

Possibly we could also prompt user at the start if they aren't using the same user as the files are owned with to make sure they want to continue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Better processes Indicates an issue is about improving how we work. Bug For errors / faults / flaws / inconsistencies etc. c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Projects
None yet
Development

No branches or pull requests

4 participants