We have Nextcloud, part of lxc containers. It has been a while since we used backup codes and now we have gotten logged/locked out after we activated the two-way authentication. Could someone suggest a way to reset the settings? Note: this is part of a subdomain and placed under the lamp server container. Thanks in advance to the community for getting into this discussion.
You can reset user password via command line --> https://docs.nextcloud.com/server/18/admin_manual/configuration_server/occ_command.html#user-commands
sudo -u www-data php occ user:resetpassword <user>
Or disable 2 Factor Auth via command line --> https://docs.nextcloud.com/server/18/admin_manual/configuration_server/occ_command.html#two-factor-authentication
sudo -u www-data php occ twofactor:disable <uid> <provider_id>
How to run this command into container, I can’t say.
Thank you, @gas85
Thing done prior to starting this thread: I restarted the container and server. I even tried this command from the command line prior to starting this thread.
Command tried: sudo -u www-data php /var/www/nextcloud/occ app:enable twofactor_totp
On the positive end, today, I was able to locate the folder named backupcodes under Nextcloud within the container. However, I could not still figure out a way to reset the backup codes within the container server. I again tried a version of the above command right within the nextcloud folder without much luck. Any additional suggestions would be appreciated.
Command tried: sudo -u www-data php occ twofactor:disable admin -
“failed to open stream error”
@valuprocg did you run a
lxc-attach -n "$container" -- /bin/bash or lxc-execute to connect into the container and run php occ?
I did not run lxc attach. But, I do know the location within the container and ran the command shared above within that lxc container folder right where the data folder and occ file are.
This is the recent command tried, along with the error:
sudo -u data php occ twofactor:disable admin
sudo: unknown user: data
sudo: unable to initialize policy plugin
sudo -u www-data php occ twofactor:disable admin
failed to open stream: Permission denied on line 11
@valuprocg if you wonder why it’s not working. try to run the php occ command inside the container.
@Reiner_Nippes: Thanks again.
I am missing something here. I did run the command within the container. For that matter, right where the occ file and the data folder are located.
i was confused by this wording. within the container folder is not within the container.
and i’m confused by this. because normally you would connect to the container already as user www-data and not as root. so inside the container is no need to run commands as sudo.
but may with lxc container it’s different than with docker container.
This issue is relatively a new one for me too. Unless we get into one such issue, we don’t explore much of our ecosystem ourselves. I am getting to know the overall framework better myself through this issue.
Here is the path where nextcloud is located within the container lamp-1-dns-1.
this is where the occ file is.
Folders and files under this directory:
3rdparty config core index.html occ ocs-provider resources status.php version.php
apps console.php cron.php index.php ocm-provider public.php robots.txt themes
AUTHORS COPYING data lib ocs remote.php stats updater
again. this is the place where the folder is located on your host.
in case you just log in to host via ssh.
cd to this folder and run
sudo -u www-data I would be totally suprise if the out come would make any sense. but again I’m not an expert of lxd container.
but doing this in a dockerized environment would make no sense. you have to connect into the container and run the command there.
Got it. I am into the container and ran the command within the container, which is what you meant in your reply, I guess,
sudo -u web11 php /var/www/clients/client2/web11/web/occ app:disable twofactor_totp
No such app enabled: twofactor_totp
Thanks, @Reiner-Nippes and @gas85. Your participation helped me to focus in the right direction to address the issue.
I figured out a solution. FYI - There is a config.php file under config folder under web. I manually changed the totp from true to false and that did the trick.
this thread was helpful to identify the solution:
Administrator account locked out Backup Codes not working (zerone)