Update 'dbpassword' in /var/www/nextcloud/config/config.php

Nextcloud version: 11.0.3.2
Operating system and version: Ubuntu 16.04.2
Apache or nginx version: Apache 2.4.18
PHP version: 7.0.15
Is this the first time you’ve seen this error?: Yes

Can you reliably replicate it? (If so, please outline steps): Yes

  1. install nextcloud

  2. change mysql passwd for oc_ncadmin
    $mysql -u root mysql -p$NCPASS -e "update mysql.user set password=PASSWORD('$NCPASS') where User='oc_ncadmin';"
    $mysql -u root -p$NCPASS -e "flush privileges;"

  3. try to run maintenance:repair
    $sudo -u www-data php "/var/www/nextcloud/occ" maintenance:repair

  4. get the following error:
    An unhandled exception has been thrown:
    Doctrine\DBAL\DBALException: Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [1045] Access denied for user 'oc_ncadmin'@'localhost' (using password: YES)

  5. Check /var/www/nextcloud/config/config.php to see if ‘dbpassword’ is correct for ‘dbuser’ => ‘oc_ncadmin’ (it will not be)

  6. replace old salted ‘dbpassword’ with plain text new passwd and run:
    $sudo -u www-data php "/var/www/nextcloud/occ" maintenance:repair

  7. there will be no error this time

The issue I am facing:
I changed the passwd for the oc_ncadmin user in mysql using the following commands:
$mysql -u root mysql -p$NCPASS -e "update mysql.user set password=PASSWORD('$NCPASS') where User='oc_ncadmin';"
$mysql -u root -p$NCPASS -e "flush privileges;"

Which worked as expected, however now I can not run
$sudo -u www-data php "/var/www/nextcloud/occ" maintenance:repair
Because the passwd for oc_ncadmin is now wrong in /var/www/nextcloud/config/config.php

I can edit the file and replace old salted ‘dbpassword’ with the plain text new passwd but that does not seem very secure.

Is there anyway to have the system generate a new /var/www/nextcloud/config/config.php file like it does when nextcloud is first installed, This way the new passwd for oc_ncadmin is salted and I have more peace of mind?

The output of your Nextcloud log in Admin > Logging: (N/A)

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
https://pastebin.com/nVPHSvku

Perhaps I can salt the password myself however I do not now which method should be used or would be compatible. I have tested this a few times already but with no luck.

Are you sure ‘dbpassword’ is salted, when Nextcloud is installed? It wasn’t when I installed Nextcloud…

Intersting, but yes the ‘dbpassword’ is definitely salted after install…perhaps my method of install made the ‘dbpassword’ salted during the auto gen of /var/www/nextcloud/config/config.php… I was using a tweaked version of the install script from this site: https://raw.githubusercontent.com/nextcloud/vm/master/nextcloud_install_production.sh

Or perhaps it is just the version of Nextcloud that was installed. My Nextcloud version is 11.0.3.2, was this also yours?

PS: do you think it is safe to leave the ‘dbpassword’ unsalted and in plain text?

I can’t see that that script is salting the mysql password and I really doubt that Nextcloud is able to use a salted dbpassword in config.php.

I use Nextcloud 11.0.3 - it has been upgraded a couple of times from previous versions though.[quote=“hungrykanamit, post:4, topic:12036”]
PS: do you think it is safe to leave the ‘dbpassword’ unsalted and in plain text?
[/quote]
Yes I do think this is safe.

Are you insinuating that I am lying?

Here is a brand new /var/www/nextcloud/config/config.php which was generated after a fresh install of ubuntu and running the script above.
https://pastebin.com/JRAf89YJ

Also, from what I understand, nextcloud doesn’t use this file but it is actually for the owncloud CLI “occ” when something like this is ran:
$sudo -u www-data php "/var/www/nextcloud/occ" maintenance:repair

Why do you think this is safe to save passwords in plain text on a server connected to the internet?

No.

I did not say that. Generally that is not a good idea and should be avoided.

You were asking whether it is safe to leave the ‘dbpassword’ unsalted and in plain text in config.php and I do think it is OK to store the password to the database as plain text in config.php, as long as it is not the mysql root password and *.php files are not delivered by the server as plain-text-files. Look at all the other php-programs out there (e.g. textpattern, wordpress, piwik, piwigo, etc…) - they all store the password to their database in plain text.

1 Like

Did you ever solve this? I would like to switch to a new database server but don’t know what the password for the database is/was.

How can I have a new password be salted?

OK apparently the dbpassword in config.php has never been salted! Just try it!