[Pkg-roundcube-maintainers] Bug#963010: roundcube-core: roundcube upgrade keeps breaking my instance due to automatic permission changes of config.inc.php
Mirko Vogt
mailinglists|debian at nanl.de
Wed Jun 17 15:42:54 BST 2020
Package: roundcube-core
Version: 1.3.13+dfsg.1-1~deb10u1
Severity: important
Hello,
I'm on Debian stable (buster) and using roundcube together with php-fpm
(and Debian's unattended-upgrade functionality for the security feed).
Already the second time an (unattended )upgrade broke my roundcube setup
resulting in the webinterface saying:
config.inc.php was not found.
What's happening is, that the upgrade - while maybe not entirely
overriding (its custom values and credentials are still in place) - is
definitely touching the config file located under
/etc/roundcube/config.inc.php -- at least changing its permissions.
So, while my config.inc.php is supposed to have the following
permissions in order for everything to work:
-rw-r----- 1 root php-roundcube [..] config.inc.php
it looks like this after the upgrade:
-rw-r----- 1 root www-data [..] config.inc.php
which makes this file unreadable for the php-fpm process run under the
user "php-roundcube".
I kindly ask not to automatically change the config files' permissions
during upgrades.
If you think my use case is an edge case or I'm better off with a
different solution to my issue I'm all ears.
For the moment, though, I would assume using php-fpm (running under a
different user than 'www-data') is quite common, as well as I think it's
sane to expect custom configuration files' permissions not being changed
during updates by default.
Thanks a lot!
mirko
More information about the Pkg-roundcube-maintainers
mailing list