chmod(): Operation not permitted at lib/Service/Install/InstallService.php#599

[vitormattos]

On the error log in Nextcloud I found multiple of the entries (almost at the same time):

{
	"reqId": "XLnVSZf790zQyTeut9r7",
	"level": 3,
	"time": "2024-07-07T14:55:32+00:00",
	"remoteAddr": "",
	"user": "--",
	"app": "PHP",
	"method": "",
	"url": "--",
	"message": "chmod(): Operation not permitted at /var/www/nextcloud/apps/libresign/lib/Service/Install/InstallService.php#599",
	"userAgent": "--",
	"version": "29.0.3.4",
	"data": {
		"app": "PHP"
	},
	"id": "668ab011e63ec"
}

Nextcloud: 29.0.3
LibreSign: 9.1.2

Ref:

• Libresign:Install scripts doesn't seem to work properly. #3292

[vitormattos]

@Albusoline could you check the owner, group and permissions of cfssl binaries file?

You will need to run a ls -la at content of folder data/appdata_<instanceid>/libresign/<yourArchitecture>/cfssl.

Sounds that the owner of files inside this folder is not the same of your http server.

[Albusoline]

@vitormattos
drwxrwx--- 2 root www-data 0 Jul 9 19:08 aarch64

Owner is root, however www-data (same as http server) has rwx. Therefore I don't see any issues with it.
Or does Libresign/cfssl actually require the webuser as owner, despite having rwx as groupmember?

[vitormattos]

owner and group need to be the same of Nextcloud.
Change this executing a chown -R www-data:www-data data/appdata_<instanceid>/libresign
I think that this could fix your problem.

[Albusoline]

Interestingly enough, chown did not work for some reason.
I'm an average linux user, however I've never experienced this before:
(copy-paste from my terminal, not showing other folders which have nothing to do with it...)

root@myServer:/mnt/data/appdata_ocmjteth5a7k# chown -R www-data:www-data libresign
root@myServer:/mnt/data/appdata_ocmjteth5a7k# ls -l
total 0
drwxrwx--- 2 root www-data 0 Jul 9 19:25 libresign

[vitormattos]

Could you check the owner and group of folder config at root folder of LibreSign?

[Albusoline]

Where do I find the "root folder" of Libresign?

[Albusoline]

Regarding chown:
Could it be that the mentionend folder /mnt/data is mounted via fstab and therefore the change of the ownership won't work (which I still can't really believe...):

fstab:

//192.168.1.121/NextieData /mnt/data cifs username=XXX,credentials=/root/.credentials,gid=33,file_mode=0770,dir_mode=0770 0 0

[vitormattos]

The origin of problem

• When you install by CLI with --all will include CFSSL at downloaded files and is necessary to give execution permission to binary of CFSSL and to do this I use the function chown of PHP.

The list with possible solutions

• Change handmade the permission of this file to be possible give execution permission to user www-data. This is made from your side.
• During the setup, I can check if the function chown is working fine, if not, I can return a message talking that isn't possible to use CFSSL.

The edge case

• This is a specific scenario of an environment that haven't permission to use chown. I can implement the conditional to verify this but this will take time from my side and I will need help to funding the time to implement this or we will need a person from community to share time and implement this check or other way to solve this problem.

[Albusoline]

Hi Vitormattos.

I now changed fstab, so my mounting point for the nextcloud data has the rights
drwxrwx--- 2 www-data www-data 0 Jul 7 16:17 appdata_ocmjteth5a7k

so does libresign within the folder appdata_ocmjteth5a7k
drwxrwx--- 2 www-data www-data 0 Jul 7 16:17 libresign

Therefore both folders (var/www/nextcloud as well as /mnt/data) got www-data:www-data, in RWX for owner and group.

I removed Libresign from NextCloud and installed it again.
Then I ran occ libresign:uninstall --all and occ libresign:install --all as www-data.

However, I still got

On the logging I can't find the same errors as stated in previous comments, however there are only ;-) three errors left somehow related to libresign:

{"reqId":"hzkhixBkfW62ZJTSmnWH","level":3,"time":"2024-07-10T19:05:03+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"Trying to access array offset on value of type null at /var/www/nextcloud/apps/libresign/lib/BackgroundJob/UserDeleted.php#34","userAgent":"--","version":"29.0.3.4","data":{"app":"PHP"},"id":"668edf7937631"}

{"reqId":"hzkhixBkfW62ZJTSmnWH","level":3,"time":"2024-07-10T19:05:03+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"Trying to access array offset on value of type null at /var/www/nextcloud/apps/libresign/lib/BackgroundJob/UserDeleted.php#35","userAgent":"--","version":"29.0.3.4","data":{"app":"PHP"},"id":"668edf793761e"}

{"reqId":"hzkhixBkfW62ZJTSmnWH","level":3,"time":"2024-07-10T19:05:03+00:00","remoteAddr":"","user":"--","app":"core","method":"","url":"--","message":"Error while running background job OCA\Libresign\BackgroundJob\UserDeleted (id: 8694, arguments: null)","userAgent":"--","version":"29.0.3.4","exception":{"Exception":"TypeError","Message":"OCA\Libresign\Db\FileMapper::neutralizeDeletedUser(): Argument #1 ($userId) must be of type string, null given, called in /var/www/nextcloud/apps/libresign/lib/BackgroundJob/UserDeleted.php on line 39","Code":0,"Trace":[{"file":"/var/www/nextcloud/apps/libresign/lib/BackgroundJob/UserDeleted.php","line":39,"function":"neutralizeDeletedUser","class":"OCA\Libresign\Db\FileMapper","type":"->"},{"file":"/var/www/nextcloud/lib/public/BackgroundJob/Job.php","line":80,"function":"run","class":"OCA\Libresign\BackgroundJob\UserDeleted","type":"->"},{"file":"/var/www/nextcloud/lib/public/BackgroundJob/QueuedJob.php","line":57,"function":"start","class":"OCP\BackgroundJob\Job","type":"->"},{"file":"/var/www/nextcloud/lib/public/BackgroundJob/QueuedJob.php","line":47,"function":"start","class":"OCP\BackgroundJob\QueuedJob","type":"->"},{"file":"/var/www/nextcloud/cron.php","line":177,"function":"execute","class":"OCP\BackgroundJob\QueuedJob","type":"->"}],"File":"/var/www/nextcloud/apps/libresign/lib/Db/FileMapper.php","Line":227,"message":"Error while running background job OCA\Libresign\BackgroundJob\UserDeleted (id: 8694, arguments: null)","exception":[],"CustomMessage":"Error while running background job OCA\Libresign\BackgroundJob\UserDeleted (id: 8694, arguments: null)"},"id":"668edf79375f7"}

Regarding your possible solutions:
I think, that would be a great idea.

During the setup, I can check if the function chown is working fine, if not, I can return a message talking that isn't possible to use CFSSL.

I actually appreciate your help. Hope I can give you back anything once its fixed. Libresign does have quite a potential for our local swimming club...

[vitormattos]

Could you check if you get the same when run the install command at cli?

[Albusoline]

I don't understand what you mean with "run the install command at cli"
The button "Download Binaries" in the Nextcloud Frontend does not work. It quickly (maybe within 10s) turns into "Validate Setup" but pressing it does not have any effect at all.

When you mean Command Line Interface with cli, then that's what I already did the whole time.
I just did (again)
sudo -u www-data php8.1 occ libresign:uninstall --all
sudo -u www-data php8.1 occ files:scan-app-data libresign

This time I installed each module seperately:
sudo -u www-data php8.1 occ libresign:install --java
sudo -u www-data php8.1 occ libresign:install --pdftk
sudo -u www-data php8.1 occ libresign:install --jsignpdf
sudo -u www-data php8.1 occ libresign:install --cfssl

No errors in the log this time.

However, Administration - Libresign Frontend Page still showing

[Albusoline]

Hi vittormattos.

I saw that a new libresign app version was released.
Now using Libresign 9.2.3.

Hoped, that this will solve my problem.
It didn't.
New error message now:

I enabled debug mode according the text, however I don't know, in which file it logs the errors.
Anyway, checking the logging from nextcloud, I can find the following three errors (matching with the time of refreshing the libresign-admin page:

Any ideas?

[vitormattos]

Are you using LibreSign from source code or did you installed from Nextcloud app store?

[vitormattos]

I identified the problem. This is a false positive error message, you can ignore.

The problem occur only with arm because the build process didn't packed all json files that are necessary to put:

This is the necessary:

appinfo/
├── info.xml
├── install-aarch64-alpine-linux-java.json
├── install-aarch64-cfssl.json
├── install-aarch64-jsignpdf.json
├── install-aarch64-linux-java.json
├── install-aarch64-pdftk.json
├── install-x86_64-alpine-linux-java.json
├── install-x86_64-cfssl.json
├── install-x86_64-jsignpdf.json
├── install-x86_64-linux-java.json
├── install-x86_64-pdftk.json
└── routes.php

I will check what's happening at build process. For now, only ignore the error messages.

[vitormattos]

The consequence of problem:

https://github.com/LibreSign/libresign/actions/runs/10085849771/job/27887392959#step:19:730

[Albusoline]

I installed LibreSign from NextCloud App Store, not with Source Code.

Unfortunately I can't ignore the error, because when I try to use LibreSign, it tells me to finish the setup first.