Healthcheck cannot pass JWT Authentication check

yderi · March 7, 2023, 5:59pm

Hello all

health check command
sudo -H -u www-data bash -c "/var/www/passbolt/bin/cake passbolt healthcheck"
cannot pass JWT Authentication check

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [FAIL] The /var/www/passbolt/config/jwt/ directory should not be writable.
 [HELP] You can try:
 [HELP] sudo chown -Rf root:www-data /var/www/passbolt/config/jwt/
 [HELP] sudo chmod 750 /var/www/passbolt/config/jwt/
 [HELP] sudo chmod 640 /var/www/passbolt/config/jwt/jwt.key
 [HELP] sudo chmod 640 /var/www/passbolt/config/jwt/jwt.pem
 [PASS] A valid JWT key pair was found

Already tried to perform recommendation HELP, unfortunately still the same error.

Here is ll command output
ll /var/www/passbolt/config/jwt/

total 16
drwxr-x--- 2 root            www-data 4096 Jun 23  2022 ./
dr-xr-x--- 7 hp              www-data 4096 Mar  7 15:48 ../
-rw-r----- 1 root            www-data 3272 Jun 21  2022 jwt.key
-rw-r----- 1 root            www-data  800 Jun 21  2022 jwt.pem

Any help appreciated

Passbolt Version: 3.11.0
Platform and Target:
– Operating system: Ubuntu 20.04.5 LTS
– PHP: 7.4
– Web server: Nnginx version: nginx/1.18.0 (Ubuntu)
built with OpenSSL 1.1.1f 31 Mar 2020
– Database server: MariaDB 10.3.38

garrett · March 7, 2023, 7:30pm

Hi @yderi Welcome to the forum!

Any luck after trying the suggestion provided in your GH post regarding parent folder ownership (hp instead of root)?

Termindiego25 · March 8, 2023, 9:59am

Good morning, have you tried to change ownership to the user who has access to the website?
For example, if the user is www-data, ll should print www-data in user and group. Instead of that, you print root as user and www-data as group.
You can change that with chown -R www-data:www-data /var/www/passbolt/config/jwt/