Passbolt error, "user id must be uuid or "me"

Hi all,

I’m an intern system administrator at an IT company. A colleague of mine gets "the user id should be a uuid or “me”. I tried searching on the error and try to find out what I can do about it but the documentation is scarce on this kind of error.

The issue starts when she opens Chrome and tries to login on the Passbolt Plugin. rebooting the system doesn’t work. I logged in on our local passbolt server, did /var/www/passbolt/bin/cake passbolt cleanup --dry-run which found some data issues and I cleaned it by removing --dry-run

After that the issue persist. I then checked the logs, by using cat error.log | grep uuid I found out that the error is registered every 2-3 days multiple times.

I sadly can’t do a healthcheck because I don’t know the password of the nginx account (non-root user). What can I do here to solve this specific issue?

Hi @Jeerus,

Which version of passbolt are you using? You can see this by hovering the little heart at the bottom right corner when you are logged in. We’ve seen this problem on old instances 2.x, it might be that the extension is not compatible with your API version.

Hi,

The nginx account has no password, you have to run commands “as nginx user” from root user, or another user with sudo rights, eg:

sudo -H -u nginx bash -c "/var/www/passbolt/bin/cake passbolt healthcheck"

or

sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt healthcheck" nginx

Cheers,

Well that’s the problem, I can’t login because I don’t have an admin account yet. They’re still busy fixing that. But you might be right that we’re running an old passbolt server, it’s said here that no one can remember how long ago the passbolt server has been updated. I think you’re right with the possibility of an outdated API vs the web browser plugin.

I will check the server version after I get my admin account today. What I also find very weird is that I can’t find nowhere the web server user, normally that should be nginx but the nginx service isn’t even installed. When I do systemctl status nginx it can’t find the service. instead there is apache2 that runs everything I believe.

In the meantime I can backup the database with mysqldump.

Thanks for your info, weirdly there doesn’t seem to be any web server user that I can find. I’m logged into the passbolt server through SSH, I checked if there are other existing users besides root but can’t find any.

Hi,

I guess you are using a passbolt server installed from sources. You can get installed version with this command:

cat /var/www/passbolt/config/version.php

You can also guess the correct user by checking who is the owner of passbolt files:

ls -alh /var/www/passbolt

Which OS are you using ?

cat /etc/os-release

By the way, you are running an old version and you should upgrade to the installation from package: Passbolt Help | Upgrade

It will be easier to keep passbolt up-to-date.

Best,

The output of those commands give me this,

Version 2.9.0 name Paint it black
User www-data
OS Ubuntu 16.04.7 LTS

Thank you guys very much for the quick responses and info. This saved me a lot of time. I also got my admin account. Now I assume the first thing to do is update the passbolt server, is there any chance of loss regarding accounts etc? I did a backup of the database.

Blockquote
One small extra question, whenever I click “administration” on my admin account homepage, the site refreshes like it’s in a loop. Is there like an admin control panel for passbolt which you can access through the browser?

The results of the healthcheck are as following,

www-data@pass:~/passbolt/bin$ ./cake passbolt healthcheck
Warning Error: SplFileInfo::openFile(/var/www/passbolt/tmp/cache/persistent/myapp_cake_core_translations_cake_console_en__u_s): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 406]

Warning Error: SplFileInfo::openFile(/var/www/passbolt/tmp/cache/persistent/myapp_cake_core_translations_cake_console_en__u_s): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 406]


---------------------------------------------------------------
 Healthcheck shell......Notice Error: Undefined variable: decryptedMessage2 in [/var/www/passbolt/src/Utility/Healthchecks/GpgHealthchecks.php, line 278]

2022-04-07 13:56:17 Notice: Notice (8): Undefined variable: decryptedMessage2 in [/var/www/passbolt/src/Utility/Healthchecks/GpgHealthchecks.php, line 278]


Notice Error: Undefined variable: decryptedMessage2 in [/var/www/passbolt/src/Utility/Healthchecks/GpgHealthchecks.php, line 279]

2022-04-07 13:56:19 Notice: Notice (8): Undefined variable: decryptedMessage2 in [/var/www/passbolt/src/Utility/Healthchecks/GpgHealthchecks.php, line 279]


       
---------------------------------------------------------------

 Environment

 [PASS] PHP version 7.0.33-0ubuntu0.16.04.16.
 [PASS] PCRE compiled with unicode support.
 [FAIL] The temporary directory and its content are not writable.
  [HELP] Ensure the temporary directory and its content are writable by the webserver user.
  [HELP] you can try:
  [HELP] sudo chown -R www-data:www-data /var/www/passbolt/tmp/
  [HELP] sudo chmod 775 $(find /var/www/passbolt/tmp/ -type d)
  [HELP] sudo chmod 664 $(find /var/www/passbolt/tmp/ -type f)
 [PASS] The public image directory and its content are writable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://pass.icitdev.nl
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
  [HELP] cURL Error (60) SSL certificate problem: unable to get local issuer certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 23 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/www/.gnupg.
 [PASS] The directory /var/www/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server gpg key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [FAIL] The private key file is not defined in config/passbolt.php or not readable.
  [HELP] Ensure the private key file is defined by the variable passbolt.gpg.serverKey.private in config/passbolt.php.
  [HELP] Ensure there is a private key armored block in the key file.
  [HELP] Ensure the private key defined in config/passbolt.php exists and is accessible by the webserver user.
  [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
 [FAIL] The server key fingerprint doesn't match the one defined in config/passbolt.php.
  [HELP] Double check the key fingerprint, example: 
  [HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /var/www/.gnupg" www-data | grep -i -B 2 'SERVER_KEY_EMAIL'
  [HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
  [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [FAIL] The server key does not have a valid email id.
  [HELP] Edit or generate another key with a valid email id.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [FAIL] The private key cannot be used to decrypt and verify a message
 [FAIL] The public key cannot be used to verify a signature.

 Application configuration

 [FAIL] This installation is not up to date. Currently using 2.9.0 and it should be v3.5.0.
  [HELP] See. https://www.passbolt.com/help/tech/update
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.
`
  9 error(s) found. Hang in there!

Ouch… it is very old :sweat_smile: The quickest way should be setup a new Ubuntu 20.04 server and follow this guide to migrate your data: Passbolt Help | Migrate an existing Passbolt CE to a new Ubuntu server

You can also upgrade your server to 18.04 first, then 20.04, as major release upgrade mustn’t be skipped. Then migrate to the Ubuntu package: Passbolt Help | Migrate passbolt CE from install scripts to Ubuntu package

I was afraid of that. I’m sweating by the thought of migrating 80 users with all their passwords. But I will try nevertheless. Thanks for the info.