#1075 prosodyctl --root cert ... demands root-owned certs dir

Reporter Zash
Owner Zash
Created
Updated
Stars ★★ (3)
Tags
  • Type-Defect
  • Status-Fixed
  • Priority-Medium
  • Milestone-0.10
  1. Zash on

    What steps will reproduce the problem? 1. chown prosody /etc/prosody/certs 2. sudo prosodyctl --root cert (anything) What is the expected output? No complaint, maybe? What do you see instead? The directory /etc/prosody/certs is not owned by the current user, won't be able to write files to it What version of the product are you using? On what operating system? 0.10.0. Reportedly Ubuntu. Please provide any additional information below. if pposix.getuid() ~= cert_dir_attrs.uid then will in this case only accept a root-owned directory Perhaps it should skip this check if running as root, since root is always allowed to write anything anywhere.

  2. Zash on

    Thanks to Hund on IRC for noticing this.

    Changes
    • tags Milestone-0.10
  3. mwwn on

    The problem here is not only the complaint. It doesn't try to copy any certs then, either. So if you for example use this command in a cron job to copy Let's Encrypt certs over, that does not work anymore.

  4. sapkra on

    I have the same issue running prosody 0.10.2 in OpenShift / Kubernetes with Arbitrary User IDs. The user has rwx permissions to this folder via group permissions and cannot be the owner of an directory. Info: Arbitrary User IDs are part of a security feature which is enabled by default in OpenShift.

  5. Zash on

    Fixed in https://hg.prosody.im/0.10/rev/92bfb12684b0 at least enough to import certs into my work dir.

    Changes
    • owner Zash
    • tags Status-Fixed

New comment

Not published. Used for spam prevention and optional update notifications.