#455 Inaccessible user data fails too quietly.

Reporter ian@zenhack.net
Owner Zash
Created
Updated
Stars ★ (1)
Tags
  • Status-Fixed
  • Milestone-0.10
  • Component-Persistence
  • Type-Defect
  • Priority-Medium
  1. ian@zenhack.net on

    I hit an issue with my prosody server recently, which I eventually traced to a permissions error (prosody did not have access to the directory containing user account information). The symptoms were that I was unable to log in (I'm the only user). The logs (once cranked up to debug level) contained the following: Dec 25 20:57:46 datamanager debug Assuming empty accounts storage ('cannot open /usr/local/var/lib/prosody/zenhack%2enet/accounts/ian.dat: Permission denied') for user: ian@zenhack.net Dec 25 20:57:46 datamanager debug Assuming empty accounts storage ('cannot open /usr/local/var/lib/prosody/zenhack%2enet/accounts/ian.dat: Permission denied') for user: ian@zenhack.net Dec 25 20:57:46 datamanager debug Assuming empty accounts storage ('cannot open /usr/local/var/lib/prosody/zenhack%2enet/accounts/ian.dat: Permission denied') for user: ian@zenhack.net Dec 25 20:59:07 datamanager debug Assuming empty roster storage ('cannot open /usr/local/var/lib/prosody/zenhack%2enet/roster/ian.dat: Permission denied') for user: ian@zenhack.net Dec 25 20:59:07 datamanager debug Assuming empty roster storage ('cannot open /usr/local/var/lib/prosody/zenhack%2enet/roster/ian.dat: Permission denied') for user: ian@zenhack.net In my opinion, this should cause the server to fail to start, with a message logged at *error* level. I can't think of a circumstance where the current behavior is reasonable. *What steps will reproduce the problem?* 1. configure prosody for "internal" storage 2. create a user 3. ensure that prosody's data directory (in my case /usr/local/var/lib/prosody) is not executable by the user prosody will run as 4. set log level to debug. 5. restart the server *What is the expected output? What do you see instead?* Prosody *should* fail early and loudly -- preferably the server should fail to start, displaying an error message (and writing the same message to the logs at error level). Currently, Prosody will log a message at debug level, and start running. Users will be unable to log in, since prosody cannot access the user database. *What version of the product are you using? On what operating system?* Prosody 0.9.7 on FreeBSD 9.3 *Please provide any additional information below.*

  2. Zash on

    I don't agree that startup should fail. Should Prosody also fail if it can't connect to a database if that is used for storage? Logging those messages at "debug" level is because you don't want to spam the log with "no such file or directory" messages, which happen when a store is empty, which happens a lot. People already ask way too often about that, even when it's a debug message. Noticing the difference between "no such file" and "permission denied" would basically boil down to string matching. Strings that can be localized, complicating things. However this simple patch could be commited to spam the log with tracebacks: diff -r 5df76208e050 plugins/mod_storage_internal.lua --- a/plugins/mod_storage_internal.lua Wed Oct 21 13:37:26 2015 +0200 +++ b/plugins/mod_storage_internal.lua Thu Oct 29 05:03:50 2015 +0100 @@ -2,6 +2,8 @@ local datamanager = require "core.storag local host = module.host; +assert(datamanager.store(nil, host, "__test", nil), "Storage location for "..host.." is not writable"); + local driver = {}; local driver_mt = { __index = driver };

  3. Zash on

    Also, 'prosodyctl check' should check for things like this. I do not belive it does currently. It's a bit tricky due to storage being provided by a plugin... Perhaps storage plugins could have a 'test' method that does sanity checks?

  4. Zash on

    Changes
    • owner Zash
    • tag Component-Persistence
    • tag Status-Accepted
  5. Zash on

    https://hg.prosody.im/0.10/rev/f4c0fb54e16c Prosody will now complain louder about permission and other actual problems

    Changes
    • tags Status-Fixed Milestone-0.10

New comment

Not published. Used for spam prevention and optional update notifications.