#990 Incorrect permissions on PROSODY_CONFIG file produces the wrong error
Reporter
Kyle
Owner
Zash
Created
Updated
Stars
★ (1)
Tags
Priority-Medium
Status-Fixed
Milestone-0.10
Type-Defect
Kyle
on
What steps will reproduce the problem?
1. PROSODY_CONFIG=/non/standard/path/config.cfg.lua
2. chmod 000 $PROSODY_CONFIG
3. sudo prosodyctl --config=$PROSODY_CONFIG start
(sudo because init script which calls prosodyctl is root)
What is the expected output?
Permission denied for file $PROSODY_CONFIG
What do you see instead?
Could not find a configuration file at /etc/jabber/prosody.cfg.lua
What version of the product are you using? On what operating system?
v0.9.11 / Gentoo Linux
Zash
on
Thanks for the report!
The code is indeed printing "We looked for: $CFG_CONFIGDIR/prosody.cfg.lua" instead of the actual file that was read. This appears to a leftover from before --config was added. It also doesn't print the actual error message it gets, which it should.
You need to leave out the '=' from the --config argument, or it will not work.
You won't get a "Permission denied" tho, the config is opened as root.
Changes
tags Status-Accepted
Kyle
on
Apologies for the incorrect command, I wrote it from memory.
prosodyctl is not the code producing the error. prosodyctl reads the config successfully (as root) and runs /usr/bin/prosody as the user specified in the config. It is that user which does not have permissions to read the configuration file passed through PROSODY_CONFIG.
I did some small amount of print debugging leading me to /usr/bin/prosody's read_config(). The config path is successfully delivered through the environment, and that path is given to config.load(). I did not make it any further than that.
Another quick peek leads me to assume that read_config() deals with an error where "level=file" in exactly one way; which assumes that the config file is named prosody.cfg.lua, and potentially discards an error (is that provided from config.load() if level==file? I genuinely don't know.).
Zash
on
Ah, the issue is that `prosodyctl` can read the config (because root) but `prosody` can not. Tricky indeed.
Kyle
on
This change communicates the config_file, instead of the CONFIGDIR and hardcoded filename, in the message and exposes the error; though I am not confident that this is the correct change simply because I have not looked any further than this one section.
```diff
It is necessary to print both `config_file` and `err` because `err` will variously contain the full path or only the filename (and perhaps there are other cases where it is not included at all).
--- a/prosody
+++ b/prosody
@@ -100,8 +100,9 @@ function read_config()
end
print("");
elseif level == "file" then
- print("Prosody was unable to find the configuration file.");
- print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua");
+ print("Prosody was unable to load the configuration.");
+ print("We looked for: "..prosody.config_file);
+ print("An error was encountered: "..err);
print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist");
print("Copy or rename it to prosody.cfg.lua and edit as necessary.");
end
```
What steps will reproduce the problem? 1. PROSODY_CONFIG=/non/standard/path/config.cfg.lua 2. chmod 000 $PROSODY_CONFIG 3. sudo prosodyctl --config=$PROSODY_CONFIG start (sudo because init script which calls prosodyctl is root) What is the expected output? Permission denied for file $PROSODY_CONFIG What do you see instead? Could not find a configuration file at /etc/jabber/prosody.cfg.lua What version of the product are you using? On what operating system? v0.9.11 / Gentoo Linux
Thanks for the report! The code is indeed printing "We looked for: $CFG_CONFIGDIR/prosody.cfg.lua" instead of the actual file that was read. This appears to a leftover from before --config was added. It also doesn't print the actual error message it gets, which it should. You need to leave out the '=' from the --config argument, or it will not work. You won't get a "Permission denied" tho, the config is opened as root.
ChangesApologies for the incorrect command, I wrote it from memory. prosodyctl is not the code producing the error. prosodyctl reads the config successfully (as root) and runs /usr/bin/prosody as the user specified in the config. It is that user which does not have permissions to read the configuration file passed through PROSODY_CONFIG. I did some small amount of print debugging leading me to /usr/bin/prosody's read_config(). The config path is successfully delivered through the environment, and that path is given to config.load(). I did not make it any further than that. Another quick peek leads me to assume that read_config() deals with an error where "level=file" in exactly one way; which assumes that the config file is named prosody.cfg.lua, and potentially discards an error (is that provided from config.load() if level==file? I genuinely don't know.).
Ah, the issue is that `prosodyctl` can read the config (because root) but `prosody` can not. Tricky indeed.
This change communicates the config_file, instead of the CONFIGDIR and hardcoded filename, in the message and exposes the error; though I am not confident that this is the correct change simply because I have not looked any further than this one section. ```diff It is necessary to print both `config_file` and `err` because `err` will variously contain the full path or only the filename (and perhaps there are other cases where it is not included at all). --- a/prosody +++ b/prosody @@ -100,8 +100,9 @@ function read_config() end print(""); elseif level == "file" then - print("Prosody was unable to find the configuration file."); - print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"); + print("Prosody was unable to load the configuration."); + print("We looked for: "..prosody.config_file); + print("An error was encountered: "..err); print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist"); print("Copy or rename it to prosody.cfg.lua and edit as necessary."); end ```
Fixed in https://hg.prosody.im/0.10/rev/57c5dd08ff0a by attempting to open the config file after dropping root. Also see https://hg.prosody.im/0.10/rev/5ebad58b2548 which makes it report the actual file name it tried.
Changes