#990 Incorrect permissions on PROSODY_CONFIG file produces the wrong error

Reporter Kyle
Owner Zash
Stars ★ (1)  
  • Milestone-0.10
  • Status-Fixed
  • Type-Defect
  • Priority-Medium
  1. Kyle on

    What steps will reproduce the problem? 1. PROSODY_CONFIG=/non/standard/path/config.cfg.lua 2. chmod 000 $PROSODY_CONFIG 3. sudo prosodyctl --config=$PROSODY_CONFIG start (sudo because init script which calls prosodyctl is root) What is the expected output? Permission denied for file $PROSODY_CONFIG What do you see instead? Could not find a configuration file at /etc/jabber/prosody.cfg.lua What version of the product are you using? On what operating system? v0.9.11 / Gentoo Linux

  2. Zash on

    Thanks for the report! The code is indeed printing "We looked for: $CFG_CONFIGDIR/prosody.cfg.lua" instead of the actual file that was read. This appears to a leftover from before --config was added. It also doesn't print the actual error message it gets, which it should. You need to leave out the '=' from the --config argument, or it will not work. You won't get a "Permission denied" tho, the config is opened as root.

    • tags Status-Accepted
  3. Kyle on

    Apologies for the incorrect command, I wrote it from memory. prosodyctl is not the code producing the error. prosodyctl reads the config successfully (as root) and runs /usr/bin/prosody as the user specified in the config. It is that user which does not have permissions to read the configuration file passed through PROSODY_CONFIG. I did some small amount of print debugging leading me to /usr/bin/prosody's read_config(). The config path is successfully delivered through the environment, and that path is given to config.load(). I did not make it any further than that. Another quick peek leads me to assume that read_config() deals with an error where "level=file" in exactly one way; which assumes that the config file is named prosody.cfg.lua, and potentially discards an error (is that provided from config.load() if level==file? I genuinely don't know.).

  4. Zash on

    Ah, the issue is that `prosodyctl` can read the config (because root) but `prosody` can not. Tricky indeed.

  5. Kyle on

    This change communicates the config_file, instead of the CONFIGDIR and hardcoded filename, in the message and exposes the error; though I am not confident that this is the correct change simply because I have not looked any further than this one section. ```diff It is necessary to print both `config_file` and `err` because `err` will variously contain the full path or only the filename (and perhaps there are other cases where it is not included at all). --- a/prosody +++ b/prosody @@ -100,8 +100,9 @@ function read_config() end print(""); elseif level == "file" then - print("Prosody was unable to find the configuration file."); - print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"); + print("Prosody was unable to load the configuration."); + print("We looked for: "..prosody.config_file); + print("An error was encountered: "..err); print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist"); print("Copy or rename it to prosody.cfg.lua and edit as necessary."); end ```

  6. Zash on

    Fixed in https://hg.prosody.im/0.10/rev/57c5dd08ff0a by attempting to open the config file after dropping root. Also see https://hg.prosody.im/0.10/rev/5ebad58b2548 which makes it report the actual file name it tried.

    • tags Milestone-0.10 Status-Fixed
    • owner Zash

New comment