prosody
83d776b344ad
prosodyctl
Software / code / prosody
Comparison
prosodyctl @ 8107:83d776b344ad
prosodyctl: Verify permissions on directory that certificates are written to
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 21 Apr 2017 14:24:59 +0200 |
| parent | 8106:86ec9045d095 |
| child | 8108:939ccedb509d |
comparison
equal
deleted
inserted
replaced
| 8106:86ec9045d095 | 8107:83d776b344ad |
|---|---|
| 828 | 828 |
| 829 function commands.cert(arg) | 829 function commands.cert(arg) |
| 830 if #arg >= 1 and arg[1] ~= "--help" then | 830 if #arg >= 1 and arg[1] ~= "--help" then |
| 831 openssl = require "util.openssl"; | 831 openssl = require "util.openssl"; |
| 832 lfs = require "lfs"; | 832 lfs = require "lfs"; |
| 833 local cert_dir_attrs = lfs.attributes(cert_basedir); | |
| 834 if pposix.getuid() ~= cert_dir_attrs.uid then | |
| 835 show_warning("The directory "..cert_basedir.." is not owned by the current user, won't be able to write files to it"); | |
| 836 return 1; | |
| 837 elseif cert_dir_attrs.permissions:match("^%.w..%-..%-.$") then | |
| 838 show_warning("The directory "..cert_basedir.." not only writable by its owner"); | |
| 839 return 1; | |
| 840 end | |
| 833 local subcmd = table.remove(arg, 1); | 841 local subcmd = table.remove(arg, 1); |
| 834 if type(cert_commands[subcmd]) == "function" then | 842 if type(cert_commands[subcmd]) == "function" then |
| 835 if not arg[1] then | 843 if not arg[1] then |
| 836 show_message"You need to supply at least one hostname" | 844 show_message"You need to supply at least one hostname" |
| 837 arg = { "--help" }; | 845 arg = { "--help" }; |
