Software / code / prosody
Changeset
8107:83d776b344ad
prosodyctl: Verify permissions on directory that certificates are written to
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 21 Apr 2017 14:24:59 +0200 |
| parents | 8106:86ec9045d095 |
| children | 8108:939ccedb509d |
| files | prosodyctl |
| diffstat | 1 files changed, 8 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/prosodyctl Fri Apr 21 14:20:46 2017 +0200 +++ b/prosodyctl Fri Apr 21 14:24:59 2017 +0200 @@ -830,6 +830,14 @@ if #arg >= 1 and arg[1] ~= "--help" then openssl = require "util.openssl"; lfs = require "lfs"; + local cert_dir_attrs = lfs.attributes(cert_basedir); + if pposix.getuid() ~= cert_dir_attrs.uid then + show_warning("The directory "..cert_basedir.." is not owned by the current user, won't be able to write files to it"); + return 1; + elseif cert_dir_attrs.permissions:match("^%.w..%-..%-.$") then + show_warning("The directory "..cert_basedir.." not only writable by its owner"); + return 1; + end local subcmd = table.remove(arg, 1); if type(cert_commands[subcmd]) == "function" then if not arg[1] then
