mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-05 14:17:37 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

prosodyctl: Verify permissions on directory that certificates are written to

Browse source
This commit is contained in:
Kim Alvefur 2017-04-21 14:24:59 +02:00
parent c732b4835f
commit 1dfc20f031
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
prosodyctl
View file

@ -830,6 +830,14 @@ function commands.cert(arg)
if #arg >= 1 and arg[1] ~= "--help" then if #arg >= 1 and arg[1] ~= "--help" then
openssl = require "util.openssl"; openssl = require "util.openssl";
lfs = require "lfs"; lfs = require "lfs";
local cert_dir_attrs = lfs.attributes(cert_basedir);
if pposix.getuid() ~= cert_dir_attrs.uid then
show_warning("The directory "..cert_basedir.." is not owned by the current user, won't be able to write files to it");
return 1;
elseif cert_dir_attrs.permissions:match("^%.w..%-..%-.$") then
show_warning("The directory "..cert_basedir.." not only writable by its owner");
return 1;
end
local subcmd = table.remove(arg, 1); local subcmd = table.remove(arg, 1);
if type(cert_commands[subcmd]) == "function" then if type(cert_commands[subcmd]) == "function" then
if not arg[1] then if not arg[1] then