diff options
| author | Kim Alvefur <zash@zash.se> | 2017-04-21 14:24:59 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2017-04-21 14:24:59 +0200 |
| commit | 1dfc20f031a3e697f9dcc74d7b63afc15e9ebc59 (patch) | |
| tree | e8c7fc97edc578edb930939a7b132a4d40091eb1 | |
| parent | c732b4835fde723ab0555688a7e8f3b40ef86b11 (diff) | |
| download | prosody-1dfc20f031a3e697f9dcc74d7b63afc15e9ebc59.tar.gz prosody-1dfc20f031a3e697f9dcc74d7b63afc15e9ebc59.zip | |
prosodyctl: Verify permissions on directory that certificates are written to
| -rwxr-xr-x | prosodyctl | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -830,6 +830,14 @@ function commands.cert(arg) if #arg >= 1 and arg[1] ~= "--help" then openssl = require "util.openssl"; lfs = require "lfs"; + local cert_dir_attrs = lfs.attributes(cert_basedir); + if pposix.getuid() ~= cert_dir_attrs.uid then + show_warning("The directory "..cert_basedir.." is not owned by the current user, won't be able to write files to it"); + return 1; + elseif cert_dir_attrs.permissions:match("^%.w..%-..%-.$") then + show_warning("The directory "..cert_basedir.." not only writable by its owner"); + return 1; + end local subcmd = table.remove(arg, 1); if type(cert_commands[subcmd]) == "function" then if not arg[1] then |