diff options
| author | Kim Alvefur <zash@zash.se> | 2017-04-21 14:24:59 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2017-04-21 14:24:59 +0200 |
| commit | b5e6c7a6f559efb9010ece6ac05cd3fc5bc1cbb2 (patch) | |
| tree | e8c7fc97edc578edb930939a7b132a4d40091eb1 | |
| parent | 451ec7734c8e9741e6d21b1e6839db16e46f7ca4 (diff) | |
| download | prosody-b5e6c7a6f559efb9010ece6ac05cd3fc5bc1cbb2.tar.gz prosody-b5e6c7a6f559efb9010ece6ac05cd3fc5bc1cbb2.zip | |
prosodyctl: Verify permissions on directory that certificates are written to
| -rwxr-xr-x | prosodyctl | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -830,6 +830,14 @@ function commands.cert(arg) if #arg >= 1 and arg[1] ~= "--help" then openssl = require "util.openssl"; lfs = require "lfs"; + local cert_dir_attrs = lfs.attributes(cert_basedir); + if pposix.getuid() ~= cert_dir_attrs.uid then + show_warning("The directory "..cert_basedir.." is not owned by the current user, won't be able to write files to it"); + return 1; + elseif cert_dir_attrs.permissions:match("^%.w..%-..%-.$") then + show_warning("The directory "..cert_basedir.." not only writable by its owner"); + return 1; + end local subcmd = table.remove(arg, 1); if type(cert_commands[subcmd]) == "function" then if not arg[1] then |