aboutsummaryrefslogtreecommitdiffstats
path: root/prosodyctl
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2017-04-21 14:24:59 +0200
committerKim Alvefur <zash@zash.se>2017-04-21 14:24:59 +0200
commitb5e6c7a6f559efb9010ece6ac05cd3fc5bc1cbb2 (patch)
treee8c7fc97edc578edb930939a7b132a4d40091eb1 /prosodyctl
parent451ec7734c8e9741e6d21b1e6839db16e46f7ca4 (diff)
downloadprosody-b5e6c7a6f559efb9010ece6ac05cd3fc5bc1cbb2.tar.gz
prosody-b5e6c7a6f559efb9010ece6ac05cd3fc5bc1cbb2.zip
prosodyctl: Verify permissions on directory that certificates are written to
Diffstat (limited to 'prosodyctl')
-rwxr-xr-xprosodyctl8
1 files changed, 8 insertions, 0 deletions
diff --git a/prosodyctl b/prosodyctl
index 57899607..86e2ccc4 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -830,6 +830,14 @@ function commands.cert(arg)
if #arg >= 1 and arg[1] ~= "--help" then
openssl = require "util.openssl";
lfs = require "lfs";
+ local cert_dir_attrs = lfs.attributes(cert_basedir);
+ if pposix.getuid() ~= cert_dir_attrs.uid then
+ show_warning("The directory "..cert_basedir.." is not owned by the current user, won't be able to write files to it");
+ return 1;
+ elseif cert_dir_attrs.permissions:match("^%.w..%-..%-.$") then
+ show_warning("The directory "..cert_basedir.." not only writable by its owner");
+ return 1;
+ end
local subcmd = table.remove(arg, 1);
if type(cert_commands[subcmd]) == "function" then
if not arg[1] then