#1677 Debian postinst needs to chown generated /etc/prosody/certs/localhost.key
Reporter
Martin Kofahl
Owner
Zash
Created
Updated
Stars
★ (1)
Tags
Status-Fixed
Milestone-0.11
Component-Packages
Type-Defect
OpSys-Debian
Priority-Medium
Martin Kofahl
on
What steps will reproduce the problem?
1. install debian package prosody
2. start prosody
What is the expected output?
no error message in log
What do you see instead?
/var/log/prosody/prosody.err: SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Check that the permissions allow Prosody to read this file. (for localhost)
What version of the product are you using? On what operating system?
0.11.10-1~focal1
Please provide any additional information below.
On clean systems, postinst generates /etc/prosody/certs/localhost.key as root. The file should be owned by prosody, not by root.
Zash
on
Thanks for the report. Noticed this myself when testing the 0.11.10 packages. Seems it wasn't a new problem so didn't fix it then, but we should do so before the next release.
What steps will reproduce the problem? 1. install debian package prosody 2. start prosody What is the expected output? no error message in log What do you see instead? /var/log/prosody/prosody.err: SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Check that the permissions allow Prosody to read this file. (for localhost) What version of the product are you using? On what operating system? 0.11.10-1~focal1 Please provide any additional information below. On clean systems, postinst generates /etc/prosody/certs/localhost.key as root. The file should be owned by prosody, not by root.
Thanks for the report. Noticed this myself when testing the 0.11.10 packages. Seems it wasn't a new problem so didn't fix it then, but we should do so before the next release.
ChangesBut should ownership be prosody:root, root:prosody or prosody:prosody?!
Changeshttps://hg.prosody.im/debian/rev/50ce7bec4139 prosody:prosody will have to do
Changes