Permission issues when installing from source.
Paliak opened this issue · comments
Describe the bug
This is related to #396 but i thought i'd start a new thread instead of trying to revive that one.
I've managed to compile and install maddy on my raspberry pi successfully but it had taken me days to actually get it up and running due to permission issues.
After successfully compiling by following the steps here i tried installing maddy by running ./build.sh install
as my normal user:
-- Installing built files...
install: cannot create regular file '///usr/local/bin/maddy': Permission denied
this is due to my /usr/local/bin
folder permissions looking like this: drwxr-xr-x 1 root root 34 Oct 23 02:34 /usr/local/bin
So i ran ./build.sh install
with sudo: sudo ./build.sh install
and it installed the files but because a modern enough version of go was not available from the raspbian repositories i had to download it from https://go.dev/dl/ and export some env vars as mentioned in the guide to compile:
export GOROOT="$PWD/go"
export PATH="$PWD/go/bin:$PATH"
due to my sudo installation being configured with the secure_path
option sudo did not use my current env and therefor the platform check:
Line 149 in 96fce6b
threw:
- Installing built files...
./build.sh: 152: eval: go: not found
I initially solved it by simply editing the script and running it again to get the systemd service to install but another way to do it would be to just pass the env variables into sudo. Would be cool to have this mentioned as a possible issue somewhere in the guide or possibly use a different way of identifying the platform.
The permissions of the files created by the installation script after running it with sudo look like this:
drwxr-xr-x 1 root root 20 Feb 21 14:38 /etc/maddy/
Meaning that the systemd service which runs as the maddy user will only have read and execute permissions, causing it to fail to start.
I solved it by running sudo chown maddy:maddy
on all files created by the installation script which now caused maddy to fail with an error saying that it can't bind on privileged ports. Solved by running sudo setcap CAP_NET_BIND_SERVICE=+eip $(which maddy)
which finally allowed the service to start.
Following the guide i tried creating a new user by running maddyctl
as a normal user and was again greeted by a permission issue even though my user was a member of the maddy group. This was due to many of the files that maddy needed to write to being created with 755 permissions meaning that members of the maddy groups could read and execute but not write. Running sudo chmod 770
again on the files created by the installation script allowed me to create a new user but the issue would come back after restarting the systemd service.
After a while debugging it seems to be caused by systemd defaulting to 755 for RuntimeDirectoryMode, StateDirectoryMode, CacheDirectoryMode, LogsDirectoryMode, ConfigurationDirectoryMode
which are not specified in the maddy.service
file and the umask
being set to 0027
which assuming form the comment is intentional but causes issues.
Steps to reproduce
Install maddy from source on raspbian.
Environment information
Maddy repo at tag v0.6.2
Os version: 2022-09-22-raspios-bullseye-armhf-lite