Closed meliurwen closed 2 years ago
I believe folder creation, even if it's intended to prevent tedious manual folder creation for users, is out of scope for MPD. It opens up a whole lot of permission-related problems and potential security holes.
I mean, in most distros, default MPD configuration is a global daemon and required directories are created automatically when package is installed. Per-user setup is a non-standard scenario and has to be configured responsibly, understanding exactly what's happening.
Consider this: if user has a writable MPD config (or even worse, a world-writable 777 MPD config, if user is very lazy and incompetent) and MPD is configured to run as another user, then it would be possible to exploit MPD into creating arbitrary directories in filesystem and arbitrary files within them as another user by manipulating the config file, possibly further exploiting and/or breaking system.
This is certainly an unnecessary expansion of MPD's attack surface, even though it may seem to be more friendly for end user.
Agree with @tmp6154 - if you configure files in certain directories, you should create those directories first.
Bug report
mpd
does not try to automatically create the needed folders defined in the database section; specifically defined inpath
andcache_directory
settings.To circumvent this issue the user has to create by hand the missing needed folder(s).
A command like
mkdir -p ~/.local/share/mpd
is enough, but this extra step on the user part is bothersome and implies some knowledge on their part.Expected Behavior
mpd
with a config file with a database section pointing to filesystem paths inpath
and/orcache_directory
.mpd
tries to create the needed directoriesActual Behavior
db_file
setting:path
andcache_directory
does not exists (in this case they both have the same dirpath~/.local/share/mpd
).mpd --stdout --no-daemon
the program exits with an error code preceded by the logs listed in the "Log" section below.Version
Log
Command:
mpd --stdout --no-daemon