search

letheanVPN / lthn-app-vpn

Client/Server dVPN
https://www.lt.hn
European Union Public License 1.2
36 stars 16 forks source link

lthnvpnc file permission issues #117

Open ronnylov opened 5 years ago

ronnylov commented 5 years ago

Hi!

I am testing lethean-vpn from the github branch /bug/limosek/dpkg-easy-install after creating package repo for debian buster. When using command line vpn client lthnvpnc to list providers I get following error when the user is added to lthn group but username is something else than lthn:

ronny@t450s:~$ lthnvpnc list
Traceback (most recent call last):
  File "/usr/bin/lthnvpnc", line 194, in <module>
    main(sys.argv[1:])
  File "/usr/bin/lthnvpnc", line 120, in main
    util.parseCommonArgs(p, cfg, 'lthnvpnc')
  File "/usr/lib/lthn/util.py", line 140, in parseCommonArgs
    ah = logging.FileHandler(cfg.a)
  File "/usr/lib/python3.7/logging/__init__.py", line 1092, in __init__
    StreamHandler.__init__(self, self._open())
  File "/usr/lib/python3.7/logging/__init__.py", line 1121, in _open
    return open(self.baseFilename, self.mode, encoding=self.encoding)
PermissionError: [Errno 13] Permission denied: '//var/log/lthn/audit.log'
ronny@t450s:~$ ls -al /var/log/lthn/audit.log 
-rw-r--r-- 1 lthn lthn 640 okt  4 16:33 /var/log/lthn/audit.log

The reason for this is that lthn group does not have file writing permissions to this file.

I tried to manually fix the issue:

ronny@t450s:~$ sudo chmod g+w  /var/log/lthn/audit.log 
ronny@t450s:~$ ls -al  /var/log/lthn/audit.log 
-rw-rw-r-- 1 lthn lthn 640 okt  4 16:33 /var/log/lthn/audit.log

Then I got another issue:

ronny@t450s:~$ lthnvpnc list
INFO:audit:action=START,type=SERVICE,obj=lthnvpnc,
ERROR:lthnvpnc:Cannot write SDP cache //var/lib/lthn/997c02dd538ec2e5d2f699a2cdd366b97c59dae53e280484a6e8e486fcd57a01.json

This is also caused by write permissions problem for the user.

ronny@t450s:~$ ls -al /var/lib/lthn
totalt 108
drwxrwx---  6 lthn lthn  4096 okt  6 23:32 .
drwxr-xr-x 59 root root  4096 okt  6 20:44 ..
-rw-r--r--  1 lthn lthn 84981 okt  4 16:29 997c02dd538ec2e5d2f699a2cdd366b97c59dae53e280484a6e8e486fcd57a01.json
drwxr-xr-x  2 root root  4096 jun 27 10:14 ha
drwxr-xr-x  2 root root  4096 jun 27 10:14 log
drwxr-xr-x  2 root root  4096 jun 27 10:14 ovpn
drwxr-xr-x  2 root root  4096 jun 27 10:14 run

Adding write permissions for group on the files in /var/lib/lthn directory finally solved the issue

ronny@t450s:~$ sudo chmod g+w /var/lib/lthn/*
ronny@t450s:~$ lthnvpnc list
INFO:audit:action=START,type=SERVICE,obj=lthnvpnc,
SDP,ProviderId/ServiceId,serviceType,ProviderName,ServiceName
sdp:454f3f3279876b63b90bc802b99e7301c6591ecada5025ed52292362e969b4f3/1A(ultriquewa.ultrique.co.uk:8080/TCP),proxy,Lethean AU,proxy
sdp:866ab1063d479e6bd19a51eb0045fb70540457cad3dca5e05f473640cbf73323/1A(nl01.lethernet.com:8085/TCP),proxy,Lethernet NL,BASIC no malware
...
ronnylov commented 5 years ago

Does not seem very easy to change default permissions to a directory? https://unix.stackexchange.com/questions/1314/how-to-set-default-file-permissions-for-all-folders-files-in-a-directory

Is it a better option to store user files in the user's home directory?