StatelessInit as option LND config

dzdidi commented 2 years ago

StatelessInit as option LND config

If I understand correctly, StatelessInit being part of lncli is motivated by case of remote lncli (client) which would make admin.macaroon file never stored in the lnd (server) at the first place. At the same time, there is a WalletUnlockPasswordFile option which allows to restart node and unlock wallet automatically which will persist *.macaroon files on server.

Your environment

version of lnd: lnd version 0.14.1-beta commit=v0.14.1-beta
which operating system (uname -a on Nix): ``
version of btcd, bitcoind, or other backend: *
any other relevant environment details: -

Steps to reproduce

rename all the *.macaroon files; add WalletUnlockPasswordFile option with path to file with correct password restart lnd and see new *.macaroon files

Expected behaviour

Have a config option which would prevent creation of macaroon files when auto-unlock is enabled

Kixunil commented 2 years ago

Stateless init is contradictory in its effect to auto unlocking. If you auto unlock then the file you used for unlocking has exactly same security implications as storing macaroons.

I'd make more sense to warn or error that the options are contradictory.

dzdidi commented 2 years ago

@Kixunil , understood. In this case, should enabling of auto-unlock check existence of macaroon files on disk and fail/warn if they exist?

Kixunil commented 2 years ago

No, if auto unlock is enabled it means the user trusts OS/filesystem to securely store sensitive information so there's no logical reason to disable macaroons. If stateless init is used and either auto unlock is also used or the macaroons already exist on disk then a warning/error is appropriate.

lightningnetwork / lnd