[Letsencrypt-devel] Bug#810216: letsencrypt: fails to run as unprivileged user
IOhannes m zmölnig (Debian/GNU)
umlaeute at debian.org
Thu Jan 7 10:35:33 UTC 2016
Package: letsencrypt
Version: 0.1.1-3
Severity: normal
Dear Maintainer,
letsencrypt gives me a hard time when being run as unprivileged user.
i understand that quite a number of operations require supercow powers, but the
error messages are rather cryptic (being generic python exceptions):
$ letsencrypt
An unexpected error occurred:
OSError: [Errno 13] Permission denied: '/etc/letsencrypt'
Please see the logfile 'letsencrypt.log' for more details.
$ cat letsencrypt.log
Traceback (most recent call last):
File "/usr/bin/letsencrypt", line 9, in <module>
load_entry_point('letsencrypt==0.1.1', 'console_scripts', 'letsencrypt')()
File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1359, in main
"--strict-permissions" in cli_args)
File "/usr/lib/python2.7/dist-packages/letsencrypt/le_util.py", line 103, in make_or_verify_dir
os.makedirs(directory, mode)
File "/usr/lib/python2.7/os.py", line 157, in makedirs
mkdir(name, mode)
OSError: [Errno 13] Permission denied: '/etc/letsencrypt'
$ sudo letsencrypt
No installers seem to be present and working on your system; fix that or try
running letsencrypt with the "certonly" command
$ letsencrypt
Traceback (most recent call last):
File "/usr/bin/letsencrypt", line 9, in <module>
load_entry_point('letsencrypt==0.1.1', 'console_scripts', 'letsencrypt')()
File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1364, in main
setup_logging(args, _cli_log_handler, logfile='letsencrypt.log')
File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1277, in setup_logging
args, logfile=logfile, fmt=fmt)
File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1248, in setup_log_file_handler
log_file_path, maxBytes=2 ** 20, backupCount=10)
File "/usr/lib/python2.7/logging/handlers.py", line 117, in __init__
BaseRotatingHandler.__init__(self, filename, mode, encoding, delay)
File "/usr/lib/python2.7/logging/handlers.py", line 64, in __init__
logging.FileHandler.__init__(self, filename, mode, encoding, delay)
File "/usr/lib/python2.7/logging/__init__.py", line 905, in __init__
StreamHandler.__init__(self, self._open())
File "/usr/lib/python2.7/logging/__init__.py", line 935, in _open
stream = open(self.baseFilename, self.mode)
IOError: [Errno 13] Permission denied: '/var/log/letsencrypt/letsencrypt.log'
$
if the letsencrypt binary is only meant to be run as superuser, please move it
from /usr/bin/ to /usr/sbin/ and/or add additional checks whether the user has
the required privileges and provide them with a meaningful error message.
otoh, i guess that some functionality of letsencrypt does not require root
priviliges at all, at least it should not require such privilges (e.g. i don't
see why `letsencrypt plugins` must be run as root).
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: stretch/sid
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.3.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_AT.utf8, LC_CTYPE=de_AT.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages letsencrypt depends on:
ii dialog 1.2-20150920-1
ii python-letsencrypt 0.1.1-3
pn python:any <none>
letsencrypt recommends no packages.
Versions of packages letsencrypt suggests:
pn python-letsencrypt-apache <none>
ii python-letsencrypt-doc 0.1.1-3
-- no debconf information
More information about the Letsencrypt-devel
mailing list