[Letsencrypt-devel] Bug#810216: letsencrypt: fails to run as unprivileged user

IOhannes m zmölnig (Debian/GNU) umlaeute at debian.org
Thu Jan 7 10:35:33 UTC 2016


Package: letsencrypt
Version: 0.1.1-3
Severity: normal

Dear Maintainer,

letsencrypt gives me a hard time when being run as unprivileged user.
i understand that quite a number of operations require supercow powers, but the
error messages are rather cryptic (being generic python exceptions):

    $ letsencrypt
    An unexpected error occurred:
    OSError: [Errno 13] Permission denied: '/etc/letsencrypt'
    Please see the logfile 'letsencrypt.log' for more details.
    $ cat letsencrypt.log
    Traceback (most recent call last):
      File "/usr/bin/letsencrypt", line 9, in <module>
        load_entry_point('letsencrypt==0.1.1', 'console_scripts', 'letsencrypt')()
      File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1359, in main
        "--strict-permissions" in cli_args)
      File "/usr/lib/python2.7/dist-packages/letsencrypt/le_util.py", line 103, in make_or_verify_dir
        os.makedirs(directory, mode)
      File "/usr/lib/python2.7/os.py", line 157, in makedirs
        mkdir(name, mode)
    OSError: [Errno 13] Permission denied: '/etc/letsencrypt'
    $ sudo letsencrypt
    No installers seem to be present and working on your system; fix that or try
    running letsencrypt with the "certonly" command
    $ letsencrypt
    Traceback (most recent call last):
      File "/usr/bin/letsencrypt", line 9, in <module>
        load_entry_point('letsencrypt==0.1.1', 'console_scripts', 'letsencrypt')()
      File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1364, in main
        setup_logging(args, _cli_log_handler, logfile='letsencrypt.log')
      File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1277, in setup_logging
        args, logfile=logfile, fmt=fmt)
      File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1248, in setup_log_file_handler
        log_file_path, maxBytes=2 ** 20, backupCount=10)
      File "/usr/lib/python2.7/logging/handlers.py", line 117, in __init__
        BaseRotatingHandler.__init__(self, filename, mode, encoding, delay)
      File "/usr/lib/python2.7/logging/handlers.py", line 64, in __init__
        logging.FileHandler.__init__(self, filename, mode, encoding, delay)
      File "/usr/lib/python2.7/logging/__init__.py", line 905, in __init__
        StreamHandler.__init__(self, self._open())
      File "/usr/lib/python2.7/logging/__init__.py", line 935, in _open
        stream = open(self.baseFilename, self.mode)
    IOError: [Errno 13] Permission denied: '/var/log/letsencrypt/letsencrypt.log'
    $

if the letsencrypt binary is only meant to be run as superuser, please move it
from /usr/bin/ to /usr/sbin/ and/or add additional checks whether the user has
the required privileges and provide them with a meaningful error message.

otoh, i guess that some functionality of letsencrypt does not require root
priviliges at all, at least it should not require such privilges (e.g. i don't
see why `letsencrypt plugins` must be run as root).




*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: stretch/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_AT.utf8, LC_CTYPE=de_AT.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages letsencrypt depends on:
ii  dialog              1.2-20150920-1
ii  python-letsencrypt  0.1.1-3
pn  python:any          <none>

letsencrypt recommends no packages.

Versions of packages letsencrypt suggests:
pn  python-letsencrypt-apache  <none>
ii  python-letsencrypt-doc     0.1.1-3

-- no debconf information



More information about the Letsencrypt-devel mailing list