[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [mosquitto-dev] Unable to start mosquitto - problem with password file - SOLVED...ish
|
Peter Rockett <p.rockett@xxxxxxxxxxxxxxx> writes:
> OK. You've convinced me! I had missed the significance of the 'user'
> entry in the mosquitto.conf doc. But I think that falls into the
> category of blindingly obvious... if you know the answer. I still
For me, I had no real idea what was going on, and I tried to answer
"what uid and gid does mosquitto operate under and how is that
configured". Many of my daemons have a -u foo -g bar arguments in
rc.conf, but for this I was led to the config file. But yes, easier
recognized in hindsight.
> think it would be helpful for the need to have mosquitto in the group
> permissions of passwd explicitly documented somewhere - especially as
> this seems to have been introduced since I last used mosquitto.
But I don't think that is the rule. I think it's "a process running
with the configured user and group must be able to read the config
file". That would be fair to add to a man page.
> And I still think the warning from mosquitto_password about '0700'
> access is very misleading.
Yes. I think it should be split into:
if read fails, say "can't read mosquitto_password while operating as
uid %d and gid %d".
if group write or other read/write, or any execute are on (0127), then
warn about "unexpected permission bits 0%0d appear excessive". (Wow,
I am now fuzzy about printing octal, despite being raised on a
PDP-11!)
