[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [mosquitto-dev] Unable to start mosquitto - problem with password file - SOLVED...ish
|
Peter Rockett via mosquitto-dev <mosquitto-dev@xxxxxxxxxxx> writes:
> Ummm.... Can anybody convince me this isn't a bug at some level. It is
> telling me to change the world read access to none... which means
> starting the service will bail with an error on the passwd file
> permissions. It seems like world read access is required by the
> mosquitto daemon somehow. (Also, why should a data file like this need
> owner execute permissions?)
>
> Any comments before I file a ticket?
Stepping back from what mosquitto does, I'd say best practice is:
passwd file owned by root (so the mosquitto process cannot write it)
passwd file in mosquitto group
permission 640
(it makes no sense to have an x bit on a text file)
I would suggest using ktrace/ktruss/dtrace/strace or whatever your
system has to look at the system calls and what fails. Also inspect
your startup scripts to see what uid/gid mosquitto runs as.
See mosquitto.conf(5), the "user" option, which says mosquitto changes
to that use and it's group:
user username
When run as root, change to this user and its primary group on
startup. If set to "mosquitto" or left unset, and if the
"mosquitto" user does not exist, then mosquitto will change to the
"nobody" user instead. If this is set to another value and
mosquitto is unable to change to this user and group, it will exit
with an error. The user specified must have read/write access to
the persistence database if it is to be written. If run as a
non-root user, this setting has no effect. Defaults to mosquitto.
On my system
/usr/pkg/sbin/mosquitto is 755 (so no suid/sgid at all going on)
the default of "user mosquitto" is not contradicted by my config file
the user mosquitto has a primary group of mosquitto
my config file is 640, but mosquitto.mosquitto vs root.mosquitto as I
suggest above.
