Make "unsafe directory" error message more informative (Bug#865)

* lisp/server.el (server-ensure-safe-dir): Produce a description for each "unsafe" condition.
2017-08-27 23:09:32 -04:00 · 2017-08-27 23:09:32 -04:00 · 43fac3beae
commit 43fac3beae
parent c59ddb2120
1 changed files with 26 additions and 21 deletions
--- a/lisp/server.el
+++ b/lisp/server.el
@ -525,30 +525,35 @@ Creates the directory if necessary and makes sure:
    ;; Check that it's safe for use.
    (let* ((uid (nth 2 attrs))
 	   (w32 (eq system-type 'windows-nt))
-	   (safe (cond
+           (unsafe (cond
-		  ((not (eq t (car attrs))) nil)  ; is a dir?
+                    ((not (eq t (car attrs)))
-		  ((and w32 (zerop uid))	  ; on FAT32?
+                     (format "it is a %s" (if (stringp (car attrs))
-		   (display-warning
+                                              "symlink" "file")))
-		    'server
+                    ((and w32 (zerop uid)) ; on FAT32?
-		    (format-message "\
+                     (display-warning
                      'server
                      (format-message "\
 Using `%s' to store Emacs-server authentication files.
 Directories on FAT32 filesystems are NOT secure against tampering.
 See variable `server-auth-dir' for details."
-			    (file-name-as-directory dir))
+                                      (file-name-as-directory dir))
-		    :warning)
+                      :warning)
-		   t)
+                     nil)
-		  ((and (/= uid (user-uid))	  ; is the dir ours?
+                    ((and (/= uid (user-uid)) ; is the dir ours?
-			(or (not w32)
+                          (or (not w32)
-			    ;; Files created on Windows by Administrator
+                              ;; Files created on Windows by Administrator
-			    ;; (RID=500) have the Administrators (RID=544)
+                              ;; (RID=500) have the Administrators (RID=544)
-			    ;; group recorded as the owner.
+                              ;; group recorded as the owner.
-			    (/= uid 544) (/= (user-uid) 500)))
+                              (/= uid 544) (/= (user-uid) 500)))
-		   nil)
+                     (format "it is not owned by you (owner = %s (%d))"
-		  (w32 t)			  ; on NTFS?
+                             (user-full-name (user-uid)) (user-uid)))
-		  (t				  ; else, check permissions
+                    (w32 nil)           ; on NTFS?
-		   (zerop (logand ?\077 (file-modes dir)))))))
+                    ((/= 0 (logand ?\077 (file-modes dir)))
-      (unless safe
+                     (format "it is accessible by others (%03o)"
-	(error "The directory `%s' is unsafe" dir)))))
+                             (file-modes dir)))
                    (t nil))))
      (when unsafe
        (error "`%s' is not a safe directory because %s" dir unsafe)))))
 (defun server-generate-key ()
  "Generate and return a random authentication key.