core: caddy unable to start with an empty $HOME

[akovalenko]

See PR #6340 for a fix

May 25 15:35:24 murphy caddy[1714061]: {"level":"info","ts":1716651324.5984552,"msg":"adapted config to JSON","adapter":"caddyfile"}
May 25 15:35:24 murphy caddy[1714061]: {"level":"info","ts":1716651324.59878,"logger":"admin","msg":"admin endpoint started","address":"local
host:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
May 25 15:35:24 murphy caddy[1714061]: {"level":"info","ts":1716651324.5988348,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTT
PS redirects","server_name":"srv0"}
May 25 15:35:24 murphy caddy[1714061]: {"level":"info","ts":1716651324.5989084,"logger":"http","msg":"enabling HTTP/3 listener","addr":":8443
"}
May 25 15:35:24 murphy caddy[1714061]: {"level":"info","ts":1716651324.5989208,"logger":"tls.cache.maintenance","msg":"started background cer
tificate maintenance","cache":"0xc0006fc080"}
May 25 15:35:24 murphy caddy[1714061]: {"level":"info","ts":1716651324.5989985,"logger":"http.log","msg":"server running","name":"srv0","prot
ocols":["h1","h2","h3"]}
May 25 15:35:24 murphy caddy[1714061]: {"level":"info","ts":1716651324.5990164,"logger":"http.log","msg":"server running","name":"remaining_a
uto_https_redirects","protocols":["h1","h2","h3"]}
May 25 15:35:24 murphy caddy[1714061]: {"level":"info","ts":1716651324.5990188,"logger":"http","msg":"enabling automatic TLS certificate mana
gement","domains":["caddy.s.my-ns.me"]}
May 25 15:35:24 murphy caddy[1714061]: {"level":"warn","ts":1716651324.5990365,"logger":"tls","msg":"unable to get instance ID; storage clean
 stamps will be incomplete","error":"mkdir /var/lib/caddy/.local/share/caddy: permission denied"}
May 25 15:35:24 murphy caddy[1714061]: {"level":"info","ts":1716651324.5990567,"logger":"tls.cache.maintenance","msg":"stopped background cer
tificate maintenance","cache":"0xc0006fc080"}
May 25 15:35:24 murphy caddy[1714061]: Error: loading initial config: loading new config: http app module: start: finalizing automatic HTTPS:
 managing certificates for [caddy.s.my-ns.me]: automate: manage [caddy.s.my-ns.me]: caddy.s.my-ns.me: caching certificate: open /var/lib/cadd
y/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/caddy.s.my-ns.me/caddy.s.my-ns.me.key: permission denied
May 25 15:35:24 murphy caddy[1714061]: {"level":"error","ts":1716651324.599082,"logger":"tls","msg":"could not clean default/global storage",
"error":"unable to acquire storage_clean lock: creating lock file: open /var/lib/caddy/.local/share/caddy/locks/storage_clean.lock: permission denied"}

[francislavoie]

Why do you have an empty HOME in the first place? That sounds like a system misconfiguration, not really something Caddy should be expected to deal with.

[akovalenko]

@francislavoie I created a user for running caddy, like useradd -m caddy. His home directory is initially empty, all paths like $HOME/.local/share/caddy are supposed to be created on demand. And they are indeed created by caddy, but in one place caddy's doing it wrong (after creating a directory without exec permission it cannot create anything under it).

By the way, the same problem would happen for a user with non-empty HOME who has never run caddy before, so he has no ~/.local/share/caddy yet.

[mholt]

When I try to reproduce this locally, everything works OK for me.

I set HOME to a folder that doesn't exist, and when I run Caddy, I don't get that error. 🤔 Everything works fine. This is also the first report we've had of this which is odd. Seems like almost everyone would have this problem.

How can I reproduce the error? (I already did the steps in your last comment.)

[francislavoie]

See https://caddyserver.com/docs/running#manual-installation, this is how our .deb package sets up the user as well, and we don't have issues with that. 🤷‍♂️

[FinChain]

Same here!
Debian + Caddy v2.8.0 h1:7ZCvB9R7qBsEydqBkYCOHaMNrDEF/fj0ZouySV2D474=
Fresh installation.