From f201b4b56587b7ac34d1499c35e4dfa006977dba Mon Sep 17 00:00:00 2001
From: Chavez <matthew@el-chavez.me>
Date: Mon, 28 Mar 2016 09:56:24 -0700
Subject: [PATCH] command: Data directory permission error message

* Check for invalid data directory permissions
* Display appropriate permissions error message
* Add command test for bad data directory permissions
---
 command/agent/command.go      |  6 ++++++
 command/agent/command_test.go | 26 ++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/command/agent/command.go b/command/agent/command.go
index 17d26b5cea..af2281529f 100644
--- a/command/agent/command.go
+++ b/command/agent/command.go
@@ -204,6 +204,12 @@ func (c *Command) readConfig() *Config {
 	if config.Server {
 		mdbPath := filepath.Join(config.DataDir, "mdb")
 		if _, err := os.Stat(mdbPath); !os.IsNotExist(err) {
+			if os.IsPermission(err) {
+				c.Ui.Error(fmt.Sprintf("CRITICAL: Permission denied for data folder at %q!", mdbPath))
+				c.Ui.Error("Consul will refuse to boot without access to this directory.")
+				c.Ui.Error("Please correct permissions and try starting again.")
+				return nil
+			}
 			c.Ui.Error(fmt.Sprintf("CRITICAL: Deprecated data folder found at %q!", mdbPath))
 			c.Ui.Error("Consul will refuse to boot with this directory present.")
 			c.Ui.Error("See https://www.consul.io/docs/upgrade-specific.html for more information.")
diff --git a/command/agent/command_test.go b/command/agent/command_test.go
index 773a510d87..d04a8007b1 100644
--- a/command/agent/command_test.go
+++ b/command/agent/command_test.go
@@ -403,3 +403,29 @@ func TestProtectDataDir(t *testing.T) {
 		t.Fatalf("expected mdb dir error, got: %s", out)
 	}
 }
+
+func TestBadDataDirPermissions(t *testing.T) {
+	dir, err := ioutil.TempDir("", "consul")
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	defer os.RemoveAll(dir)
+
+	dataDir := filepath.Join(dir, "mdb")
+	if err := os.MkdirAll(dataDir, 0400); err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	defer os.RemoveAll(dataDir)
+
+	ui := new(cli.MockUi)
+	cmd := &Command{
+		Ui:   ui,
+		args: []string{"-data-dir=" + dataDir, "-server=true"},
+	}
+	if conf := cmd.readConfig(); conf != nil {
+		t.Fatalf("Should fail with bad data directory permissions")
+	}
+	if out := ui.ErrorWriter.String(); !strings.Contains(out, "Permission denied") {
+		t.Fatalf("expected permission denied error, got: %s", out)
+	}
+}