Merge pull request #1088 from leeclemens/bf-595/nonrootmessage

Add specific errors for client socket access (closes 595)

ChangeLog

@@ -26,6 +26,7 @@ ver. 0.9.3 (2015/XX/XXX) - wanna-be-released
    * action.d/cloudflare.conf - improved documentation on how to allow
      multiple CF accounts, and jail.conf got new compound action
      definition action_cf_mwl to submit cloudflare report.
+   * Check access to socket for more detailed logging on error (gh-595)
 
 
 ver. 0.9.2 (2015/04/29) - better-quick-now-than-later

bin/fail2ban-client

@@ -171,7 +171,7 @@ class Fail2banClient:
 					streamRet = False
 			except socket.error:
 				if showRet:
-					logSys.error("Unable to contact server. Is it running?")
+					self.__logSocketError()
 				return False
 			except Exception, e:
 				if showRet:
@@ -179,6 +179,26 @@ class Fail2banClient:
 				return False
 		return streamRet
 
+	def __logSocketError(self):
+		try:
+			if os.access(self.__conf["socket"], os.F_OK):
+				# This doesn't check if path is a socket,
+				#  but socket.error should be raised
+				if os.access(self.__conf["socket"], os.W_OK):
+					# Permissions look good, but socket.error was raised
+					logSys.error("Unable to contact server. Is it running?")
+				else:
+					logSys.error("Permission denied to socket: %s,"
+								 " (you must be root)", self.__conf["socket"])
+			else:
+				logSys.error("Failed to access socket path: %s."
+							 " Is fail2ban running?",
+							 self.__conf["socket"])
+		except Exception as e:
+			logSys.error("Exception while checking socket access: %s",
+						 self.__conf["socket"])
+			logSys.error(e)
+
 	##
 	# Process a command line.
 	#