From 77f5983b42ab5faa42ee3d2b805ca2f8a838c0ea Mon Sep 17 00:00:00 2001
From: Lee Clemens <java@leeclemens.net>
Date: Sat, 4 Jul 2015 11:30:41 -0400
Subject: [PATCH 1/2] Test permissions to socket for detailed errors if
 socket.error raised

---
 bin/fail2ban-client | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/bin/fail2ban-client b/bin/fail2ban-client
index 90c67772..ada4b376 100755
--- a/bin/fail2ban-client
+++ b/bin/fail2ban-client
@@ -171,7 +171,7 @@ class Fail2banClient:
 					streamRet = False
 			except socket.error:
 				if showRet:
-					logSys.error("Unable to contact server. Is it running?")
+					self.__logSocketError()
 				return False
 			except Exception, e:
 				if showRet:
@@ -179,6 +179,26 @@ class Fail2banClient:
 				return False
 		return streamRet
 
+	def __logSocketError(self):
+		try:
+			if os.access(self.__conf["socket"], os.F_OK):
+				# This doesn't check if path is a socket,
+				#  but socket.error should be raised
+				if os.access(self.__conf["socket"], os.W_OK):
+					# Permissions look good, but socket.error was raised
+					logSys.error("Unable to contact server. Is it running?")
+				else:
+					logSys.error("Permission denied to socket: %s,"
+								 " (you must be root)", self.__conf["socket"])
+			else:
+				logSys.error("Failed to access socket path: %s."
+							 " Is fail2ban running?",
+							 self.__conf["socket"])
+		except Exception as e:
+			logSys.error("Exception while checking socket access: %s",
+						 self.__conf["socket"])
+			logSys.error(e)
+
 	##
 	# Process a command line.
 	#

From 423d5b761e8503c3641c651f7df0ae94ceab75ca Mon Sep 17 00:00:00 2001
From: Lee Clemens <java@leeclemens.net>
Date: Sat, 4 Jul 2015 12:37:52 -0400
Subject: [PATCH 2/2] Add changelog reference for socket error logging message

---
 ChangeLog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ChangeLog b/ChangeLog
index b311513e..b4c459be 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,7 @@ ver. 0.9.3 (2015/XX/XXX) - wanna-be-released
    * action.d/cloudflare.conf - improved documentation on how to allow
      multiple CF accounts, and jail.conf got new compound action
      definition action_cf_mwl to submit cloudflare report.
+   * Check access to socket for more detailed logging on error (gh-595)
 
 
 ver. 0.9.2 (2015/04/29) - better-quick-now-than-later