Permission issues when installing from source.

[Paliak]

Describe the bug

This is related to #396 but i thought i'd start a new thread instead of trying to revive that one.

I've managed to compile and install maddy on my raspberry pi successfully but it had taken me days to actually get it up and running due to permission issues.

After successfully compiling by following the steps here i tried installing maddy by running ./build.sh install as my normal user:

-- Installing built files...
install: cannot create regular file '///usr/local/bin/maddy': Permission denied

this is due to my /usr/local/bin folder permissions looking like this: drwxr-xr-x 1 root root 34 Oct 23 02:34 /usr/local/bin

So i ran ./build.sh install with sudo: sudo ./build.sh install and it installed the files but because a modern enough version of go was not available from the raspbian repositories i had to download it from https://go.dev/dl/ and export some env vars as mentioned in the guide to compile:

export GOROOT="$PWD/go"
export PATH="$PWD/go/bin:$PATH"

due to my sudo installation being configured with the secure_path option sudo did not use my current env and therefor the platform check:

maddy/build.sh

Line 149 in 96fce6b

if [ "$(go env GOOS)" = "linux" ]; then

threw:

- Installing built files...
./build.sh: 152: eval: go: not found

I initially solved it by simply editing the script and running it again to get the systemd service to install but another way to do it would be to just pass the env variables into sudo. Would be cool to have this mentioned as a possible issue somewhere in the guide or possibly use a different way of identifying the platform.

The permissions of the files created by the installation script after running it with sudo look like this:

drwxr-xr-x 1 root root 20 Feb 21 14:38 /etc/maddy/

Meaning that the systemd service which runs as the maddy user will only have read and execute permissions, causing it to fail to start.

I solved it by running sudo chown maddy:maddy on all files created by the installation script which now caused maddy to fail with an error saying that it can't bind on privileged ports. Solved by running sudo setcap CAP_NET_BIND_SERVICE=+eip $(which maddy) which finally allowed the service to start.

Following the guide i tried creating a new user by running maddyctl as a normal user and was again greeted by a permission issue even though my user was a member of the maddy group. This was due to many of the files that maddy needed to write to being created with 755 permissions meaning that members of the maddy groups could read and execute but not write. Running sudo chmod 770 again on the files created by the installation script allowed me to create a new user but the issue would come back after restarting the systemd service.

After a while debugging it seems to be caused by systemd defaulting to 755 for RuntimeDirectoryMode, StateDirectoryMode, CacheDirectoryMode, LogsDirectoryMode, ConfigurationDirectoryMode which are not specified in the maddy.service file and the umask being set to 0027 which assuming form the comment is intentional but causes issues.

Steps to reproduce

Install maddy from source on raspbian.

Environment information

Maddy repo at tag v0.6.2
Os version: 2022-09-22-raspios-bullseye-armhf-lite

[foxcpp]

Addressed in 28bdf6d.

1. Clarify that you need to manually create the user and group
   when building from source. ./build.sh does not do that since
   it is a packaging tool, not system configuration one.

2. Do not require "go" command to be present when running
   ./build.sh install. go installation may be user-specific and
   unavailable when running with sudo.

3. Ease UMask restrictions. Allow group access.
   This allows CLI commands to be run by any user in maddy group.