From 418c8251d85e81cc44e415d64425b08b0418efc4 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Sat, 9 Jul 2022 16:20:00 -0400
Subject: [PATCH 1/8] Added permissions messages that match to the Teleport
 start on issues loading /var/lib/teleport dir

---
 lib/tbot/config/destination_directory.go | 5 +++++
 tool/tctl/common/tctl.go                 | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index 1020a2bab9f14..b5682c6727220 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -17,7 +17,9 @@ limitations under the License.
 package config
 
 import (
+	"errors"
 	"fmt"
+	"io/fs"
 	"os"
 	"os/user"
 	"path"
@@ -126,6 +128,9 @@ func mkdir(p string) error {
 
 		log.Infof("Created directory %q", p)
 	} else if err != nil {
+		if errors.Is(err, fs.ErrPermission) {
+			log.Errorf("Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+		}
 		return trace.Wrap(err)
 	} else if !stat.IsDir() {
 		return trace.BadParameter("Path %q already exists and is not a directory", p)
diff --git a/tool/tctl/common/tctl.go b/tool/tctl/common/tctl.go
index cbdd1a97597c3..7d80675d99912 100644
--- a/tool/tctl/common/tctl.go
+++ b/tool/tctl/common/tctl.go
@@ -288,6 +288,8 @@ func applyConfig(ccf *GlobalCLIFlags, cfg *service.Config) (*authclient.Config,
 				return nil, trace.Wrap(err, fmt.Sprintf("Could not load Teleport host UUID file at %s. "+
 					"Please make sure that Teleport is up and running prior to using tctl.",
 					filepath.Join(cfg.DataDir, utils.HostUUIDFile)))
+			} else if errors.Is(err, fs.ErrPermission) {
+				cfg.Log.Errorf("Teleport does not have permission to read to: %v. Ensure that you are running as a user with appropriate permissions.", cfg.DataDir)
 			}
 			return nil, trace.Wrap(err)
 		}

From 8400da594f6f9cb30d85506ca1ab7a51c4aa544f Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Sat, 9 Jul 2022 16:34:44 -0400
Subject: [PATCH 2/8] Added error message for unable to read host UUID

---
 tool/tctl/common/tctl.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tool/tctl/common/tctl.go b/tool/tctl/common/tctl.go
index 7d80675d99912..fae103e0e60c5 100644
--- a/tool/tctl/common/tctl.go
+++ b/tool/tctl/common/tctl.go
@@ -289,7 +289,9 @@ func applyConfig(ccf *GlobalCLIFlags, cfg *service.Config) (*authclient.Config,
 					"Please make sure that Teleport is up and running prior to using tctl.",
 					filepath.Join(cfg.DataDir, utils.HostUUIDFile)))
 			} else if errors.Is(err, fs.ErrPermission) {
-				cfg.Log.Errorf("Teleport does not have permission to read to: %v. Ensure that you are running as a user with appropriate permissions.", cfg.DataDir)
+				return nil, trace.Wrap(err, fmt.Sprintf("Teleport does not have permission to read Teleport host UUID file at %s. "+
+					"Ensure that you are running as a user with appropriate permissions.",
+					filepath.Join(cfg.DataDir, utils.HostUUIDFile)))
 			}
 			return nil, trace.Wrap(err)
 		}

From 4703db058109647fe0be742bf9567d979495fae1 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Sat, 16 Jul 2022 10:51:43 -0500
Subject: [PATCH 3/8] Modified to logging to using a trace bad parameter

---
 lib/tbot/config/destination_directory.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index b5682c6727220..14f5d449af02c 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -123,13 +123,18 @@ func mkdir(p string) error {
 	stat, err := os.Stat(p)
 	if trace.IsNotFound(err) {
 		if err := os.MkdirAll(p, botfs.DefaultDirMode); err != nil {
+			//If the user running does not have permission to create the bot dir
+			if errors.Is(err, fs.ErrPermission) {
+				return trace.BadParameter("Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+			}
 			return trace.Wrap(err)
 		}
 
 		log.Infof("Created directory %q", p)
 	} else if err != nil {
+		//This error permission can occur if unable to read into the data dir
 		if errors.Is(err, fs.ErrPermission) {
-			log.Errorf("Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+			return trace.BadParameter("Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
 		}
 		return trace.Wrap(err)
 	} else if !stat.IsDir() {

From d552d41748ac141bb80f02c27cec95ad3f4b0506 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Sat, 16 Jul 2022 10:58:39 -0500
Subject: [PATCH 4/8] Using consistent error approach and removed unneeded
 sprintf

---
 lib/tbot/config/destination_directory.go | 4 ++--
 tool/tctl/common/tctl.go                 | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index 14f5d449af02c..876ed0ec0aac1 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -125,7 +125,7 @@ func mkdir(p string) error {
 		if err := os.MkdirAll(p, botfs.DefaultDirMode); err != nil {
 			//If the user running does not have permission to create the bot dir
 			if errors.Is(err, fs.ErrPermission) {
-				return trace.BadParameter("Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+				return trace.Wrap(err, "Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
 			}
 			return trace.Wrap(err)
 		}
@@ -134,7 +134,7 @@ func mkdir(p string) error {
 	} else if err != nil {
 		//This error permission can occur if unable to read into the data dir
 		if errors.Is(err, fs.ErrPermission) {
-			return trace.BadParameter("Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+			return trace.Wrap(err, "Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
 		}
 		return trace.Wrap(err)
 	} else if !stat.IsDir() {
diff --git a/tool/tctl/common/tctl.go b/tool/tctl/common/tctl.go
index fae103e0e60c5..b0ce115003b5d 100644
--- a/tool/tctl/common/tctl.go
+++ b/tool/tctl/common/tctl.go
@@ -285,13 +285,13 @@ func applyConfig(ccf *GlobalCLIFlags, cfg *service.Config) (*authclient.Config,
 		cfg.HostUUID, err = utils.ReadHostUUID(cfg.DataDir)
 		if err != nil {
 			if errors.Is(err, fs.ErrNotExist) {
-				return nil, trace.Wrap(err, fmt.Sprintf("Could not load Teleport host UUID file at %s. "+
+				return nil, trace.Wrap(err, "Could not load Teleport host UUID file at %s. "+
 					"Please make sure that Teleport is up and running prior to using tctl.",
-					filepath.Join(cfg.DataDir, utils.HostUUIDFile)))
+					filepath.Join(cfg.DataDir, utils.HostUUIDFile))
 			} else if errors.Is(err, fs.ErrPermission) {
-				return nil, trace.Wrap(err, fmt.Sprintf("Teleport does not have permission to read Teleport host UUID file at %s. "+
+				return nil, trace.Wrap(err, "Teleport does not have permission to read Teleport host UUID file at %s. "+
 					"Ensure that you are running as a user with appropriate permissions.",
-					filepath.Join(cfg.DataDir, utils.HostUUIDFile)))
+					filepath.Join(cfg.DataDir, utils.HostUUIDFile))
 			}
 			return nil, trace.Wrap(err)
 		}

From 75e930d2b356be136b8fe6dc0a6849b4a0941d48 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Mon, 18 Jul 2022 10:37:12 -0400
Subject: [PATCH 5/8] remove comment

Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
---
 lib/tbot/config/destination_directory.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index 876ed0ec0aac1..9cc4b5a4c22e4 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -123,7 +123,6 @@ func mkdir(p string) error {
 	stat, err := os.Stat(p)
 	if trace.IsNotFound(err) {
 		if err := os.MkdirAll(p, botfs.DefaultDirMode); err != nil {
-			//If the user running does not have permission to create the bot dir
 			if errors.Is(err, fs.ErrPermission) {
 				return trace.Wrap(err, "Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
 			}

From e86193906ba533fa0c56c45c836b7f6c211073b0 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Mon, 18 Jul 2022 10:37:32 -0400
Subject: [PATCH 6/8] output change to include :

Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
---
 lib/tbot/config/destination_directory.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index 9cc4b5a4c22e4..0b8db7b9f6bbb 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -124,7 +124,7 @@ func mkdir(p string) error {
 	if trace.IsNotFound(err) {
 		if err := os.MkdirAll(p, botfs.DefaultDirMode); err != nil {
 			if errors.Is(err, fs.ErrPermission) {
-				return trace.Wrap(err, "Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+				return trace.Wrap(err, "Teleport does not have permission to write to %v. Ensure that you are running as a user with appropriate permissions.", p)
 			}
 			return trace.Wrap(err)
 		}

From eb9f798b5c2435c292f34b9264d1e26f41b8a298 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Mon, 18 Jul 2022 10:37:58 -0400
Subject: [PATCH 7/8] comment change

Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
---
 lib/tbot/config/destination_directory.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index 0b8db7b9f6bbb..efb9fc7e6d1d4 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -131,7 +131,7 @@ func mkdir(p string) error {
 
 		log.Infof("Created directory %q", p)
 	} else if err != nil {
-		//This error permission can occur if unable to read into the data dir
+		// this can occur if we are unable to read the data dir
 		if errors.Is(err, fs.ErrPermission) {
 			return trace.Wrap(err, "Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
 		}

From c7cdf1fac786c66c4bd0980e240f2c09201b5dd1 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Mon, 18 Jul 2022 10:39:41 -0400
Subject: [PATCH 8/8] changed error message when can't access

---
 lib/tbot/config/destination_directory.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index efb9fc7e6d1d4..0bf453791627f 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -133,7 +133,7 @@ func mkdir(p string) error {
 	} else if err != nil {
 		// this can occur if we are unable to read the data dir
 		if errors.Is(err, fs.ErrPermission) {
-			return trace.Wrap(err, "Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+			return trace.Wrap(err, "Teleport does not have permission to access: %v. Ensure that you are running as a user with appropriate permissions.", p)
 		}
 		return trace.Wrap(err)
 	} else if !stat.IsDir() {