From 3bb516e0388d310e5b292b466ccef7867c00290d Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Sat, 9 Jul 2022 16:20:00 -0400
Subject: [PATCH 1/8] Added permissions messages that match to the Teleport
 start on issues loading /var/lib/teleport dir

---
 lib/tbot/config/destination_directory.go | 5 +++++
 tool/tctl/common/tctl.go                 | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index 1020a2bab9f14..b5682c6727220 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -17,7 +17,9 @@ limitations under the License.
 package config
 
 import (
+	"errors"
 	"fmt"
+	"io/fs"
 	"os"
 	"os/user"
 	"path"
@@ -126,6 +128,9 @@ func mkdir(p string) error {
 
 		log.Infof("Created directory %q", p)
 	} else if err != nil {
+		if errors.Is(err, fs.ErrPermission) {
+			log.Errorf("Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+		}
 		return trace.Wrap(err)
 	} else if !stat.IsDir() {
 		return trace.BadParameter("Path %q already exists and is not a directory", p)
diff --git a/tool/tctl/common/tctl.go b/tool/tctl/common/tctl.go
index c42d76a3b4948..a72d953eee10b 100644
--- a/tool/tctl/common/tctl.go
+++ b/tool/tctl/common/tctl.go
@@ -285,6 +285,8 @@ func applyConfig(ccf *GlobalCLIFlags, cfg *service.Config) (*authclient.Config,
 				return nil, trace.Wrap(err, fmt.Sprintf("Could not load Teleport host UUID file at %s. "+
 					"Please make sure that Teleport is up and running prior to using tctl.",
 					filepath.Join(cfg.DataDir, utils.HostUUIDFile)))
+			} else if errors.Is(err, fs.ErrPermission) {
+				cfg.Log.Errorf("Teleport does not have permission to read to: %v. Ensure that you are running as a user with appropriate permissions.", cfg.DataDir)
 			}
 			return nil, trace.Wrap(err)
 		}

From 110f754fee39ce7a3272f957237206af5795cc36 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Sat, 9 Jul 2022 16:34:44 -0400
Subject: [PATCH 2/8] Added error message for unable to read host UUID

---
 tool/tctl/common/tctl.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tool/tctl/common/tctl.go b/tool/tctl/common/tctl.go
index a72d953eee10b..1d597d3ffafde 100644
--- a/tool/tctl/common/tctl.go
+++ b/tool/tctl/common/tctl.go
@@ -286,7 +286,9 @@ func applyConfig(ccf *GlobalCLIFlags, cfg *service.Config) (*authclient.Config,
 					"Please make sure that Teleport is up and running prior to using tctl.",
 					filepath.Join(cfg.DataDir, utils.HostUUIDFile)))
 			} else if errors.Is(err, fs.ErrPermission) {
-				cfg.Log.Errorf("Teleport does not have permission to read to: %v. Ensure that you are running as a user with appropriate permissions.", cfg.DataDir)
+				return nil, trace.Wrap(err, fmt.Sprintf("Teleport does not have permission to read Teleport host UUID file at %s. "+
+					"Ensure that you are running as a user with appropriate permissions.",
+					filepath.Join(cfg.DataDir, utils.HostUUIDFile)))
 			}
 			return nil, trace.Wrap(err)
 		}

From 6c7e76294efff2be687c5630716067e4b206ebde Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Sat, 16 Jul 2022 10:51:43 -0500
Subject: [PATCH 3/8] Modified to logging to using a trace bad parameter

---
 lib/tbot/config/destination_directory.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index b5682c6727220..14f5d449af02c 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -123,13 +123,18 @@ func mkdir(p string) error {
 	stat, err := os.Stat(p)
 	if trace.IsNotFound(err) {
 		if err := os.MkdirAll(p, botfs.DefaultDirMode); err != nil {
+			//If the user running does not have permission to create the bot dir
+			if errors.Is(err, fs.ErrPermission) {
+				return trace.BadParameter("Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+			}
 			return trace.Wrap(err)
 		}
 
 		log.Infof("Created directory %q", p)
 	} else if err != nil {
+		//This error permission can occur if unable to read into the data dir
 		if errors.Is(err, fs.ErrPermission) {
-			log.Errorf("Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+			return trace.BadParameter("Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
 		}
 		return trace.Wrap(err)
 	} else if !stat.IsDir() {

From 18bcc9f5ab3af7f14541693ca665825cebec1f82 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Sat, 16 Jul 2022 10:58:39 -0500
Subject: [PATCH 4/8] Using consistent error approach and removed unneeded
 sprintf

---
 lib/tbot/config/destination_directory.go | 4 ++--
 tool/tctl/common/tctl.go                 | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index 14f5d449af02c..876ed0ec0aac1 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -125,7 +125,7 @@ func mkdir(p string) error {
 		if err := os.MkdirAll(p, botfs.DefaultDirMode); err != nil {
 			//If the user running does not have permission to create the bot dir
 			if errors.Is(err, fs.ErrPermission) {
-				return trace.BadParameter("Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+				return trace.Wrap(err, "Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
 			}
 			return trace.Wrap(err)
 		}
@@ -134,7 +134,7 @@ func mkdir(p string) error {
 	} else if err != nil {
 		//This error permission can occur if unable to read into the data dir
 		if errors.Is(err, fs.ErrPermission) {
-			return trace.BadParameter("Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+			return trace.Wrap(err, "Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
 		}
 		return trace.Wrap(err)
 	} else if !stat.IsDir() {
diff --git a/tool/tctl/common/tctl.go b/tool/tctl/common/tctl.go
index 1d597d3ffafde..d916e7a48af92 100644
--- a/tool/tctl/common/tctl.go
+++ b/tool/tctl/common/tctl.go
@@ -282,13 +282,13 @@ func applyConfig(ccf *GlobalCLIFlags, cfg *service.Config) (*authclient.Config,
 		cfg.HostUUID, err = utils.ReadHostUUID(cfg.DataDir)
 		if err != nil {
 			if errors.Is(err, fs.ErrNotExist) {
-				return nil, trace.Wrap(err, fmt.Sprintf("Could not load Teleport host UUID file at %s. "+
+				return nil, trace.Wrap(err, "Could not load Teleport host UUID file at %s. "+
 					"Please make sure that Teleport is up and running prior to using tctl.",
-					filepath.Join(cfg.DataDir, utils.HostUUIDFile)))
+					filepath.Join(cfg.DataDir, utils.HostUUIDFile))
 			} else if errors.Is(err, fs.ErrPermission) {
-				return nil, trace.Wrap(err, fmt.Sprintf("Teleport does not have permission to read Teleport host UUID file at %s. "+
+				return nil, trace.Wrap(err, "Teleport does not have permission to read Teleport host UUID file at %s. "+
 					"Ensure that you are running as a user with appropriate permissions.",
-					filepath.Join(cfg.DataDir, utils.HostUUIDFile)))
+					filepath.Join(cfg.DataDir, utils.HostUUIDFile))
 			}
 			return nil, trace.Wrap(err)
 		}

From 744151ec3ab6e7420a9bdbe7234c3ed46f7c92f2 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Mon, 18 Jul 2022 10:37:12 -0400
Subject: [PATCH 5/8] remove comment

Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
---
 lib/tbot/config/destination_directory.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index 876ed0ec0aac1..9cc4b5a4c22e4 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -123,7 +123,6 @@ func mkdir(p string) error {
 	stat, err := os.Stat(p)
 	if trace.IsNotFound(err) {
 		if err := os.MkdirAll(p, botfs.DefaultDirMode); err != nil {
-			//If the user running does not have permission to create the bot dir
 			if errors.Is(err, fs.ErrPermission) {
 				return trace.Wrap(err, "Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
 			}

From 81d69a9a2b504a2e36c984a1587eabe487810060 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Mon, 18 Jul 2022 10:37:32 -0400
Subject: [PATCH 6/8] output change to include :

Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
---
 lib/tbot/config/destination_directory.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index 9cc4b5a4c22e4..0b8db7b9f6bbb 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -124,7 +124,7 @@ func mkdir(p string) error {
 	if trace.IsNotFound(err) {
 		if err := os.MkdirAll(p, botfs.DefaultDirMode); err != nil {
 			if errors.Is(err, fs.ErrPermission) {
-				return trace.Wrap(err, "Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+				return trace.Wrap(err, "Teleport does not have permission to write to %v. Ensure that you are running as a user with appropriate permissions.", p)
 			}
 			return trace.Wrap(err)
 		}

From 5a6aa2a054bc7088225d8f5a2372af8dad460f87 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Mon, 18 Jul 2022 10:37:58 -0400
Subject: [PATCH 7/8] comment change

Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
---
 lib/tbot/config/destination_directory.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index 0b8db7b9f6bbb..efb9fc7e6d1d4 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -131,7 +131,7 @@ func mkdir(p string) error {
 
 		log.Infof("Created directory %q", p)
 	} else if err != nil {
-		//This error permission can occur if unable to read into the data dir
+		// this can occur if we are unable to read the data dir
 		if errors.Is(err, fs.ErrPermission) {
 			return trace.Wrap(err, "Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
 		}

From 12ac304e3312f4f06263062517dc882c05e44c69 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Mon, 18 Jul 2022 10:39:41 -0400
Subject: [PATCH 8/8] changed error message when can't access

---
 lib/tbot/config/destination_directory.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tbot/config/destination_directory.go b/lib/tbot/config/destination_directory.go
index efb9fc7e6d1d4..0bf453791627f 100644
--- a/lib/tbot/config/destination_directory.go
+++ b/lib/tbot/config/destination_directory.go
@@ -133,7 +133,7 @@ func mkdir(p string) error {
 	} else if err != nil {
 		// this can occur if we are unable to read the data dir
 		if errors.Is(err, fs.ErrPermission) {
-			return trace.Wrap(err, "Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", p)
+			return trace.Wrap(err, "Teleport does not have permission to access: %v. Ensure that you are running as a user with appropriate permissions.", p)
 		}
 		return trace.Wrap(err)
 	} else if !stat.IsDir() {