Skip to content

bitlbee: “Error loading user config: Permission denied”

  • by

You can’t deny me!

tl;dr: check permissions match user id

Context

I updated my self-hosted bitlbee docker instance as I was getting repeatedly disconnected with HTTP response truncated errors. It was still functional, but annoying to lost connectivity and see the reauth sequence repeatedly. Usually an update is simple: docker-compose pull; docker-compose down; docker-compose up -d.

However this time, bitlbee complained:

21:33 <@robert> identify
21:33 <@root> About to identify, use /OPER to enter the password
21:33 <@root> Error loading user config: Permission denied
21:33 <@root> Unknown error while loading configuration

Er..?

Troubleshooting

My password was correct, but I tried it again just in case. There’s a much better way listed in the bitlbee wiki:

$ ./bitlbee -x chkhash g2NoCazlK5frSm+p5KpXu740qfph pom
Hash matches given password.

So I needed my password hash:

$ docker exec -it bitlbee /bin/bash
bitlbee@475e7da09d06:/$ more /var/lib/bitlbee/robert.xml
more: cannot open /var/lib/bitlbee/robert.xml: Permission denied

Why can’t the bitlbee user read bitlbee-related files?

$ ls -l /var/lib/bitlbee/
total 96K    
-rw-------    1 105      nobody     79.2K May  2 19:53 crash.log
drwx------    5 105      root        4.0K Jun 22 15:18 purple
-rw-------    1 105      root           0 Jan  7  2021 robert.otr_fprints
-rw-r--r--    1 105      root         173 Oct 25  2019 robert.otr_instags
-rw-------    1 105      root        1.9K Nov  8  2019 robert.otr_keys
-rw-------    1 105      root         791 Jan  7  2021 robert.xml
$ grep bitlbee /etc/passwd
bitlbee:x:104:65534::/var/lib/bitlbee:/usr/sbin/nologin

…oh. bitlbee has uid 104, and for some reason these are owned by id 105. Weird, but okay.

Fixing Permissions with a Temporary Container

To fix the permissions I mounted the bitlbee data volume in another container, and chown’d the directory:

# (on the docker host)
$ docker run -it -v bitlbee_data:/mnt/ --name testmount alpine
# (in the temporary container)
/ # chown -R 104 /mnt

Substitute the named volume (bitlbee_data) with whatever name you’re using for it, and bitlbee’s uid (104) with the appropriate uid.

Thereafter bitlbee authenticated successfully.

Tell us what's on your mind