aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-04-09 07:22:17 +0300
committerFrederick Muriuki Muriithi2024-04-09 07:22:17 +0300
commit57bf9ae01f1993d8bb29e7cb6a3bdb822bade80c (patch)
tree843094396a01a78905e160149072332c25899566
parent7100746e9f0c5c091705f05e4d02e46e614da74a (diff)
downloadgn-machines-57bf9ae01f1993d8bb29e7cb6a3bdb822bade80c.tar.gz
gn-uploader: Change ownership of data-directory
While the share is technically writable from the container, the service was running as an unprivileged user, and thus could not write to the data-directory. This commit changes the ownership of the data-directory to the same user that runs the service.
-rw-r--r--genenetwork/services/genenetwork.scm8
1 files changed, 6 insertions, 2 deletions
diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm
index 9d503ab..af0c3fc 100644
--- a/genenetwork/services/genenetwork.scm
+++ b/genenetwork/services/genenetwork.scm
@@ -389,7 +389,7 @@ a @code{<genenetwork-configuration>} record."
(define (gn-uploader-activation config)
(match-record config <gn-uploader-configuration>
- (secrets)
+ (secrets data-directory)
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
@@ -400,7 +400,11 @@ a @code{<genenetwork-configuration>} record."
;; Set owner-only permissions on secrets files.
(for-each (lambda (file)
(chmod file #o600))
- (list #$secrets))))))
+ (list #$secrets))
+ ;; Let gn-uploader service own its data-directory
+ (chown #$data-directory
+ (passwd:uid (getpw "gunicorn-gn-uploader"))
+ (passwd:gid (getpw "gunicorn-gn-uploader")))))))
(define (gn-uploader-gunicorn-app config)
(match-record config <gn-uploader-configuration>