aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArun Isaac2024-03-05 14:08:21 +0000
committerArun Isaac2024-03-05 14:09:44 +0000
commit5a7537bf91f066e5a7b59b993bb5cc7038d54564 (patch)
treef72faabb3359f1d8aa2435b9550e1e9cf9f072be
parent36b48fd03fd9593936b88ebcca827e77cb790bf1 (diff)
downloadgn-machines-5a7537bf91f066e5a7b59b993bb5cc7038d54564.tar.gz
Let the gunicorn-gn-auth user own the auth database.
gn-auth runs as the gunicorn-gn-auth user, not the genenetwork user. * genenetwork/services/genenetwork.scm (genenetwork-activation): Let the gunicorn-gn-auth user own the auth database. Reported-by: Frederick M. Muriithi <fredmanglis@protonmail.com>
-rw-r--r--genenetwork/services/genenetwork.scm12
1 files changed, 5 insertions, 7 deletions
diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm
index f37a078..aa4ac77 100644
--- a/genenetwork/services/genenetwork.scm
+++ b/genenetwork/services/genenetwork.scm
@@ -109,10 +109,11 @@
(for-each (lambda (file)
(chown file
- (passwd:uid (getpw "genenetwork"))
- (passwd:gid (getpw "genenetwork"))))
- (find-files #$(dirname auth-db)
- #:directories? #t))
+ (passwd:uid (getpw "gunicorn-gn-auth"))
+ (passwd:gid (getpw "gunicorn-gn-auth"))))
+ (cons #$gn-auth-secrets
+ (find-files #$(dirname auth-db)
+ #:directories? #t)))
;; Let each service user own their own secrets files.
(chown #$gn2-secrets
(passwd:uid (getpw "gunicorn-genenetwork2"))
@@ -120,9 +121,6 @@
(chown #$gn3-secrets
(passwd:uid (getpw "gunicorn-genenetwork3"))
(passwd:gid (getpw "gunicorn-genenetwork3")))
- (chown #$gn-auth-secrets
- (passwd:uid (getpw "gunicorn-gn-auth"))
- (passwd:gid (getpw "gunicorn-gn-auth")))
;; Set owner-only permissions on secrets files.
(for-each (lambda (file)
(chmod file #o600))