aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMunyoki Kilyungi (aider)2025-02-04 15:52:31 +0300
committerMunyoki Kilyungi2025-04-22 14:19:09 +0300
commit20ad04aaabcb3984a0ab207d633c1093f8993126 (patch)
treeb2bb58c4275544860fc650c914ab0ddadfa2a89f
parent0f529485856a91e091f25cebf9db70d192343cf3 (diff)
downloadgn-machines-20ad04aaabcb3984a0ab207d633c1093f8993126.tar.gz
Ensure proper ownership of gn-auth secrets directory and files.
Diffstat
-rw-r--r--genenetwork-local-container.scm26
1 files changed, 16 insertions, 10 deletions
diff --git a/genenetwork-local-container.scm b/genenetwork-local-container.scm
index b19c7a1..d07ee25 100644
--- a/genenetwork-local-container.scm
+++ b/genenetwork-local-container.scm
@@ -194,16 +194,22 @@ server described by CONFIG, a <genenetwork-configuration> object."
(passwd:uid (getpw "genenetwork"))
(passwd:gid (getpw "genenetwork"))))
(cons* #$gn3-secrets
- (append (find-files "/etc/genenetwork/conf/gn-auth"
- #:directories? #t)
- (find-files "/etc/genenetwork/conf/gn2"
- #:directories? #t)
- (find-files "/etc/genenetwork/conf/gn3"
- #:directories? #t)
- (find-files "/var/lib/gn-docs"
- #:directories? #t)
- (find-files #$(dirname auth-db-path)
- #:directories? #t))))
+ (append (list "/etc/genenetwork/conf/gn-auth"
+ "/etc/genenetwork/conf/gn-auth/secrets.py"
+ "/etc/genenetwork/conf/gn2"
+ "/etc/genenetwork/conf/gn3"
+ "/var/lib/gn-docs"
+ #$(dirname auth-db-path))
+ (find-files "/etc/genenetwork/conf/gn-auth"
+ #:directories? #t)
+ (find-files "/etc/genenetwork/conf/gn2"
+ #:directories? #t)
+ (find-files "/etc/genenetwork/conf/gn3"
+ #:directories? #t)
+ (find-files "/var/lib/gn-docs"
+ #:directories? #t)
+ (find-files #$(dirname auth-db-path)
+ #:directories? #t))))
;; Prevent other users from reading secret files.
(for-each (lambda (file)
(chmod file #o600))
generated by cgit v1.2.3 (git 2.47.1) at 2025-06-22 08:01:01 +0000