diff options
| author | Munyoki Kilyungi | 2025-04-22 20:35:56 +0300 |
|---|---|---|
| committer | Munyoki Kilyungi | 2025-04-22 20:38:21 +0300 |
| commit | e65e743a2a736da920d008807f60985ec6081054 (patch) | |
| tree | 07cb9f1a09fab8bc963d229c907af8c13f655029 | |
| parent | 1699ce574f65dc8260505f768b33f973d996e5fd (diff) | |
| download | gn-machines-e65e743a2a736da920d008807f60985ec6081054.tar.gz | |
Set correct file and dir permissions for gn conf files.
| -rw-r--r-- | genenetwork-local-container.scm | 40 |
1 files changed, 18 insertions, 22 deletions
diff --git a/genenetwork-local-container.scm b/genenetwork-local-container.scm index 5d13f6c..85e8c08 100644 --- a/genenetwork-local-container.scm +++ b/genenetwork-local-container.scm @@ -190,42 +190,38 @@ server described by CONFIG, a <genenetwork-configuration> object." (define (genenetwork-activation config) (match-record config <genenetwork-configuration> - (gn2-secrets gn3-secrets auth-db-path gn-auth-secrets) + (gn2-secrets gn3-secrets auth-db-path gn-auth-secrets gn-doc-git-checkout) (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) - ;; Set ownership of files. (for-each (lambda (file) + (when (eq? (stat:type (stat file)) 'directory) + (chmod file #o755)) (chown file (passwd:uid (getpw "genenetwork")) (passwd:gid (getpw "genenetwork")))) - (cons* #$gn3-secrets - (append (list "/etc/genenetwork/conf/gn-auth" - "/etc/genenetwork/conf/gn-auth/secrets.py" - "/etc/genenetwork/conf/gn2" - "/etc/genenetwork/conf/gn3" - "/var/lib/gn-docs" - #$(dirname auth-db-path)) - (find-files "/etc/genenetwork/conf/gn-auth" - #:directories? #t) - (find-files "/etc/genenetwork/conf/gn2" - #:directories? #t) - (find-files "/etc/genenetwork/conf/gn3" - #:directories? #t) - (find-files "/var/lib/gn-docs" - #:directories? #t) - (find-files #$(dirname auth-db-path) - #:directories? #t)))) + (cons* "/etc/genenetwork/conf" + (append + (find-files #$(dirname gn-auth-secrets) + #:directories? #t) + (find-files #$(dirname gn2-secrets) + #:directories? #t) + (find-files #$(dirname gn3-secrets) + #:directories? #t) + (find-files #$(dirname auth-db-path) + #:directories? #t) + (find-files #$(dirname gn-doc-git-checkout) + #:directories? #t)))) ;; Prevent other users from reading secret files. (for-each (lambda (file) (chmod file #o600)) (append - (find-files "/etc/genenetwork/conf/gn-auth/secrets.py" + (find-files #$gn-auth-secrets #:directories? #f) - (find-files "/etc/genenetwork/conf/gn2/secrets.py" + (find-files #$gn2-secrets #:directories? #f) - (find-files "/etc/genenetwork/conf/gn3/secrets.py" + (find-files #$gn3-secrets #:directories? #f))))))) (define (gn-guile-gexp gn-guile-port) |