about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-07-22 04:12:37 -0500
committerFrederick Muriuki Muriithi2024-07-22 04:19:15 -0500
commitf9d07a4e55ae3d32c58b496c5c04388d04c6736c (patch)
tree8dee9f9c93df0b7a9a070fcdd76e2b25ae62a2bf
parent05b718805f81c8b91ceba6189b9d956bb030ac8f (diff)
downloadgn-machines-f9d07a4e55ae3d32c58b496c5c04388d04c6736c.tar.gz
gn-uploader: make app user owner of upload directory tree
Fix the service activation code to make the gn-uploader data
directory, and all its children belong to the app user.
Diffstat
-rw-r--r--genenetwork/services/genenetwork.scm10
1 files changed, 7 insertions, 3 deletions
diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm
index 5dd7b6b..449de4d 100644
--- a/genenetwork/services/genenetwork.scm
+++ b/genenetwork/services/genenetwork.scm
@@ -504,9 +504,13 @@ a @code{<genenetwork-configuration>} record."
                       (chmod file #o600))
                     (list #$secrets))
           ;; Let gn-uploader service own its data-directory
-          (chown #$data-directory
-                 (passwd:uid (getpw "gunicorn-gn-uploader"))
-                 (passwd:gid (getpw "gunicorn-gn-uploader")))))))
+          (for-each (lambda (file)
+                      (chown file
+                             (passwd:uid (getpw "gunicorn-gn-uploader"))
+                             (passwd:gid (getpw "gunicorn-gn-uploader"))))
+                    (append (list #$data-directory)
+                            (find-files #$data-directory
+                                        #:directories? #t)))))))
 
 (define (gn-uploader-gunicorn-app config)
   (match-record config <gn-uploader-configuration>
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-10-07 20:01:55 +0000