diff options
author | Frederick Muriuki Muriithi | 2024-04-09 07:22:17 +0300 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2024-04-09 07:22:17 +0300 |
commit | 57bf9ae01f1993d8bb29e7cb6a3bdb822bade80c (patch) | |
tree | 843094396a01a78905e160149072332c25899566 /genenetwork | |
parent | 7100746e9f0c5c091705f05e4d02e46e614da74a (diff) | |
download | gn-machines-57bf9ae01f1993d8bb29e7cb6a3bdb822bade80c.tar.gz |
gn-uploader: Change ownership of data-directory
While the share is technically writable from the container, the
service was running as an unprivileged user, and thus could not write
to the data-directory. This commit changes the ownership of the
data-directory to the same user that runs the service.
Diffstat (limited to 'genenetwork')
-rw-r--r-- | genenetwork/services/genenetwork.scm | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm index 9d503ab..af0c3fc 100644 --- a/genenetwork/services/genenetwork.scm +++ b/genenetwork/services/genenetwork.scm @@ -389,7 +389,7 @@ a @code{<genenetwork-configuration>} record." (define (gn-uploader-activation config) (match-record config <gn-uploader-configuration> - (secrets) + (secrets data-directory) (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) @@ -400,7 +400,11 @@ a @code{<genenetwork-configuration>} record." ;; Set owner-only permissions on secrets files. (for-each (lambda (file) (chmod file #o600)) - (list #$secrets)))))) + (list #$secrets)) + ;; Let gn-uploader service own its data-directory + (chown #$data-directory + (passwd:uid (getpw "gunicorn-gn-uploader")) + (passwd:gid (getpw "gunicorn-gn-uploader"))))))) (define (gn-uploader-gunicorn-app config) (match-record config <gn-uploader-configuration> |