From 57bf9ae01f1993d8bb29e7cb6a3bdb822bade80c Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Tue, 9 Apr 2024 07:22:17 +0300 Subject: gn-uploader: Change ownership of data-directory While the share is technically writable from the container, the service was running as an unprivileged user, and thus could not write to the data-directory. This commit changes the ownership of the data-directory to the same user that runs the service. --- genenetwork/services/genenetwork.scm | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'genenetwork/services') diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm index 9d503ab..af0c3fc 100644 --- a/genenetwork/services/genenetwork.scm +++ b/genenetwork/services/genenetwork.scm @@ -389,7 +389,7 @@ a @code{} record." (define (gn-uploader-activation config) (match-record config - (secrets) + (secrets data-directory) (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) @@ -400,7 +400,11 @@ a @code{} record." ;; Set owner-only permissions on secrets files. (for-each (lambda (file) (chmod file #o600)) - (list #$secrets)))))) + (list #$secrets)) + ;; Let gn-uploader service own its data-directory + (chown #$data-directory + (passwd:uid (getpw "gunicorn-gn-uploader")) + (passwd:gid (getpw "gunicorn-gn-uploader"))))))) (define (gn-uploader-gunicorn-app config) (match-record config -- cgit v1.2.3