From f9d07a4e55ae3d32c58b496c5c04388d04c6736c Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 22 Jul 2024 04:12:37 -0500
Subject: gn-uploader: make app user owner of upload directory tree

Fix the service activation code to make the gn-uploader data
directory, and all its children belong to the app user.
---
 genenetwork/services/genenetwork.scm | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'genenetwork')

diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm
index 5dd7b6b..449de4d 100644
--- a/genenetwork/services/genenetwork.scm
+++ b/genenetwork/services/genenetwork.scm
@@ -504,9 +504,13 @@ a @code{<genenetwork-configuration>} record."
                       (chmod file #o600))
                     (list #$secrets))
           ;; Let gn-uploader service own its data-directory
-          (chown #$data-directory
-                 (passwd:uid (getpw "gunicorn-gn-uploader"))
-                 (passwd:gid (getpw "gunicorn-gn-uploader")))))))
+          (for-each (lambda (file)
+                      (chown file
+                             (passwd:uid (getpw "gunicorn-gn-uploader"))
+                             (passwd:gid (getpw "gunicorn-gn-uploader"))))
+                    (append (list #$data-directory)
+                            (find-files #$data-directory
+                                        #:directories? #t)))))))
 
 (define (gn-uploader-gunicorn-app config)
   (match-record config <gn-uploader-configuration>
-- 
cgit v1.2.3