diff options
| author | Maxim Devaev <[email protected]> | 2024-08-20 05:43:47 +0300 |
|---|---|---|
| committer | Maxim Devaev <[email protected]> | 2024-08-20 05:43:47 +0300 |
| commit | 39422f37ac421c94a010400f741fb8ad4c73c64f (patch) | |
| tree | fd68ad1dec909db5dd06ae19c80b1e18a984e49a | |
| parent | 06b69d3dde2ffe8d3236aff18c6bc4f00ae005de (diff) | |
sticky pst
| -rw-r--r-- | configs/os/sysusers.conf | 1 | ||||
| -rw-r--r-- | kvmd.install | 8 | ||||
| -rw-r--r-- | kvmd/fstab.py | 4 | ||||
| -rw-r--r-- | kvmd/helpers/remount/__init__.py | 28 |
4 files changed, 38 insertions, 3 deletions
diff --git a/configs/os/sysusers.conf b/configs/os/sysusers.conf index 74ab9069..0359974d 100644 --- a/configs/os/sysusers.conf +++ b/configs/os/sysusers.conf @@ -19,6 +19,7 @@ m kvmd gpio m kvmd uucp m kvmd spi m kvmd systemd-journal +m kvmd kvmd-pst m kvmd-pst kvmd diff --git a/kvmd.install b/kvmd.install index ca0593f7..469fba8c 100644 --- a/kvmd.install +++ b/kvmd.install @@ -27,7 +27,8 @@ post_upgrade() { done chown kvmd /var/lib/kvmd/msd 2>/dev/null || true - chown kvmd-pst /var/lib/kvmd/pst 2>/dev/null || true + chown kvmd-pst:kvmd-pst /var/lib/kvmd/pst 2>/dev/null || true + chmod 1775 /var/lib/kvmd/pst 2>/dev/null || true if [ ! -e /etc/kvmd/nginx/ssl/server.crt ]; then echo "==> Generating KVMD-Nginx certificate ..." @@ -96,6 +97,11 @@ EOF systemctl disable kvmd-pass || true fi + if [[ "$(vercmp "$2" 4.5)" -lt 0 ]]; then + sed -i 's/X-kvmd\.pst-user=kvmd-pst/X-kvmd.pst-user=kvmd-pst,X-kvmd.pst-group=kvmd-pst/g' /etc/fstab + touch -t 200701011000 /etc/fstab + fi + # Some update deletes /etc/motd, WTF # shellcheck disable=SC2015,SC2166 [ ! -f /etc/motd -a -f /etc/motd.pacsave ] && mv /etc/motd.pacsave /etc/motd || true diff --git a/kvmd/fstab.py b/kvmd/fstab.py index 4ab3163c..5a603d06 100644 --- a/kvmd/fstab.py +++ b/kvmd/fstab.py @@ -33,6 +33,7 @@ class Partition: mount_path: str root_path: str user: str + group: str # ===== @@ -60,12 +61,13 @@ def _find_partitions(part_type: str, single: bool) -> list[Partition]: if line and not line.startswith("#"): fields = line.split() if len(fields) == 6: - options = dict(re.findall(r"X-kvmd\.%s-(root|user)(?:=([^,]+))?" % (part_type), fields[3])) + options = dict(re.findall(r"X-kvmd\.%s-(root|user|group)(?:=([^,]+))?" % (part_type), fields[3])) if options: parts.append(Partition( mount_path=os.path.normpath(fields[1]), root_path=os.path.normpath(options.get("root", "") or fields[1]), user=options.get("user", ""), + group=options.get("group", ""), )) if single: break diff --git a/kvmd/helpers/remount/__init__.py b/kvmd/helpers/remount/__init__.py index e41bbbfd..716b9c72 100644 --- a/kvmd/helpers/remount/__init__.py +++ b/kvmd/helpers/remount/__init__.py @@ -23,6 +23,7 @@ import sys import os import pwd +import grp import shutil import subprocess @@ -87,11 +88,28 @@ def _chown(path: str, user: str) -> None: if pwd.getpwuid(os.stat(path).st_uid).pw_name != user: _log(f"CHOWN --- {user} - {path}") try: - shutil.chown(path, user) + shutil.chown(path, user=user) except Exception as err: raise SystemExit(f"Can't change ownership: {err}") +def _chgrp(path: str, group: str) -> None: + if grp.getgrgid(os.stat(path).st_gid).gr_name != group: + _log(f"CHGRP --- {group} - {path}") + try: + shutil.chown(path, group=group) + except Exception as err: + raise SystemExit(f"Can't change group: {err}") + + +def _chmod(path: str, mode: int) -> None: + _log(f"CHMOD --- 0o{mode:o} - {path}") + try: + os.chmod(path, mode) + except Exception as err: + raise SystemExit(f"Can't change permissions: {err}") + + # ===== def _fix_msd(part: Partition) -> None: # First images migration @@ -112,13 +130,21 @@ def _fix_msd(part: Partition) -> None: if part.user: _chown(part.root_path, part.user) + if part.group: + _chgrp(part.root_path, part.group) def _fix_pst(part: Partition) -> None: path = os.path.join(part.root_path, "data") _mkdir(path) if part.user: + _chown(part.root_path, part.user) _chown(path, part.user) + if part.group: + _chown(part.root_path, part.group) + _chgrp(path, part.group) + if part.user and part.group: + _chmod(part.root_path, 0o1775) # ===== |