change ownership according to the parent folder
This commit is contained in:
parent
93e753129e
commit
1d4cdfaca6
1
.vscode/settings.json
vendored
1
.vscode/settings.json
vendored
@ -62,6 +62,7 @@
|
||||
"sqlx",
|
||||
"starttls",
|
||||
"tokio",
|
||||
"unistd",
|
||||
"uuids"
|
||||
]
|
||||
}
|
||||
|
@ -4,11 +4,13 @@ use std::{
|
||||
};
|
||||
|
||||
#[cfg(target_family = "unix")]
|
||||
use std::process::exit;
|
||||
use std::os::unix::fs::MetadataExt;
|
||||
|
||||
use clap::Parser;
|
||||
use rpassword::read_password;
|
||||
use sqlx::{Pool, Sqlite};
|
||||
|
||||
#[cfg(target_family = "unix")]
|
||||
use tokio::fs;
|
||||
|
||||
use crate::db::{
|
||||
@ -199,13 +201,6 @@ fn global_user(args: &mut Args) {
|
||||
}
|
||||
|
||||
pub async fn run_args(pool: &Pool<Sqlite>) -> Result<(), i32> {
|
||||
let mut user = None;
|
||||
let mut fix_permission = false;
|
||||
|
||||
if cfg!(target_family = "unix") {
|
||||
user = nix::unistd::User::from_name("ffpu").unwrap_or_default();
|
||||
}
|
||||
|
||||
let mut args = ARGS.clone();
|
||||
|
||||
if !args.dump_advanced && !args.dump_config && !args.drop_db {
|
||||
@ -221,37 +216,6 @@ pub async fn run_args(pool: &Pool<Sqlite>) -> Result<(), i32> {
|
||||
let mut error_code = -1;
|
||||
|
||||
if args.init {
|
||||
#[cfg(target_family = "unix")]
|
||||
{
|
||||
let uid = nix::unistd::Uid::current();
|
||||
let current_user = nix::unistd::User::from_uid(uid).unwrap_or_default();
|
||||
|
||||
if current_user != user {
|
||||
let user_name = current_user.unwrap().name;
|
||||
let mut fix_perm = String::new();
|
||||
|
||||
println!(
|
||||
"\nYou run the initialization as user {}.\nFix permissions after initialization?\n",
|
||||
user_name
|
||||
);
|
||||
|
||||
print!("Fix permission [Y/n]: ");
|
||||
stdout().flush().unwrap();
|
||||
|
||||
stdin()
|
||||
.read_line(&mut fix_perm)
|
||||
.expect("Did not enter a yes or no?");
|
||||
|
||||
fix_permission = fix_perm.trim().to_lowercase().starts_with('y');
|
||||
|
||||
if fix_permission && user_name != "root" {
|
||||
println!("\nYou do not have permission to change DB file ownership!\nRun as proper process user or root.");
|
||||
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
let check_user = handles::select_users(pool).await;
|
||||
|
||||
let mut storage = String::new();
|
||||
@ -373,36 +337,15 @@ pub async fn run_args(pool: &Pool<Sqlite>) -> Result<(), i32> {
|
||||
channel.storage_path = storage_path.to_string_lossy().to_string();
|
||||
};
|
||||
|
||||
if let Err(e) = copy_assets(&storage_path, fix_permission, user.clone()).await {
|
||||
if let Err(e) = copy_assets(&storage_path).await {
|
||||
eprintln!("{e}");
|
||||
};
|
||||
|
||||
handles::update_channel(pool, 1, channel).await.unwrap();
|
||||
|
||||
#[cfg(target_family = "unix")]
|
||||
if fix_permission {
|
||||
let user = user.clone().unwrap();
|
||||
let db_path = Path::new(db_path().unwrap());
|
||||
|
||||
let db = fs::canonicalize(db_path).await.unwrap();
|
||||
let shm = fs::canonicalize(db_path.with_extension("db-shm"))
|
||||
.await
|
||||
.unwrap();
|
||||
let wal = fs::canonicalize(db_path.with_extension("db-wal"))
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
nix::unistd::chown(&db, Some(user.uid), Some(user.gid)).expect("Change DB owner");
|
||||
|
||||
if shm.is_file() {
|
||||
nix::unistd::chown(&shm, Some(user.uid), Some(user.gid))
|
||||
.expect("Change DB-SHM owner");
|
||||
}
|
||||
|
||||
if wal.is_file() {
|
||||
nix::unistd::chown(&wal, Some(user.uid), Some(user.gid))
|
||||
.expect("Change DB-WAL owner");
|
||||
}
|
||||
{
|
||||
update_permissions().await;
|
||||
}
|
||||
|
||||
println!("\nSet global settings done...");
|
||||
@ -481,7 +424,7 @@ pub async fn run_args(pool: &Pool<Sqlite>) -> Result<(), i32> {
|
||||
channel.storage_path = global.storage_root.clone();
|
||||
}
|
||||
|
||||
if let Err(e) = copy_assets(&storage_path, false, user).await {
|
||||
if let Err(e) = copy_assets(&storage_path).await {
|
||||
eprintln!("{e}");
|
||||
};
|
||||
|
||||
@ -500,6 +443,11 @@ pub async fn run_args(pool: &Pool<Sqlite>) -> Result<(), i32> {
|
||||
error_code = 1;
|
||||
}
|
||||
};
|
||||
|
||||
#[cfg(target_family = "unix")]
|
||||
{
|
||||
update_permissions().await;
|
||||
}
|
||||
}
|
||||
|
||||
if ARGS.list_channels {
|
||||
@ -605,3 +553,35 @@ pub async fn run_args(pool: &Pool<Sqlite>) -> Result<(), i32> {
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(target_family = "unix")]
|
||||
async fn update_permissions() {
|
||||
let db_path = Path::new(db_path().unwrap());
|
||||
let uid = nix::unistd::Uid::current();
|
||||
let parent_owner = db_path.parent().unwrap().metadata().unwrap().uid();
|
||||
let user = nix::unistd::User::from_uid(parent_owner.into())
|
||||
.unwrap_or_default()
|
||||
.unwrap();
|
||||
|
||||
if uid.is_root() && uid.to_string() != parent_owner.to_string() {
|
||||
println!("Adjust DB permission...");
|
||||
|
||||
let db = fs::canonicalize(db_path).await.unwrap();
|
||||
let shm = fs::canonicalize(db_path.with_extension("db-shm"))
|
||||
.await
|
||||
.unwrap();
|
||||
let wal = fs::canonicalize(db_path.with_extension("db-wal"))
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
nix::unistd::chown(&db, Some(user.uid), Some(user.gid)).expect("Change DB owner");
|
||||
|
||||
if shm.is_file() {
|
||||
nix::unistd::chown(&shm, Some(user.uid), Some(user.gid)).expect("Change DB-SHM owner");
|
||||
}
|
||||
|
||||
if wal.is_file() {
|
||||
nix::unistd::chown(&wal, Some(user.uid), Some(user.gid)).expect("Change DB-WAL owner");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -36,22 +36,10 @@ pub async fn create_channel(
|
||||
) -> Result<Channel, ServiceError> {
|
||||
let channel = handles::insert_channel(conn, target_channel).await?;
|
||||
let storage_path = PathBuf::from(channel.storage_path.clone());
|
||||
let mut user = None;
|
||||
let mut fix_permission = false;
|
||||
|
||||
if cfg!(target_family = "unix") {
|
||||
user = nix::unistd::User::from_name("ffpu").unwrap_or_default();
|
||||
let uid = nix::unistd::Uid::current();
|
||||
let current_user = nix::unistd::User::from_uid(uid).unwrap_or_default();
|
||||
|
||||
if current_user.unwrap().name == "root" {
|
||||
fix_permission = true;
|
||||
};
|
||||
}
|
||||
|
||||
handles::new_channel_presets(conn, channel.id).await?;
|
||||
|
||||
if let Err(e) = copy_assets(&storage_path, fix_permission, user).await {
|
||||
if let Err(e) = copy_assets(&storage_path).await {
|
||||
error!("{e}");
|
||||
};
|
||||
|
||||
|
@ -4,6 +4,9 @@ use std::{
|
||||
path::{Path, PathBuf},
|
||||
};
|
||||
|
||||
#[cfg(target_family = "unix")]
|
||||
use std::os::unix::fs::MetadataExt;
|
||||
|
||||
use chrono::{format::ParseErrorKind, prelude::*};
|
||||
use faccess::PathExt;
|
||||
use log::*;
|
||||
@ -311,11 +314,7 @@ pub fn round_to_nearest_ten(num: i64) -> i64 {
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn copy_assets(
|
||||
storage_path: &Path,
|
||||
fix_permission: bool,
|
||||
user: Option<nix::unistd::User>,
|
||||
) -> Result<(), std::io::Error> {
|
||||
pub async fn copy_assets(storage_path: &Path) -> Result<(), std::io::Error> {
|
||||
if storage_path.is_dir() {
|
||||
let target = storage_path.join("00-assets");
|
||||
let mut dummy_source = Path::new("/usr/share/ffplayout/dummy.vtt");
|
||||
@ -343,8 +342,16 @@ pub async fn copy_assets(
|
||||
fs::copy(&logo_source, &logo_target).await?;
|
||||
|
||||
#[cfg(target_family = "unix")]
|
||||
if fix_permission {
|
||||
let user = user.unwrap();
|
||||
{
|
||||
let uid = nix::unistd::Uid::current();
|
||||
let parent_owner = storage_path.metadata().unwrap().uid();
|
||||
|
||||
if uid.is_root() && uid.to_string() != parent_owner.to_string() {
|
||||
let user = nix::unistd::User::from_uid(parent_owner.into())
|
||||
.unwrap_or_default()
|
||||
.unwrap();
|
||||
|
||||
nix::unistd::chown(&target, Some(user.uid), Some(user.gid))?;
|
||||
|
||||
if dummy_target.is_file() {
|
||||
nix::unistd::chown(&dummy_target, Some(user.uid), Some(user.gid))?;
|
||||
@ -358,6 +365,7 @@ pub async fn copy_assets(
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user