Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tt-rss: fix directory permissions #39043

Closed
wants to merge 1 commit into from
Closed

tt-rss: fix directory permissions #39043

wants to merge 1 commit into from

Conversation

mbrgm
Copy link
Member

@mbrgm mbrgm commented Apr 17, 2018

Motivation for this change

tt-rss expects several directories to be writable by the application user, which
was not the case. This caused the application to crash at startup.

Things done

I fixed this by adjusting the permissions in the preStart
script. In addition, I explicitly configured the directories to be in the state directory.

  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@mbrgm
tt-rss: fix directory permissions
39046e8 
tt-rss expects several directories to be writable by the application user, which
was not the case. I fixed this by adjusting the permissions in the preStart
script. In addition, I explicitly configured the directories to be in the state directory.
gebner
gebner reviewed Apr 17, 2018
View reviewed changes
nixos/modules/services/web-apps/tt-rss.nix
@@ -520,6 +520,22 @@ let
ln -sf "${tt-rss-config}" "${cfg.root}/config.php"
chown -R "${cfg.user}" "${cfg.root}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this line already set the correct user?

@gebner
Copy link
Member

gebner commented Apr 17, 2018

The uid seems to be correct for me, and also the directories are all in /var/lib/tt-rss here. What configuration options have you set?

[root@ttrss:~]# ls /var/lib/tt-rss/feed-icons/ -l
total 516
-rwxr-xr-x 1 ttrss nogroup   318 Jun 19  2016 10.ico
-rwxr-xr-x 1 ttrss nogroup  3638 Jun 19  2016 11.ico
-rwxr-xr-x 1 ttrss nogroup 22801 Jun 19  2016 13.ico
...

@mbrgm
Copy link
Member Author

mbrgm commented Apr 17, 2018

I found what made this necessary on my side... I used a custom phpfpm pool and nginx vhost, which resulted in a different user trying to write to the directory. When I switched to the virtualHost option and left out the pool option, this change became obsolete.

I think this could be more or less a problem around webservices: should we include webserver configuration with the service or not? If yes, should it have TLs or not etc. etc...

@mbrgm mbrgm closed this Apr 17, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gebner gebner gebner left review comments

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mbrgm @gebner @GrahamcOfBorg