From 09ca1f1eef02155e921307646667d6069d6cd18e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= <gru@macbook.net.r.local>
Date: Sat, 25 Oct 2025 21:26:08 +0200
Subject: [PATCH] fix logrotate perms

---
 README.md      |  7 +++++--
 npm_install.py | 32 ++++++++++++++++++++++++++------
 2 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 51f2439..52bc0b0 100644
--- a/README.md
+++ b/README.md
@@ -95,10 +95,13 @@ systemctl status angie.service --no-pager
 systemctl status npm.service --no-pager
 ```
 # NPM UI
-# Default: http://<your-host>:81
+# Default: http://"<your-host>":81
 
 # Angie UI
-# Default: http://<your-host>:82
+# Default: http://"<your-host>":82/console
+
+# Prometheus 
+# Default: http://"<your-host>":82/p8s
 
 ---
 
diff --git a/npm_install.py b/npm_install.py
index cc8189e..68280f6 100644
--- a/npm_install.py
+++ b/npm_install.py
@@ -1216,16 +1216,24 @@ def install_logrotate_for_data_logs():
 
 def fix_logrotate_permissions_and_wrapper():
     with step("Fixing logrotate state-file permissions and helper"):
-        status = Path("/var/lib/logrotate/status")
-        try:
-            run(["setfacl", "-m", "u:npm:rw", str(status)], check=False)
-        except FileNotFoundError:
-            pass
-        state_dir = Path("/opt/npm/var"); state_dir.mkdir(parents=True, exist_ok=True)
+        system_status = Path("/var/lib/logrotate/status")
+        if system_status.exists():
+            try:
+                run(["setfacl", "-m", "u:npm:rw", str(system_status)], check=False)
+            except FileNotFoundError:
+                try:
+                    run(["chgrp", "npm", str(system_status)], check=False)
+                    os.chmod(system_status, 0o664)
+                except Exception:
+                    pass
+        
+        state_dir = Path("/opt/npm/var")
+        state_dir.mkdir(parents=True, exist_ok=True)
         state_file = state_dir / "logrotate.state"
         if not state_file.exists():
             state_file.touch()
         os.chmod(state_file, 0o664)
+        
         try:
             import pwd, grp
             uid = pwd.getpwnam("npm").pw_uid
@@ -1234,11 +1242,23 @@ def fix_logrotate_permissions_and_wrapper():
             os.chown(state_file, uid, gid)
         except Exception:
             pass
+        
         helper = Path("/usr/local/bin/logrotate-npm")
         helper_content = f"""#!/bin/sh
+# Logrotate wrapper for npm user
 exec /usr/sbin/logrotate -s {state_file} "$@"
 """
         write_file(helper, helper_content, 0o755)
+        
+        logrotate_dir = Path("/var/lib/logrotate")
+        if logrotate_dir.exists():
+            try:
+                run(["usermod", "-aG", "adm", "npm"], check=False)
+                
+                run(["chgrp", "adm", str(logrotate_dir)], check=False)
+                os.chmod(logrotate_dir, 0o775)
+            except Exception as e:
+                print(f"⚠ Warning: could not fix {logrotate_dir} permissions: {e}")
 
 def create_systemd_units(ipv6_enabled: bool):
     with step("Creating and starting systemd services (angie, npm)"):