fix logrotate perms

2025-10-25 21:26:08 +02:00
parent 6473d1fa5f
commit 09ca1f1eef
2 changed files with 31 additions and 8 deletions
--- a/README.md
+++ b/README.md
@@ -95,10 +95,13 @@ systemctl status angie.service --no-pager
 systemctl status npm.service --no-pager
 ```
 # NPM UI
-# Default: http://<your-host>:81
+# Default: http://"<your-host>":81

 # Angie UI
-# Default: http://<your-host>:82
+# Default: http://"<your-host>":82/console
+
+# Prometheus 
+# Default: http://"<your-host>":82/p8s

 ---

--- a/npm_install.py
+++ b/npm_install.py
@@ -1216,16 +1216,24 @@ def install_logrotate_for_data_logs():

 def fix_logrotate_permissions_and_wrapper():
    with step("Fixing logrotate state-file permissions and helper"):
-        status = Path("/var/lib/logrotate/status")
-        try:
-            run(["setfacl", "-m", "u:npm:rw", str(status)], check=False)
-        except FileNotFoundError:
-            pass
-        state_dir = Path("/opt/npm/var"); state_dir.mkdir(parents=True, exist_ok=True)
+        system_status = Path("/var/lib/logrotate/status")
+        if system_status.exists():
+            try:
+                run(["setfacl", "-m", "u:npm:rw", str(system_status)], check=False)
+            except FileNotFoundError:
+                try:
+                    run(["chgrp", "npm", str(system_status)], check=False)
+                    os.chmod(system_status, 0o664)
+                except Exception:
+                    pass
+        
+        state_dir = Path("/opt/npm/var")
+        state_dir.mkdir(parents=True, exist_ok=True)
        state_file = state_dir / "logrotate.state"
        if not state_file.exists():
            state_file.touch()
        os.chmod(state_file, 0o664)
+        
        try:
            import pwd, grp
            uid = pwd.getpwnam("npm").pw_uid
@@ -1234,12 +1242,24 @@ def fix_logrotate_permissions_and_wrapper():
            os.chown(state_file, uid, gid)
        except Exception:
            pass
+        
        helper = Path("/usr/local/bin/logrotate-npm")
        helper_content = f"""#!/bin/sh
+# Logrotate wrapper for npm user
 exec /usr/sbin/logrotate -s {state_file} "$@"
 """
        write_file(helper, helper_content, 0o755)
        
+        logrotate_dir = Path("/var/lib/logrotate")
+        if logrotate_dir.exists():
+            try:
+                run(["usermod", "-aG", "adm", "npm"], check=False)
+                
+                run(["chgrp", "adm", str(logrotate_dir)], check=False)
+                os.chmod(logrotate_dir, 0o775)
+            except Exception as e:
+                print(f"⚠ Warning: could not fix {logrotate_dir} permissions: {e}")
+
 def create_systemd_units(ipv6_enabled: bool):
    with step("Creating and starting systemd services (angie, npm)"):
        unit_lines = [