New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use separate homu user for Homu-related states #615
Conversation
Thanks for the pull request, and welcome! The Servo team is excited to review your changes, and you should hear from @aneeshusa (or someone else) soon. |
bf2f61f
to
b895281
Compare
user.present: | ||
- fullname: Homu | ||
- shell: /bin/bash | ||
- home: /home/servo/homu |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Homu should have its own home directory completely separate from servo, i.e. /home/homu
. We'll also need to have some manual deployment steps for this to move the homu db to the right place by hand.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should also create a homu
group as the primary group of the homu
user.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You also need to update homu/files/homu.conf
to run the service as the homu user.
user.present: | ||
- fullname: Homu | ||
- shell: /bin/bash | ||
- home: /home/servo/homu |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should also create a homu
group as the primary group of the homu
user.
|
||
|
||
def run(): | ||
for root, directories, filenames in os.walk('/home/servo/homu/'): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will also check files like .profile
for the homu user. I think it's OK if we only check permissions on Homu's cfg.toml
file (and the database if it exists).
- mode: 644 | ||
- user: homu | ||
- group: homu | ||
- mode: 640 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this file is no longer world-readable, we'll need to run the tests with sudo
from .travis/dispatch.sh
. Please put this change in a separate commit first to make sure it doesn't break anything else.
☔ The latest upstream changes (presumably #476) made this pull request unmergeable. Please resolve the merge conflicts. |
Closing as homu is no more. |
Fixes #422
This change is