From 8ab665a7a2936670465e214d57798f480c4d01b8 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Sat, 23 May 2020 16:12:58 -0700 Subject: [PATCH] mldonkey: Add app to freedombox-share group - To be able to write to folders shared with other apps. - Increment app version so that already installed apps also get upgraded and mldonkey becomes part of freedombox-share group. - Ensure that app does not get enabled after upgrade. - Relax path restrictions for write access so that mldonkey can write to external disks and root disk shared folders. Closes: #1813. Tests performed: - Install app freshly mldonkey user is part of freedombox-share group. - Install app without changes. Switch to a branch with changes. Run ./setup.py install. The app is upgraded after run. mldonkey user is now part of freedombox-share group. To check run sudo actions/users get-group-users freedombox-share. - Modify options -> Shares and Add Share with a group shared folder with strategy incoming_files. Remove old share with strategy incoming_files. Downloading a new file means it will be stored in the shared folder. Signed-off-by: Sunil Mohan Adapa Reviewed-by: Veiko Aasa --- plinth/modules/mldonkey/__init__.py | 12 +++++++++--- .../system/mldonkey-server.service.d/freedombox.conf | 3 +-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/plinth/modules/mldonkey/__init__.py b/plinth/modules/mldonkey/__init__.py index d6572ef2f..06221335e 100644 --- a/plinth/modules/mldonkey/__init__.py +++ b/plinth/modules/mldonkey/__init__.py @@ -11,12 +11,13 @@ from plinth import cfg, frontpage, menu from plinth.daemon import Daemon from plinth.modules.apache.components import Webserver from plinth.modules.firewall.components import Firewall +from plinth.modules.users import add_user_to_share_group from plinth.modules.users.components import UsersAndGroups from plinth.utils import format_lazy from .manifest import backup, clients # noqa, pylint: disable=unused-import -version = 1 +version = 2 managed_services = ['mldonkey-server'] @@ -35,6 +36,8 @@ _description = [ 'directory.'), box_name=cfg.box_name) ] +_SYSTEM_USER = 'mldonkey' + app = None @@ -81,7 +84,7 @@ class MLDonkeyApp(app_module.App): self.add(daemon) users_and_groups = UsersAndGroups('users-and-groups-mldonkey', - reserved_usernames=['mldonkey'], + reserved_usernames=[_SYSTEM_USER], groups=groups) self.add(users_and_groups) @@ -100,4 +103,7 @@ def setup(helper, old_version=None): """Install and configure the module.""" helper.call('pre', actions.superuser_run, 'mldonkey', ['pre-install']) helper.install(managed_packages) - helper.call('post', app.enable) + if not old_version: + helper.call('post', app.enable) + + add_user_to_share_group(_SYSTEM_USER, managed_services[0]) diff --git a/plinth/modules/mldonkey/data/lib/systemd/system/mldonkey-server.service.d/freedombox.conf b/plinth/modules/mldonkey/data/lib/systemd/system/mldonkey-server.service.d/freedombox.conf index d898ba8e0..ef27515fa 100644 --- a/plinth/modules/mldonkey/data/lib/systemd/system/mldonkey-server.service.d/freedombox.conf +++ b/plinth/modules/mldonkey/data/lib/systemd/system/mldonkey-server.service.d/freedombox.conf @@ -21,8 +21,7 @@ ProtectHome=yes ProtectKernelLogs=yes ProtectKernelModules=yes ProtectKernelTunables=yes -ProtectSystem=strict -ReadWritePaths=/var/lib/mldonkey +ProtectSystem=full RemainAfterExit=no RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictRealtime=yes