left4me

History

mwiegand 965b67e6fc fix(l4d2-host): script-sandbox normalizes file perms so web user can read Cedapug's build script writes .cedapug/manifest.tsv with mode 0600 owned by l4d2-sandbox; the web service (left4me uid) then 500s when streaming that file via the download route — PermissionError on open(). Two fixes: - UMask=0022 on the systemd-run unit so new file writes default to 0644 / dirs to 0755. - Post-script chmod o+r/o+rx walk over the overlay dir to backfill any stricter modes the script left behind (e.g. shells/tools that ignore umask and explicitly create with 0600). The helper no longer execs systemd-run; it captures the rc, runs the post-step, and exits with the original rc. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-09 01:44:26 +02:00
..
local	fix(l4d2-host): script-sandbox normalizes file perms so web user can read	2026-05-09 01:44:26 +02:00

fix(l4d2-host): script-sandbox normalizes file perms so web user can read

Cedapug's build script writes .cedapug/manifest.tsv with mode 0600 owned
by l4d2-sandbox; the web service (left4me uid) then 500s when streaming
that file via the download route — PermissionError on open().

Two fixes:
- UMask=0022 on the systemd-run unit so new file writes default to
  0644 / dirs to 0755.
- Post-script chmod o+r/o+rx walk over the overlay dir to backfill any
  stricter modes the script left behind (e.g. shells/tools that ignore
  umask and explicitly create with 0600).

The helper no longer execs systemd-run; it captures the rc, runs the
post-step, and exits with the original rc.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-09 01:44:26 +02:00

local

fix(l4d2-host): script-sandbox normalizes file perms so web user can read

2026-05-09 01:44:26 +02:00