diff --git a/cookbooks/planet/recipes/default.rb b/cookbooks/planet/recipes/default.rb index c4ad10ecd..f7e090ac2 100644 --- a/cookbooks/planet/recipes/default.rb +++ b/cookbooks/planet/recipes/default.rb @@ -51,7 +51,7 @@ remote_directory node[:planet][:dump][:xml_history_directory] do source "history_cgi" - owner "www-data" + owner "planet" group "planet" mode "775" files_owner "root" @@ -61,7 +61,7 @@ remote_directory "/store/planet/cc-by-sa" do source "ccbysa_cgi" - owner "www-data" + owner "planet" group "planet" mode "775" files_owner "root" @@ -71,7 +71,7 @@ remote_directory "/store/planet/cc-by-sa/full-experimental" do source "ccbysa_history_cgi" - owner "www-data" + owner "planet" group "planet" mode "775" files_owner "root" @@ -82,20 +82,20 @@ [:xml_directory, :xml_history_directory, :pbf_directory, :pbf_history_directory].each do |dir| directory node[:planet][:dump][dir] do - owner "www-data" + owner "planet" group "planet" mode "775" end end directory "/store/planet/notes" do - owner "www-data" + owner "planet" group "planet" mode "775" end directory "/store/planet/statistics" do - owner "www-data" + owner "planet" group "planet" mode "775" end @@ -141,7 +141,7 @@ systemd_service "planet-file-cleanup" do description "Cleanup old planet files" exec_start "/usr/local/bin/planet-file-cleanup --debug" - user "www-data" + user "planet" sandbox true read_write_paths [ node[:planet][:dump][:xml_directory], diff --git a/cookbooks/planet/recipes/dump.rb b/cookbooks/planet/recipes/dump.rb index f7a143181..854c0a7c6 100644 --- a/cookbooks/planet/recipes/dump.rb +++ b/cookbooks/planet/recipes/dump.rb @@ -88,8 +88,8 @@ end directory "/store/planetdump" do - owner "www-data" - group "www-data" + owner "planet" + group "planet" mode "755" recursive true end @@ -105,7 +105,7 @@ systemd_service "planetdump@" do description "Planet dump for %i" - user "www-data" + user "planet" exec_start "/usr/local/bin/planetdump %i" memory_max "64G" sandbox true @@ -134,7 +134,7 @@ systemd_service "planet-dump-mirror" do description "Update planet dump mirrors" exec_start "/usr/local/bin/planet-mirror-redirect-update" - user "www-data" + user "planet" sandbox :enable_network => true memory_deny_write_execute false read_write_paths "/store/planet/.htaccess" diff --git a/cookbooks/planet/recipes/notes.rb b/cookbooks/planet/recipes/notes.rb index ffb86243c..91c03df4b 100644 --- a/cookbooks/planet/recipes/notes.rb +++ b/cookbooks/planet/recipes/notes.rb @@ -54,7 +54,7 @@ systemd_service "planet-notes-dump" do description "Create notes dump" exec_start "/usr/local/bin/planet-notes-dump" - user "www-data" + user "planet" sandbox :enable_network => true read_write_paths "/store/planet/notes" end @@ -78,7 +78,7 @@ systemd_service "planet-notes-cleanup" do description "Delete old notes dumps" exec_start "/usr/local/bin/planet-notes-cleanup" - user "www-data" + user "planet" sandbox true read_write_paths "/store/planet/notes" end