From fbdf0e8a289b6d321d6ca7319c3b7e6cb27cf9f1 Mon Sep 17 00:00:00 2001
From: AJ ONeal <aj@daplie.com>
Date: Tue, 7 Nov 2017 15:39:36 -0700
Subject: [PATCH] don't let perms on / get messed up by systemd

---
 dist/etc/tmpfiles.d/goldilocks.conf | 12 ++++++------
 installer/install-for-systemd.sh    |  4 ++++
 installer/install.sh                |  5 ++++-
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/dist/etc/tmpfiles.d/goldilocks.conf b/dist/etc/tmpfiles.d/goldilocks.conf
index 37dcbda..1da9677 100644
--- a/dist/etc/tmpfiles.d/goldilocks.conf
+++ b/dist/etc/tmpfiles.d/goldilocks.conf
@@ -2,9 +2,9 @@
 # See https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
 
 # Type Path           Mode UID      GID      Age Argument
-#d /etc/goldilocks          0755 www-data www-data -   -
-#d /opt/goldilocks          0775 www-data www-data -   -
-#d /srv/www                 0775 www-data www-data -   -
-#d /etc/ssl/goldilocks      0750 www-data www-data -   -
-#d /var/log/goldilocks      0750 www-data www-data -   -
-#d /run/goldilocks          0755 www-data www-data -   -
+#d /etc/goldilocks          0755 MY_USER MY_GROUP -   -
+#d /opt/goldilocks          0775 MY_USER MY_GROUP -   -
+#d /srv/www                 0775 MY_USER MY_GROUP -   -
+#d /etc/ssl/goldilocks      0750 MY_USER MY_GROUP -   -
+#d /var/log/goldilocks      0750 MY_USER MY_GROUP -   -
+d /run/goldilocks          0755 MY_USER MY_GROUP -   -
diff --git a/installer/install-for-systemd.sh b/installer/install-for-systemd.sh
index 17a0bee..944823d 100644
--- a/installer/install-for-systemd.sh
+++ b/installer/install-for-systemd.sh
@@ -11,6 +11,10 @@ sed "s/MY_USER/$my_user/g" "$my_app_dist/$my_app_systemd_service" > "$my_app_dis
 sed "s/MY_GROUP/$my_group/g" "$my_app_dist/$my_app_systemd_service.2" > "$my_app_dist/$my_app_systemd_service"
 rm "$my_app_dist/$my_app_systemd_service.2"
 safe_copy_config "$my_app_dist/$my_app_systemd_service" "$my_root/$my_app_systemd_service"
+
+sed "s/MY_USER/$my_user/g" "$my_app_dist/$my_app_systemd_tmpfiles" > "$my_app_dist/$my_app_systemd_tmpfiles.2"
+sed "s/MY_GROUP/$my_group/g" "$my_app_dist/$my_app_systemd_tmpfiles.2" > "$my_app_dist/$my_app_systemd_tmpfiles"
+rm "$my_app_dist/$my_app_systemd_tmpfiles.2"
 safe_copy_config "$my_app_dist/$my_app_systemd_tmpfiles" "$my_root/$my_app_systemd_tmpfiles"
 
 $sudo_cmd systemctl stop "${my_app_name}.service" >/dev/null 2>/dev/null || true
diff --git a/installer/install.sh b/installer/install.sh
index e3fd144..acfb139 100644
--- a/installer/install.sh
+++ b/installer/install.sh
@@ -122,8 +122,11 @@ echo "User $my_user Group $my_group"
 $sudo_cmd chown -R $my_user:$my_group $my_tmp/*
 $sudo_cmd chown root:root $my_tmp/*
 $sudo_cmd chown root:root $my_tmp
+# don't even read $my_tmp/
 # don't change permissions on /, /etc, etc
-rsync -a --ignore-existing $my_tmp/ $my_root/
+for my_dir in $my_tmp/*; do
+  rsync -a --ignore-existing $my_tmp/$my_dir/ $my_root/$my_dir/
+done
 rsync -a --ignore-existing $my_app_dist/etc/$my_name/$my_name.yml $my_root/etc/$my_name/$my_name.yml
 source ./installer/install-system-service.sh