after update #99

New issue

Closed

opened 2026-03-02 15:47:54 +03:00 by kerem · 0 comments

kerem commented

2026-03-02 15:47:54 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/PegaProx/project-pegaprox/pull/61
Author: @ry-ops
Created: 2/21/2026
Status: ✅ Merged
Merged: 2/22/2026
Merged by: @mkellermann97

Base: main ← Head: fix/update-preserve-config-permissions

📝 Commits (1)

06fd05f fix(update): restore 0700 permissions on config/ and ssl/ after update

📊 Changes

1 file changed (+13 additions, -0 deletions)

View changed files

📝 update.sh (+13 -0)

📄 Description

Summary

When update.sh runs as root (the typical sudo ./update.sh flow), the shell's umask can leave config/ and config/ssl/ with overly permissive modes after the git pull + file ownership restore step.

These directories hold the encrypted SQLite database (pegaprox.db) and SSL private keys — they should only be readable by the service user (mode 0700).

Change: Add an explicit chmod 700 for config/, config/ssl/, and the legacy ssl/ location at the end of the ownership-fix block, so permissions are always correct regardless of the caller's umask.

Test plan

Run sudo ./update.sh and verify config/ has permissions drwx------ after completion
Verify config/ssl/ (or ssl/) also has drwx------
Confirm PegaProx service starts normally after the update

🤖 Generated with Claude Code

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/PegaProx/project-pegaprox/pull/61 **Author:** [@ry-ops](https://github.com/ry-ops) **Created:** 2/21/2026 **Status:** ✅ Merged **Merged:** 2/22/2026 **Merged by:** [@mkellermann97](https://github.com/mkellermann97) **Base:** `main` ← **Head:** `fix/update-preserve-config-permissions` --- ### 📝 Commits (1) - [`06fd05f`](https://github.com/PegaProx/project-pegaprox/commit/06fd05f401b2cfd54c314677aca73d55acf8f3f7) fix(update): restore 0700 permissions on config/ and ssl/ after update ### 📊 Changes **1 file changed** (+13 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `update.sh` (+13 -0) </details> ### 📄 Description ## Summary When `update.sh` runs as root (the typical `sudo ./update.sh` flow), the shell's umask can leave `config/` and `config/ssl/` with overly permissive modes after the git pull + file ownership restore step. These directories hold the encrypted SQLite database (`pegaprox.db`) and SSL private keys — they should only be readable by the service user (mode `0700`). **Change:** Add an explicit `chmod 700` for `config/`, `config/ssl/`, and the legacy `ssl/` location at the end of the ownership-fix block, so permissions are always correct regardless of the caller's umask. ## Test plan - [ ] Run `sudo ./update.sh` and verify `config/` has permissions `drwx------` after completion - [ ] Verify `config/ssl/` (or `ssl/`) also has `drwx------` - [ ] Confirm PegaProx service starts normally after the update 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>