sticky pst

configs/os/sysusers.conf

@@ -19,6 +19,7 @@ m kvmd gpio
 m kvmd uucp
 m kvmd spi
 m kvmd systemd-journal
+m kvmd kvmd-pst
 
 m kvmd-pst kvmd
 

kvmd.install

@@ -27,7 +27,8 @@ post_upgrade() {
 	done
 
 	chown kvmd /var/lib/kvmd/msd 2>/dev/null || true
-	chown kvmd-pst /var/lib/kvmd/pst 2>/dev/null || true
+	chown kvmd-pst:kvmd-pst /var/lib/kvmd/pst 2>/dev/null || true
+	chmod 1775 /var/lib/kvmd/pst 2>/dev/null || true
 
 	if [ ! -e /etc/kvmd/nginx/ssl/server.crt ]; then
 		echo "==> Generating KVMD-Nginx certificate ..."
@@ -96,6 +97,11 @@ EOF
 		systemctl disable kvmd-pass || true
 	fi
 
+	if [[ "$(vercmp "$2" 4.5)" -lt 0 ]]; then
+		sed -i 's/X-kvmd\.pst-user=kvmd-pst/X-kvmd.pst-user=kvmd-pst,X-kvmd.pst-group=kvmd-pst/g' /etc/fstab
+		touch -t 200701011000 /etc/fstab
+	fi
+
 	# Some update deletes /etc/motd, WTF
 	# shellcheck disable=SC2015,SC2166
 	[ ! -f /etc/motd -a -f /etc/motd.pacsave ] && mv /etc/motd.pacsave /etc/motd || true

kvmd/fstab.py

@@ -33,6 +33,7 @@ class Partition:
     mount_path: str
     root_path: str
     user: str
+    group: str
 
 
 # =====
@@ -60,12 +61,13 @@ def _find_partitions(part_type: str, single: bool) -> list[Partition]:
             if line and not line.startswith("#"):
                 fields = line.split()
                 if len(fields) == 6:
-                    options = dict(re.findall(r"X-kvmd\.%s-(root|user)(?:=([^,]+))?" % (part_type), fields[3]))
+                    options = dict(re.findall(r"X-kvmd\.%s-(root|user|group)(?:=([^,]+))?" % (part_type), fields[3]))
                     if options:
                         parts.append(Partition(
                             mount_path=os.path.normpath(fields[1]),
                             root_path=os.path.normpath(options.get("root", "") or fields[1]),
                             user=options.get("user", ""),
+                            group=options.get("group", ""),
                         ))
                         if single:
                             break

kvmd/helpers/remount/__init__.py

@@ -23,6 +23,7 @@
 import sys
 import os
 import pwd
+import grp
 import shutil
 import subprocess
 
@@ -87,11 +88,28 @@ def _chown(path: str, user: str) -> None:
     if pwd.getpwuid(os.stat(path).st_uid).pw_name != user:
         _log(f"CHOWN --- {user} - {path}")
         try:
-            shutil.chown(path, user)
+            shutil.chown(path, user=user)
         except Exception as err:
             raise SystemExit(f"Can't change ownership: {err}")
 
 
+def _chgrp(path: str, group: str) -> None:
+    if grp.getgrgid(os.stat(path).st_gid).gr_name != group:
+        _log(f"CHGRP --- {group} - {path}")
+        try:
+            shutil.chown(path, group=group)
+        except Exception as err:
+            raise SystemExit(f"Can't change group: {err}")
+
+
+def _chmod(path: str, mode: int) -> None:
+    _log(f"CHMOD --- 0o{mode:o} - {path}")
+    try:
+        os.chmod(path, mode)
+    except Exception as err:
+        raise SystemExit(f"Can't change permissions: {err}")
+
+
 # =====
 def _fix_msd(part: Partition) -> None:
     # First images migration
@@ -112,13 +130,21 @@ def _fix_msd(part: Partition) -> None:
 
     if part.user:
         _chown(part.root_path, part.user)
+    if part.group:
+        _chgrp(part.root_path, part.group)
 
 
 def _fix_pst(part: Partition) -> None:
     path = os.path.join(part.root_path, "data")
     _mkdir(path)
     if part.user:
+        _chown(part.root_path, part.user)
         _chown(path, part.user)
+    if part.group:
+        _chown(part.root_path, part.group)
+        _chgrp(path, part.group)
+    if part.user and part.group:
+        _chmod(part.root_path, 0o1775)
 
 
 # =====