hippogrief/pobsync
1
0
Fork 0
Code Issues 21 Pull Requests Actions Packages Projects Releases 3 Wiki Activity

(bugfix) Grant service user backup and journal access

Browse Source 
Update the native installer so the pobsync service user gets journal
read access when the host exposes systemd-journal or adm groups.

Apply ownership and private directory modes to the configured backup
root, and reuse the existing environment backup root on reinstall so
production updates do not fall back to /backups.

Add a self-check for journal access and a host detail action that can
prepare missing backup directories for existing host configurations.
This commit is contained in:
Peter van Arkel
2026-05-19 19:25:05 +02:00
parent 90f28410ce
commit ccacad3d37
8 changed files with 122 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/pobsync_backend/tests/test_self_check.py Normal file
View File

@@ -0,0 +1,42 @@
from __future__ import annotations
import subprocess
from unittest.mock import patch
from django.test import SimpleTestCase
from pobsync_backend.self_check import _systemd_checks
class SystemdSelfCheckTests(SimpleTestCase):
def test_journal_permission_hint_is_reported_as_failure(self) -> None:
def which(binary: str) -> str | None:
if binary in {"systemctl", "journalctl"}:
return f"/usr/bin/{binary}"
return None
active_result = subprocess.CompletedProcess(
args=["systemctl"],
returncode=0,
stdout="active\n",
stderr="",
)
journal_result = subprocess.CompletedProcess(
args=["journalctl"],
returncode=0,
stdout="",
stderr="No journal files were opened due to insufficient permissions.",
)
with patch("pobsync_backend.self_check.Path.exists", return_value=True), patch(
"pobsync_backend.self_check.shutil.which",
side_effect=which,
), patch(
"pobsync_backend.self_check.subprocess.run",
side_effect=[active_result, active_result, active_result, journal_result],
):
checks = _systemd_checks()
journal_check = next(check for check in checks if check.name == "Journal access")
self.assertEqual(journal_check.status, "failed")
self.assertEqual(journal_check.message, "pobsync cannot read service logs.")