(bugfix) Grant service user backup and journal access

Update the native installer so the pobsync service user gets journal read access when the host exposes systemd-journal or adm groups. Apply ownership and private directory modes to the configured backup root, and reuse the existing environment backup root on reinstall so production updates do not fall back to /backups. Add a self-check for journal access and a host detail action that can prepare missing backup directories for existing host configurations.
2026-05-19 19:25:05 +02:00
parent 90f28410ce
commit ccacad3d37
8 changed files with 122 additions and 1 deletions
--- a/src/pobsync_backend/views.py
+++ b/src/pobsync_backend/views.py
@@ -217,6 +217,19 @@ def host_detail(request, host: str):
    return render(request, "pobsync_backend/host_detail.html", context)


+@staff_member_required
+@require_POST
+def prepare_host_directories(request, host: str):
+    host_config = get_object_or_404(HostConfig, host=host)
+    try:
+        host_root = ensure_host_directories(host_config)
+    except Exception as exc:
+        messages.error(request, f"Could not prepare backup directories for {host_config.host}: {exc}")
+    else:
+        messages.success(request, f"Prepared backup directories for {host_config.host}: {host_root}")
+    return redirect("host_detail", host=host_config.host)
+
+
@staff_member_required
@require_POST
 def queue_manual_backup(request, host: str):