From f76af6521258f8a7dbe4bd788365b46cc6573215 Mon Sep 17 00:00:00 2001
From: Nicolas Meienberger <github@thisprops.com>
Date: Mon, 27 Nov 2023 07:29:21 +0100
Subject: [PATCH] fix(worker): ensure state folder is rwx for non-root users

---
 packages/worker/src/lib/fs/fs.helpers.ts | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 packages/worker/src/lib/fs/fs.helpers.ts

diff --git a/packages/worker/src/lib/fs/fs.helpers.ts b/packages/worker/src/lib/fs/fs.helpers.ts
new file mode 100644
index 00000000..2d8174ab
--- /dev/null
+++ b/packages/worker/src/lib/fs/fs.helpers.ts
@@ -0,0 +1,24 @@
+/* eslint-disable no-await-in-loop */
+/* eslint-disable no-restricted-syntax */
+import { execAsync, pathExists } from '@runtipi/shared';
+import path from 'path';
+import { ROOT_FOLDER } from '@/config/constants';
+
+export const ensureFilePermissions = async () => {
+  const filesAndFolders = [path.join(ROOT_FOLDER, 'state'), path.join(ROOT_FOLDER, 'traefik')];
+
+  const files600 = [path.join(ROOT_FOLDER, 'traefik', 'shared', 'acme.json')];
+
+  // Give permission to read and write to all files and folders for the current user
+  for (const fileOrFolder of filesAndFolders) {
+    if (await pathExists(fileOrFolder)) {
+      await execAsync(`chmod -R a+rwx ${fileOrFolder}`).catch(() => {});
+    }
+  }
+
+  for (const fileOrFolder of files600) {
+    if (await pathExists(fileOrFolder)) {
+      await execAsync(`chmod 600 ${fileOrFolder}`).catch(() => {});
+    }
+  }
+};