Fix bug when using sync when daemon is running, that could result in ~/.config/vopono being owned by root

Author: jamesmcm

src/daemon.rs

@@ -150,6 +150,7 @@ fn handle_client(mut conn: LocalSocketStream) -> anyhow::Result<()> {
                 })
                 .unwrap_or_else(|| user.dir.join(".config"));
             vopono_core::util::set_config_dir_override(Some(override_base));
+            vopono_core::util::set_config_owner_override(Some((uid, gid)));
             exec_command.user = Some(user.name);
             exec_command.group = Some(group.name);
 
@@ -377,6 +378,7 @@ fn handle_client(mut conn: LocalSocketStream) -> anyhow::Result<()> {
     }
     // Clear any thread-local override before exiting the handler
     vopono_core::util::set_config_dir_override(None);
+    vopono_core::util::set_config_owner_override(None);
     Ok(())
 }
 

vopono_core/Cargo.toml

@@ -46,7 +46,7 @@ base64 = "0.22"
 x25519-dalek = { version = "3.0.0-pre.0", features = ["static_secrets"] }
 strum = "0.27"
 strum_macros = "0.27"
-zip = "5"
+zip = "6"
 maplit = "1"
 webbrowser = "1"
 serde_json = "1"

vopono_core/src/util/mod.rs

@@ -14,7 +14,7 @@ use anyhow::{Context, anyhow};
 use directories_next::BaseDirs;
 use ipnet::Ipv4Net;
 use log::{debug, info, warn};
-use nix::unistd::{Group, User};
+use nix::unistd::{Gid, Group, Uid, User};
 pub use open_hosts::open_hosts;
 pub use open_ports::open_ports;
 use rand::prelude::IndexedRandom;
@@ -33,6 +33,8 @@ use which::which;
 
 thread_local! {
     static CONFIG_DIR_OVERRIDE: std::cell::RefCell<Option<PathBuf>> = const { std::cell::RefCell::new(None) };
+    static CONFIG_OWNER_OVERRIDE: std::cell::RefCell<Option<(Uid, Gid)>> =
+        const {std::cell::RefCell::new(None) };
 }
 
 static DAEMON_MODE: std::sync::atomic::AtomicBool = std::sync::atomic::AtomicBool::new(false);
@@ -52,6 +54,10 @@ pub fn set_config_dir_override(path: Option<PathBuf>) {
     CONFIG_DIR_OVERRIDE.with(|ov| *ov.borrow_mut() = path);
 }
 
+pub fn set_config_owner_override(owner: Option<(Uid, Gid)>) {
+    CONFIG_OWNER_OVERRIDE.with(|ov| *ov.borrow_mut() = owner);
+}
+
 pub fn config_dir() -> anyhow::Result<PathBuf> {
     // Respect thread-local override first (used by daemon to select the connecting user's config).
     if let Some(override_path) = CONFIG_DIR_OVERRIDE.with(|ov| ov.borrow().clone())
@@ -176,14 +182,26 @@ pub fn set_config_permissions() -> anyhow::Result<()> {
     use std::os::unix::fs::PermissionsExt;
 
     let check_dir = vopono_dir()?;
-    let username = get_username()?;
-    let group = get_group(&username)?;
+    let (user, group) = CONFIG_OWNER_OVERRIDE
+        .with(|ov| *ov.borrow())
+        .map_or_else(
+            || -> anyhow::Result<(Option<Uid>, Option<Gid>)> {
+                let username = get_username()?;
+                let group_name = get_group(&username)?;
+                let user = User::from_name(&username)?
+                    .map(|x| x.uid)
+                    .ok_or_else(|| anyhow!("Failed to resolve uid for user '{username}'"))?;
+                let group = Group::from_name(&group_name)?
+                    .map(|x| x.gid)
+                    .ok_or_else(|| anyhow!("Failed to resolve gid for group '{group_name}'"))?;
+                Ok((Some(user), Some(group)))
+            },
+            |(uid, gid)| Ok((Some(uid), Some(gid))),
+        )?;
 
     let file_permissions = Permissions::from_mode(0o640);
     let dir_permissions = Permissions::from_mode(0o750);
 
-    let group = nix::unistd::Group::from_name(&group)?.map(|x| x.gid);
-    let user = nix::unistd::User::from_name(&username)?.map(|x| x.uid);
     for entry in WalkDir::new(check_dir).into_iter().filter_map(|e| e.ok()) {
         let path = entry.path();
         nix::unistd::chown(path, user, group)?;