From 68824459371650efa2442dd045cfe61859a38fce Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 19 Oct 2022 20:24:28 +0200 Subject: [PATCH] *: handle PermissionError when saving files, ensure permission bits are set correctly closes #3817 Signed-off-by: Jens Langhammer --- authentik/core/api/applications.py | 6 +++++- authentik/flows/api/flows.py | 6 +++++- lifecycle/ak | 4 +++- website/docs/troubleshooting/image_upload.md | 2 ++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/authentik/core/api/applications.py b/authentik/core/api/applications.py index 85cd369b5..5967b12de 100644 --- a/authentik/core/api/applications.py +++ b/authentik/core/api/applications.py @@ -232,7 +232,11 @@ class ApplicationViewSet(UsedByMixin, ModelViewSet): return Response({}) if icon: app.meta_icon = icon - app.save() + try: + app.save() + except PermissionError as exc: + LOGGER.warning("Failed to save icon", exc=exc) + return HttpResponseBadRequest() return Response({}) return HttpResponseBadRequest() diff --git a/authentik/flows/api/flows.py b/authentik/flows/api/flows.py index 8b5749387..e70201049 100644 --- a/authentik/flows/api/flows.py +++ b/authentik/flows/api/flows.py @@ -239,7 +239,11 @@ class FlowViewSet(UsedByMixin, ModelViewSet): return Response({}) if background: flow.background = background - flow.save() + try: + flow.save() + except PermissionError as exc: + LOGGER.warning("Failed to save icon", exc=exc) + return HttpResponseBadRequest() return Response({}) return HttpResponseBadRequest() diff --git a/lifecycle/ak b/lifecycle/ak index bec961622..69a7f9787 100755 --- a/lifecycle/ak +++ b/lifecycle/ak @@ -27,8 +27,10 @@ function check_if_root { GROUP_NAME=$(getent group $DOCKER_GID | sed 's/:/\n/g' | head -1) GROUP="authentik:${GROUP_NAME}" fi - # Fix permissions of backups and media + # Fix permissions of certs and media chown -R authentik:authentik /media /certs + chmod ug+rwx /media + chmod ug+rx /certs exec chpst -u authentik:$GROUP env HOME=/authentik $1 } diff --git a/website/docs/troubleshooting/image_upload.md b/website/docs/troubleshooting/image_upload.md index 433fa93d2..d57a0bebe 100644 --- a/website/docs/troubleshooting/image_upload.md +++ b/website/docs/troubleshooting/image_upload.md @@ -15,4 +15,6 @@ To fix these issues, run these commands in the folder of your docker-compose fil ```shell sudo chown 1000:1000 media/ sudo chown 1000:1000 custom-templates/ +sudo chmod ug+rwx media/ +sudo chmod ug+rx certs/ ```