f

scripts/run_client.py

@@ -262,6 +262,26 @@ def ensure_service_user(username: str) -> bool:
         return False
 
 
+def grant_service_user_repo_access(repo_root: Path, username: str) -> bool:
+    try:
+        for dirpath, dirnames, filenames in os.walk(repo_root):
+            shutil.chown(dirpath, user=username, group=username)
+            for name in dirnames + filenames:
+                path = Path(dirpath) / name
+                shutil.chown(path, user=username, group=username)
+        return True
+    except PermissionError as exc:
+        print(
+            f"Failed to grant ownership of '{repo_root}' to '{username}': {exc}"
+        )
+        return False
+    except Exception as exc:
+        print(
+            f"Error while adjusting permissions for '{username}' in '{repo_root}': {exc}"
+        )
+        return False
+
+
 # --- Service install/uninstall helpers -----------------------------------
 
 
@@ -552,6 +572,11 @@ def install_service_systemd_system(
         if service_user and not ensure_service_user(service_user):
             print(f"Unable to prepare service user '{service_user}' for system service.")
             return False
+        if service_user and not grant_service_user_repo_access(repo_root, service_user):
+            print(
+                f"Failed to assign '{service_user}' as the owner of '{repo_root}'."
+            )
+            return False
 
         unit_dir = Path("/etc/systemd/system")
         service_file = unit_dir / f"{service_name}.service"
@@ -698,6 +723,7 @@ def install_service_auto(
     detached: bool = True,
     pull: bool = False,
     workspace_root: Optional[Path] = None,
+    service_user: Optional[str] = None,
 ) -> bool:
     try:
         if os.name == "nt":
@@ -719,7 +745,8 @@ def install_service_auto(
                     headless=headless,
                     detached=detached,
                     pull=pull,
-                    workspace_root=workspace_root
+                    workspace_root=workspace_root,
+                    service_user=service_user,
                 )
             else:
                 return install_service_cron(
@@ -918,6 +945,11 @@ def main(argv: Optional[List[str]] = None) -> int:
         default="hydrus-client",
         help="Name of the service / scheduled task to install (default: hydrus-client)",
     )
+    p.add_argument(
+        "--service-user",
+        default=None,
+        help="When installing a system-wide unit as root, optionally run it under this user (default: hydrusnetwork)",
+    )
     p.add_argument(
         "--cwd",
         default=None,
@@ -1144,6 +1176,16 @@ def main(argv: Optional[List[str]] = None) -> int:
         else:
             use_headless = not first_run
 
+        service_user = args.service_user.strip() if args.service_user else None
+        if (
+            args.install_service
+            and not service_user
+            and os.name != "nt"
+            and hasattr(os, "geteuid")
+            and os.geteuid() == 0
+        ):
+            service_user = "hydrusnetwork"
+
         if args.install_service:
             ok = install_service_auto(
                 args.service_name,
@@ -1152,7 +1194,8 @@ def main(argv: Optional[List[str]] = None) -> int:
                 headless=use_headless,
                 detached=True,
                 pull=args.pull,
-                workspace_root=workspace_root
+                workspace_root=workspace_root,
+                service_user=service_user
             )
             return 0 if ok else 6
         if args.uninstall_service: