From 320ef6da71e3c7f60fd153acd73c867ae3a6cbeb Mon Sep 17 00:00:00 2001 From: rcourtman Date: Wed, 19 Nov 2025 14:50:20 +0000 Subject: [PATCH] fix(sensor-proxy): ensure correct config.yaml permissions after modifications Fixed bug where config.yaml would end up with root:root 600 permissions after the installer modified it, causing service startup failures with "permission denied" errors. Root cause: Two code paths modified config.yaml without resetting ownership: 1. ensure_control_plane_config() - used mktemp (creates root-owned file), then mv'd it over config.yaml without chown/chmod 2. HTTP mode configuration - appended to config.yaml without resetting perms Fix: Added chown/chmod after both modifications: - Line 1601-1602: After control-plane config update - Line 1860-1861: After HTTP mode config append Now config.yaml maintains pulse-sensor-proxy:pulse-sensor-proxy 644 permissions after all modifications, allowing the service to start correctly. This bug was discovered during repair logic testing - the service failed to start after the installer ran, even though the fmt.Sprintf argument alignment fix was working correctly. --- scripts/install-sensor-proxy.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/install-sensor-proxy.sh b/scripts/install-sensor-proxy.sh index aab3504..8f5031f 100755 --- a/scripts/install-sensor-proxy.sh +++ b/scripts/install-sensor-proxy.sh @@ -1598,6 +1598,8 @@ ensure_control_plane_config() { { print } ' "$config_file" > "$tmp" mv "$tmp" "$config_file" + chown pulse-sensor-proxy:pulse-sensor-proxy "$config_file" + chmod 0644 "$config_file" return fi @@ -1855,6 +1857,8 @@ allowed_source_subnets: - $PULSE_IP/32 - 127.0.0.1/32 EOF + chown pulse-sensor-proxy:pulse-sensor-proxy /etc/pulse-sensor-proxy/config.yaml + chmod 0644 /etc/pulse-sensor-proxy/config.yaml print_success "HTTP mode configured successfully" echo ""