fix config file perm for setup production

bench/cli.py

@@ -12,7 +12,8 @@ from .utils import set_url_root as _set_url_root
 from .utils import set_default_site as _set_default_site
 from .utils import (build_assets, patch_sites, exec_cmd, update_bench, get_frappe, setup_logging,
 					get_config, update_config, restart_supervisor_processes, put_config, default_config, update_requirements,
-					backup_all_sites, backup_site, get_sites, prime_wheel_cache, is_root, set_mariadb_host, drop_privileges)
+					backup_all_sites, backup_site, get_sites, prime_wheel_cache, is_root, set_mariadb_host, drop_privileges,
+					fix_file_perms)
 from .app import get_app as _get_app
 from .app import new_app as _new_app
 from .app import pull_all_apps
@@ -396,31 +397,11 @@ def patch():
 
 @click.command('fix-perms')
 def _fix_perms():
+	"Fix permissions if supervisor processes were run as root"
 	if os.path.exists("config/supervisor.conf"):
 		exec_cmd("supervisorctl stop frappe:")
 
-	"Fix permissions if supervisor processes were run as root"
+	fix_file_perms()
-	files = [
-	"logs/web.error.log",
-	"logs/web.log",
-	"logs/workerbeat.error.log",
-	"logs/workerbeat.log",
-	"logs/worker.error.log",
-	"logs/worker.log",
-	"config/nginx.conf",
-	"config/supervisor.conf",
-	]
-
-	frappe_user = get_config().get('frappe_user')
-	if not frappe_user:
-		print "frappe user not set"
-		sys.exit(1)
-
-	for path in files:
-		if os.path.exists(path):
-			uid = pwd.getpwnam(frappe_user).pw_uid
-			gid = grp.getgrnam(frappe_user).gr_gid
-			os.chown(path, uid, gid)
 
 	if os.path.exists("config/supervisor.conf"):
 		exec_cmd("{bench} setup supervisor".format(bench=sys.argv[0]))

bench/production_setup.py

@@ -1,4 +1,4 @@
-from .utils import get_program, exec_cmd, get_cmd_output
+from .utils import get_program, exec_cmd, get_cmd_output, fix_file_perms
 from .config import generate_nginx_config, generate_supervisor_config
 from jinja2 import Environment, PackageLoader
 import os
@@ -44,6 +44,7 @@ def copy_default_nginx_config():
 def setup_production(user, bench='.'):
 	generate_supervisor_config(bench=bench, user=user)
 	generate_nginx_config(bench=bench)
+	fix_file_perms(frappe_user=user)
 	remove_default_nginx_configs()
 
 	if is_centos7():

bench/utils.py

@@ -317,3 +317,28 @@ def drop_privileges(uid_name='nobody', gid_name='nogroup'):
 
 	# Ensure a very conservative umask
 	old_umask = os.umask(077)
+
+def fix_file_perms(frappe_user=None):
+	files = [
+	"logs/web.error.log",
+	"logs/web.log",
+	"logs/workerbeat.error.log",
+	"logs/workerbeat.log",
+	"logs/worker.error.log",
+	"logs/worker.log",
+	"config/nginx.conf",
+	"config/supervisor.conf",
+	]
+
+	if not frappe_user:
+		frappe_user = get_config().get('frappe_user')
+
+	if not frappe_user:
+		print "frappe user not set"
+		sys.exit(1)
+
+	for path in files:
+		if os.path.exists(path):
+			uid = pwd.getpwnam(frappe_user).pw_uid
+			gid = grp.getgrnam(frappe_user).gr_gid
+			os.chown(path, uid, gid)