From b36b3be176fee2389a48e7ac5c037ea44df8b4c9 Mon Sep 17 00:00:00 2001
From: Adam Outler <adamoutler@gmail.com>
Date: Wed, 29 Oct 2025 00:08:09 +0000
Subject: [PATCH] Fix permissions messages and test parms

---
 .../services/scripts/check-app-permissions.sh     |  5 +++--
 test/docker_tests/test_container_environment.py   | 15 ++++++++++-----
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/install/production-filesystem/services/scripts/check-app-permissions.sh b/install/production-filesystem/services/scripts/check-app-permissions.sh
index d82ea559..9d9cd755 100644
--- a/install/production-filesystem/services/scripts/check-app-permissions.sh
+++ b/install/production-filesystem/services/scripts/check-app-permissions.sh
@@ -67,8 +67,9 @@ EOF
     chown -R netalertx:netalertx ${READ_WRITE_PATHS}
 
     # Set directory and file permissions for all read-write paths
-    find ${READ_WRITE_PATHS} -type d -exec chmod 700 {} +
-    find ${READ_WRITE_PATHS} -type f -exec chmod 600 {} +
+    find ${READ_WRITE_PATHS} -type d -exec chmod 700 {} + 2>/dev/null
+    find ${READ_WRITE_PATHS} -type f -exec chmod 600 {} + 2>/dev/null
+    echo Permissions fixed for read-write paths. Please restart the container as user 20211.
     sleep infinity & wait $!; exit 211
 fi
 
diff --git a/test/docker_tests/test_container_environment.py b/test/docker_tests/test_container_environment.py
index 1e751ff4..d847000f 100644
--- a/test/docker_tests/test_container_environment.py
+++ b/test/docker_tests/test_container_environment.py
@@ -831,6 +831,7 @@ def test_running_as_root_is_blocked(tmp_path: pathlib.Path) -> None:
         user="0",
     )
     _assert_contains(result, "NetAlertX is running as ROOT", result.args)
+    _assert_contains(result, "Permissions fixed for read-write paths.", result.args)
     assert result.returncode == 0 # container must be forced to exit 0 by termination after warning
 
 
@@ -885,8 +886,10 @@ def test_missing_app_conf_triggers_seed(tmp_path: pathlib.Path) -> None:
     Container automatically regenerates default configuration on startup.
     Expected: Automatic regeneration of default configuration.
     """
-    paths = _setup_mount_tree(tmp_path, "missing_app_conf")
-    (paths["app_config"] / "app.conf").unlink()
+    base = tmp_path / "missing_app_conf_base"
+    paths = _setup_fixed_mount_tree(base)
+    _chown_netalertx(paths["app_config"])
+    (paths["app_config"] / "testfile.txt").write_text("test")
     volumes = _build_volume_args(paths)
     result = _run_container("missing-app-conf", volumes)
     _assert_contains(result, "Default configuration written to", result.args)
@@ -900,10 +903,12 @@ def test_missing_app_db_triggers_seed(tmp_path: pathlib.Path) -> None:
     Container automatically creates initial database schema on startup.
     Expected: Automatic creation of initial database schema.
     """
-    paths = _setup_mount_tree(tmp_path, "missing_app_db")
-    (paths["app_db"] / "app.db").unlink()
+    base = tmp_path / "missing_app_db_base"
+    paths = _setup_fixed_mount_tree(base)
+    _chown_netalertx(paths["app_db"])
+    (paths["app_db"] / "testfile.txt").write_text("test")
     volumes = _build_volume_args(paths)
-    result = _run_container("missing-app-db", volumes, user="0:0")
+    result = _run_container("missing-app-db", volumes, user="20211:20211")
     _assert_contains(result, "Building initial database schema", result.args)
     assert result.returncode != 0