Add permission check for local deployment update-users

dguido · claude · dguido · commit ebd9b5f2f761 · 2025-11-28T00:48:52.000-05:00
For local deployments, file ownership must be consistent between initial deployment and subsequent update-users runs. When there's a mismatch (e.g., initial deployment without sudo, update with sudo), files get mixed ownership causing permission errors. This adds a pre-flight check that: - Detects local deployments (localhost or algo_provider: local) - Compares config directory owner with current user - Displays a warning with guidance if there's a mismatch - Provides the exact chown command to fix permissions Addresses #14551 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/users.yml b/users.yml
@@ -51,6 +51,35 @@
           include_vars:
             file: configs/{{ algo_server }}/.config.yml
 
+        - name: Check local deployment permissions
+          block:
+            - name: Get config directory owner
+              stat:
+                path: configs/{{ algo_server }}
+              register: config_dir_stat
+
+            - name: Warn about local deployment permissions
+              debug:
+                msg: |
+                  LOCAL DEPLOYMENT DETECTED
+
+                  For local deployments, file permissions must be consistent.
+                  Config directory is owned by: {{ config_dir_stat.stat.pw_name }}
+                  Current user: {{ ansible_user_id }}
+                  Running as root: {{ ansible_user_id == 'root' }}
+
+                  To avoid permission issues:
+                  - Always run update-users the same way as initial deployment
+                  - If you used sudo initially, use sudo for updates
+                  - If you didn't use sudo initially, don't use it for updates
+
+                  If permissions are already mixed, fix with:
+                    sudo chown -R {{ config_dir_stat.stat.pw_name }} configs/{{ algo_server }}/
+              when: >
+                (ansible_user_id == 'root' and config_dir_stat.stat.pw_name != 'root') or
+                (ansible_user_id != 'root' and config_dir_stat.stat.pw_name == 'root')
+          when: algo_server == 'localhost' or algo_provider | default('') == 'local'
+
         - name: Test SSH connectivity to server
           wait_for:
             host: "{{ algo_server }}"
