From a3c7be61d012cbe75239062febdea9066a7a3198 Mon Sep 17 00:00:00 2001
From: Paul Trowbridge <paul@hptrow.me>
Date: Sun, 5 Apr 2026 17:10:59 -0400
Subject: [PATCH] Fix nginx config file permissions after sudo cp

sudo cp creates the file as root:root 0600, making it unreadable by the
app user. Add sudo chmod 644 after writing so status detection can read
it without sudo, matching how other nginx configs are set up.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 manage.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/manage.py b/manage.py
index 7509931..eba10bb 100755
--- a/manage.py
+++ b/manage.py
@@ -147,14 +147,12 @@ def ui_build_time():
     return None
 
 def nginx_domain(port):
-    """Find nginx site proxying to our port. Uses sudo to read root-owned configs."""
+    """Find nginx site proxying to our port."""
     if not NGINX_DIR.exists():
         return None
     for f in NGINX_DIR.iterdir():
         try:
-            r = subprocess.run(['sudo', '-n', 'cat', str(f)],
-                               capture_output=True, text=True)
-            text = r.stdout if r.returncode == 0 else f.read_text()
+            text = f.read_text()
             if f':{port}' in text:
                 for line in text.splitlines():
                     if 'server_name' in line:
@@ -497,6 +495,7 @@ server {{
     if r.returncode != 0:
         err(f'Could not write {conf_path} — check sudo permissions')
         return
+    sudo_run(['chmod', '644', str(conf_path)])
     ok(f'nginx config written to {conf_path}')
 
     print('  Testing nginx configuration...')