Implemented a workaround for permission problems on uploaded recordings.

The recorder uploads presentations without group write permissions, which is
necessary for the play-daemon to be able to properly process recordings.
Hence we set the group write permission on all newly detected uploads

README.md

@@ -17,8 +17,9 @@ For development:
 
 For production:
  * Copy `config.ini.example`to `config.ini` and set the proper parameters
- * Create an `arec-watcher` user
  * Install the systemd unit file:
    `sudo cp arec-watcher.service /etc/systemd/system/`
+ * Edit the unit file so the watcher runs as the same user that
+   uploads arec recordings.
  * Activate the service: `sudo systemctl enable arec-watcher.service`
  * Run the service: `sudo systemctl start arec-watcher.service`

watcher/watcher.py

@@ -1,4 +1,5 @@
 import logging
+import os
 
 from pathlib import Path
 
@@ -53,6 +54,11 @@ class Watcher(PatternMatchingEventHandler):
             return
 
         self.logger.info('Picked up %s', basedir)
+
+        # The arec upload fails to respect the parent's ACL,
+        # so we have to fix the permissions here.
+        self._make_group_writable(basedir)
+
         try:
             result = requests.post(self.notify_url,
                                    data={'upload_dir': basedir})
@@ -72,3 +78,8 @@ class Watcher(PatternMatchingEventHandler):
 
     def on_moved(self, event):
         self._process(Path(event.dest_path))
+
+    def _make_group_writable(self, path: Path):
+        # Python doesn't have any good tools for recursive permissions,
+        # so we lean on the OS.
+        os.system(f'chmod -R g+w {path}')