fix: права www-data после git pull и npm install

Co-authored-by: Cursor <cursoragent@cursor.com>

.env.example

@@ -39,6 +39,7 @@ SMTP_FROM=shop@example.com
 # ADMIN_UPDATE_ENABLED=1
 # ADMIN_UPDATE_USE_SUDO=1
 # SHOP_GIT_USER=root
+# SHOP_SERVICE_USER=www-data
 
 # PostgreSQL 17 (одна строка или отдельные переменные)
 DATABASE_URL=postgresql://shop:shop@127.0.0.1:5432/shop

scripts/admin-web-update.sh

@@ -10,6 +10,7 @@ source "$SCRIPT_DIR/shop-root.sh"
 
 PORT="${PORT:-3000}"
 REPO_OWNER="${SHOP_GIT_USER:-$(stat -c '%U' "$SHOP_ROOT/.git" 2>/dev/null || stat -c '%U' "$SHOP_ROOT" 2>/dev/null || echo root)}"
+SHOP_SERVICE_USER="${SHOP_SERVICE_USER:-www-data}"
 
 ensure_git_safe() {
   local user="$1"
@@ -52,7 +53,19 @@ run_as_owner "bash scripts/git-sync.sh"
 
 echo ""
 echo "--- npm install ---"
-run_as_owner "npm install --omit=dev"
+if [ "$(id -u)" -eq 0 ]; then
+  npm install --omit=dev
+else
+  run_as_owner "npm install --omit=dev"
+fi
+
+echo ""
+echo "--- права для службы shop ($SHOP_SERVICE_USER) ---"
+if [ "$(id -u)" -eq 0 ]; then
+  bash "$SCRIPT_DIR/fix-shop-permissions.sh"
+else
+  echo "WARN: запустите от root: sudo bash scripts/fix-shop-permissions.sh"
+fi
 
 echo ""
 echo "Новая версия:"

scripts/fix-shop-permissions.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+# Права на каталог магазина для пользователя systemd (www-data)
+#   sudo bash "$SHOP_ROOT/scripts/fix-shop-permissions.sh"
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=shop-root.sh
+source "$SCRIPT_DIR/shop-root.sh"
+
+SHOP_SERVICE_USER="${SHOP_SERVICE_USER:-www-data}"
+
+if [ "$(id -u)" -ne 0 ]; then
+  echo "Запустите от root: sudo bash $0"
+  exit 1
+fi
+
+if ! id "$SHOP_SERVICE_USER" &>/dev/null; then
+  echo "Ошибка: пользователь $SHOP_SERVICE_USER не найден"
+  exit 1
+fi
+
+echo "=== Права Shop: $SHOP_ROOT → $SHOP_SERVICE_USER ==="
+
+chown -R "$SHOP_SERVICE_USER:$SHOP_SERVICE_USER" "$SHOP_ROOT"
+
+# npm cache/logs для www-data
+for dir in /var/www/.npm /var/www/.cache; do
+  mkdir -p "$dir"
+  chown -R "$SHOP_SERVICE_USER:$SHOP_SERVICE_USER" "$dir"
+done
+
+if [ -f "$SHOP_ROOT/.env" ]; then
+  chmod 640 "$SHOP_ROOT/.env"
+  chown "$SHOP_SERVICE_USER:$SHOP_SERVICE_USER" "$SHOP_ROOT/.env"
+fi
+
+echo "OK: владелец $SHOP_SERVICE_USER, можно: systemctl restart shop"

scripts/server-update.sh

@@ -20,7 +20,13 @@ fi
 
 bash "$SCRIPT_DIR/git-sync.sh"
 
-npm install --omit=dev
+if [ "$(id -u)" -eq 0 ]; then
+  npm install --omit=dev
+  bash "$SCRIPT_DIR/fix-shop-permissions.sh"
+else
+  npm install --omit=dev
+  echo "ВНИМАНИЕ: для прав www-data выполните: sudo bash $SCRIPT_DIR/fix-shop-permissions.sh"
+fi
 
 if [ -f .env ] && ! grep -q '^DATABASE_URL=' .env; then
   echo "ВНИМАНИЕ: добавьте DATABASE_URL в .env (см. .env.example)"

wiki/Troubleshooting.md

@@ -38,6 +38,8 @@ journalctl -u shop -n 50 --no-pager
 | Placeholder / `URL_РЕПОЗИТОРИЯ` | `git clone <ваш-url> "$SHOP_ROOT"` — не копировать шаблоны как команды |
 | Нет `package.json` | `find /opt -name package.json`; `cd` в найденный каталог |
 | detached HEAD | `bash scripts/git-sync.sh` |
+| `EACCES` на `package-lock.json`, npm от www-data | `sudo bash scripts/fix-shop-permissions.sh` затем `sudo npm install --omit=dev` и снова `fix-shop-permissions` |
+| `shop.service` failed после обновления | `sudo bash scripts/fix-shop-permissions.sh` && `sudo systemctl restart shop` |
 | Нет `scripts/...` | `bash "$SHOP_ROOT/scripts/server-update.sh"` |
 | Unit shop not found | `sudo bash scripts/install-shop-service.sh` |
 | shop exit-code / auto-restart | `sudo bash scripts/free-port-3000.sh`; `systemctl restart shop` |