From fb3fd8059b493f3b105a8ec46cd7dd5e9ab5de3e Mon Sep 17 00:00:00 2001
From: Thomas Oettli <spacefreak@noop.ch>
Date: Wed, 21 Jan 2026 22:47:53 +0100
Subject: [PATCH] Change README.md and Gentoo ebuild

---
 README.md                      | 25 ++++++++++++++++++++-----
 files/ddns-service-9999.ebuild |  8 ++------
 2 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index e6c396f..4fa1bf8 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,16 @@ chown ddns:root /etc/ddns-service
 chown ddns:ddns /var/lib/ddns-service /var/log/ddns-service
 ```
 
-3. Service autostart
+3. Config file:
+```bash
+wget -O /etc/ddns-service/config.toml https://git.ccc-rheintal.ch/spacefreak/ddns-service/raw/branch/master/files/config.example.toml
+
+# The config file must not be world readable!
+chmod 640 /etc/ddns-service/config.toml
+chown ddns:root /etc/ddns-service/config.toml
+```
+
+4. Service autostart
 ```bash
 # Systemd setup
 wget -O /etc/systemd/systemd/ddns-service.service https://git.ccc-rheintal.ch/spacefreak/ddns-service/raw/branch/master/files/ddns-service.service
@@ -58,10 +67,6 @@ rc-update add ddns-service default
 
 ## Configuration
 
-```bash
-wget -O /etc/ddns-service/config.toml https://git.ccc-rheintal.ch/spacefreak/ddns-service/raw/branch/master/files/config.example.toml
-```
-
 Example:
 ```toml
 [daemon]
@@ -195,6 +200,16 @@ password = ["password"]
 ddns-service --init-db
 ```
 
+The database is automatically created and migrated when the daemon starts or any CLI command is executed.
+
+**SQLite permissions:** The first CLI invocation creates the database file. Run it as the service user (`sudo -u ddns ddns-service --init-db`) so the daemon can write to it. Root can use CLI afterwards without issues.
+
+To allow other users CLI access (SQLite only):
+```bash
+usermod -aG ddns myuser        # add user to ddns group
+chmod g+w /var/lib/ddns-service/ddns.db  # enable group write
+```
+
 ### User Management
 
 ```bash
diff --git a/files/ddns-service-9999.ebuild b/files/ddns-service-9999.ebuild
index 4b05e86..95e5053 100644
--- a/files/ddns-service-9999.ebuild
+++ b/files/ddns-service-9999.ebuild
@@ -46,20 +46,16 @@ python_install_all() {
 	dodoc files/config.example.toml
 
 	keepdir /var/log/${PN}
-	fowners ddns:ddns /var/log/${PN}
 
 	diropts -m750
-
 	keepdir /var/lib/${PN}
-	fowners ddns:ddns /var/lib/${PN}
+	fowners ddns:ddns /var/lib/${PN} /var/log/${PN}
 
 	dodir /etc/${PN}
-
 	insopts -m640
 	insinto /etc/${PN}
 	newins files/config.example.toml config.toml
-	fowners root:ddns /etc/${PN}/config.toml
-	fowners ddns:root /etc/${PN}
+	fowners ddns:root -R /etc/${PN} 
 
 	distutils-r1_python_install_all
 }