From 7b1ffc14103054523b726c4ff77abb8bef193e6a Mon Sep 17 00:00:00 2001
From: cliffmccarthy <16453869+cliffmccarthy@users.noreply.github.com>
Date: Wed, 30 Jul 2025 08:55:51 -0500
Subject: [PATCH 1/2] feat: Automate file ownership setting from host migration
 process

- Added a step to deploy_chatmail() that sets ownership of paths that
  are copied over as part of the upgrade process.
- Removed manual chown step from README.md.
---
 README.md                         |  9 ---------
 cmdeploy/src/cmdeploy/__init__.py | 14 ++++++++++++++
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 7ba08fdb..4ff8aa47 100644
--- a/README.md
+++ b/README.md
@@ -395,15 +395,6 @@ in this case, just run `ssh-keygen -R "mail.example.org"` as recommended.
    Postfix and Dovecot are disabled for now; we will enable them later. 
    We first need to make the new site fully operational. 
 
-3. On the new site, run the following to ensure the ownership is correct in case UIDs/GIDs changed:
-
-   ```
-    chown root: -R /var/lib/acme
-    chown opendkim: -R /etc/dkimkeys
-    chown vmail: -R /home/vmail/mail
-    chown echobot: -R /run/echobot
-   ```
-
 4. Now, update DNS entries. 
 
    If other MTAs try to deliver messages to your chatmail domain they may fail intermittently,
diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py
index cb894750..dfd269f0 100644
--- a/cmdeploy/src/cmdeploy/__init__.py
+++ b/cmdeploy/src/cmdeploy/__init__.py
@@ -748,6 +748,20 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
     _remove_rspamd()
     opendkim_need_restart = _configure_opendkim(mail_domain, "opendkim")
 
+    #
+    # If this system is pre-populated with data from a previous instance,
+    # we might need to adjust ownership of files.
+    #
+    stateful_paths = {
+        "/etc/dkimkeys": "opendkim",
+        "/home/vmail/mail": "vmail",
+        "/run/echobot": "echobot",
+        "/var/lib/acme": "root",
+    }
+    for stateful_path, path_owner in stateful_paths.items():
+        files.directory(stateful_path)  # In case it doesn't exist yet.
+        server.shell("chown {}: -R {}".format(path_owner, stateful_path))
+
     systemd.service(
         name="Start and enable OpenDKIM",
         service="opendkim.service",

From 614b9553513a7ee25ffb82791b4fc2ff74670419 Mon Sep 17 00:00:00 2001
From: cliffmccarthy <16453869+cliffmccarthy@users.noreply.github.com>
Date: Fri, 8 Aug 2025 11:21:58 -0500
Subject: [PATCH 2/2] chore: Add changelog entry

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e3e520dc..1ec7acb7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,9 @@
 - Check whether GCC is installed in initenv.sh
   ([#608](https://github.com/chatmail/relay/pull/608))
 
+- Automate file ownership setting from host migration process
+  ([#609](https://github.com/chatmail/relay/pull/609))
+
 - Expire push notification tokens after 90 days
   ([#583](https://github.com/chatmail/relay/pull/583))