From 8b14f26125759ec833fe926ccb6db67b36a524cb Mon Sep 17 00:00:00 2001 From: librelad Date: Sun, 24 May 2026 18:00:19 +0100 Subject: [PATCH] refactor(desudo): route scattered runtime sudo through privilege helpers Convert the remaining ad-hoc 'sudo' calls across the data plane to the run_privileged helpers so every file op lands as the correct owner with no blanket root: - DB/configs (manager-owned): db_list_all_apps, delete_db_file, install_sqlite, cli_webui_commands -> runInstallOp - containers (dockerinstall-owned): scan_container_socket, delete_data, webui_task_files, webui_app_log, webui_config_patch, application_missing_variables, uninstall_app -> runFileOp/runFileWrite - genuine root: passwd, tailscale, ufw-docker, sysctl grep, systemd unit read, authorized_keys read, nobody chown -> runSystem - interactive editors and 'id -u': drop sudo entirely (run as caller) - owncloud/adguard container-UID config edits -> runSystem (funnel; docker-exec rework deferred) Co-Authored-By: Claude Opus 4.7 Signed-off-by: librelad --- scripts/app/app_update_specifics.sh | 2 +- .../app/containers/adguard/adguard_auth.sh | 10 +++---- .../owncloud/owncloud_setup_config.sh | 26 +++++++++---------- .../requirements/check_docker_rootless.sh | 2 +- .../checks/requirements/check_install_type.sh | 4 +-- .../cli/commands/webui/cli_webui_commands.sh | 4 +-- .../application/application_edit_config.sh | 2 +- .../application/application_menu_apps.sh | 2 +- .../application_missing_variables.sh | 2 +- scripts/config/core/config_manage_menu.sh | 4 +-- scripts/config/docker/docker_compose_menu.sh | 2 +- scripts/database/app/db_list_all_apps.sh | 4 +-- scripts/database/delete_db_file.sh | 2 +- scripts/database/install_sqlite.sh | 4 +-- scripts/docker/app/uninstall/delete_data.sh | 2 +- scripts/docker/app/uninstall/uninstall_app.sh | 6 ++--- .../type_switcher/scan_container_socket.sh | 4 +-- scripts/docker/update_docker_sudo_pass.sh | 2 +- scripts/docker/update_docker_user_pass.sh | 2 +- .../local/headscale_setup_localhost.sh | 4 +-- scripts/logs/installed_apps.sh | 2 +- .../generators/apps/webui_config_patch.sh | 2 +- .../generators/system/webui_ssh_access.sh | 4 +-- scripts/webui/data/tasks/webui_task_files.sh | 4 +-- scripts/webui/data/utils/webui_app_log.sh | 2 +- scripts/webui/webui_install_systemd.sh | 2 +- 26 files changed, 53 insertions(+), 53 deletions(-) diff --git a/scripts/app/app_update_specifics.sh b/scripts/app/app_update_specifics.sh index b5082e4..d8ccbc8 100755 --- a/scripts/app/app_update_specifics.sh +++ b/scripts/app/app_update_specifics.sh @@ -33,7 +33,7 @@ appUpdateSpecifics() # under its mounted data dir; fixPermissionsBeforeStart hands the dir to # the install user, so give it to 65534 here or the server can't open # the database. Restart so it picks the dir up. - sudo chown -R 65534:65534 "$containers_dir$app_name/data"; + runSystem chown -R 65534:65534 "$containers_dir$app_name/data"; shouldrestart="true"; fi diff --git a/scripts/app/containers/adguard/adguard_auth.sh b/scripts/app/containers/adguard/adguard_auth.sh index 7d338e0..274f45e 100644 --- a/scripts/app/containers/adguard/adguard_auth.sh +++ b/scripts/app/containers/adguard/adguard_auth.sh @@ -18,7 +18,7 @@ authAdapter_adguard_setPassword() { local tmp tmp=$(sudo mktemp) - if ! sudo awk -v u="$user" -v pw="$bcrypt" ' + if ! runSystem awk -v u="$user" -v pw="$bcrypt" ' /^users:/ { in_users=1; print; next } in_users && /^[^[:space:]-]/ { in_users=0 } in_users && /^[[:space:]]+name:/ && !done_user { @@ -29,13 +29,13 @@ authAdapter_adguard_setPassword() { } { print } END { exit (done_pw ? 0 : 1) } - ' "$yaml" | sudo tee "$tmp" >/dev/null; then - sudo rm -f "$tmp" + ' "$yaml" | runSystem tee "$tmp" >/dev/null; then + runSystem rm -f "$tmp" isError "AdGuardHome.yaml does not contain a 'users:' password line." return 1 fi - sudo cp "$tmp" "$yaml" - sudo rm -f "$tmp" + runSystem cp "$tmp" "$yaml" + runSystem rm -f "$tmp" authPersistCfg adguard ADMIN_USER "$user" authPersistCfg adguard ADMIN_PASSWORD "$password" diff --git a/scripts/app/containers/owncloud/owncloud_setup_config.sh b/scripts/app/containers/owncloud/owncloud_setup_config.sh index a9722f6..e3bee54 100755 --- a/scripts/app/containers/owncloud/owncloud_setup_config.sh +++ b/scripts/app/containers/owncloud/owncloud_setup_config.sh @@ -19,7 +19,7 @@ appOwnCloudSetupConfig() local owncloud_wait_time=5 # seconds # Remove the temporary folder in /tmp - result=$(sudo rm -rf "$owncloud_config") + result=$(runSystem rm -rf "$owncloud_config") checkSuccess "Removed default config.php" # Check when owncloud is setup. @@ -51,40 +51,40 @@ appOwnCloudSetupConfig() # Backups and Creation of config files # Copy the original config.php to the temporary file # Create a temporary folder in /tmp - result=$(sudo mkdir -p "$tmp_folder") + result=$(runSystem mkdir -p "$tmp_folder") checkSuccess "Created temporary folder: $tmp_folder" # Backups and Creation of config files # Copy the original config.php to the temporary file in /tmp - result=$(sudo cp "$owncloud_config" "$tmp_folder/config.php.tmp") + result=$(runSystem cp "$owncloud_config" "$tmp_folder/config.php.tmp") checkSuccess "Copy the original config.php contents to the temporary file" - result=$(sudo cp "$owncloud_config" "$owncloud_config_folder/config.php.backup") + result=$(runSystem cp "$owncloud_config" "$owncloud_config_folder/config.php.backup") checkSuccess "Backing up the original config.php file" - local result=$(sudo chmod -R 777 "$tmp_folder") + local result=$(runSystem chmod -R 777 "$tmp_folder") checkSuccess "Set permissions to for temp folder & files." - local result=$(sudo chown -R $docker_install_user:$docker_install_user "$tmp_folder") + local result=$(runSystem chown -R $docker_install_user:$docker_install_user "$tmp_folder") checkSuccess "Updating ownership on temp folder to $docker_install_user" # Create another temporary file for awk output local tmp_awk_output="$tmp_folder/config_awk_output.tmp" # Use awk to delete lines for 'trusted_domains' from the temporary file - result=$(sudo awk '/'"'trusted_domains'"'/,/\),/{next} {print}' "$tmp_folder/config.php.tmp" > "$tmp_awk_output") + result=$(runSystem awk '/'"'trusted_domains'"'/,/\),/{next} {print}' "$tmp_folder/config.php.tmp" > "$tmp_awk_output") checkSuccess "Use awk to delete lines for 'trusted_domains' from the temporary file" # Remove the line containing 'overwrite.cli.url' - result=$(sudo sed -i '/overwrite\.cli\.url/d' "$tmp_awk_output") + result=$(runSystem sed -i '/overwrite\.cli\.url/d' "$tmp_awk_output") checkSuccess "Remove line containing 'overwrite.cli.url'" # Remove the existing ');' from the end of the file - result=$(sudo sed -i '$s/);//' "$tmp_awk_output") + result=$(runSystem sed -i '$s/);//' "$tmp_awk_output") checkSuccess "Remove ');' from the end of the file" # Remove empty lines from the temporary file - result=$(sudo sed -i '/^ *$/d' "$tmp_awk_output") + result=$(runSystem sed -i '/^ *$/d' "$tmp_awk_output") checkSuccess "Remove empty lines from the temporary file" if [[ $public == "true" ]]; then @@ -117,14 +117,14 @@ fi # Update permissions # Move the modified temporary file back to the original location - result=$(sudo mv "$tmp_awk_output" "$owncloud_config") + result=$(runSystem mv "$tmp_awk_output" "$owncloud_config") checkSuccess "Overwrite the original config.php with the updated content" - result=$(sudo chown 165568:$docker_install_user $owncloud_config) + result=$(runSystem chown 165568:$docker_install_user $owncloud_config) checkSuccess "Update permissions of ownCloud config to reflect container needs." # Remove the temporary folder in /tmp - result=$(sudo rm -rf "$tmp_folder") + result=$(runSystem rm -rf "$tmp_folder") checkSuccess "Removed temporary folder: $tmp_folder" else isError "Container is not healthy. Setup seems to have failed." diff --git a/scripts/checks/requirements/check_docker_rootless.sh b/scripts/checks/requirements/check_docker_rootless.sh index e6967a7..e7e2f7c 100755 --- a/scripts/checks/requirements/check_docker_rootless.sh +++ b/scripts/checks/requirements/check_docker_rootless.sh @@ -4,7 +4,7 @@ checkDockerRootlessRequirement() { if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then ### Docker Rootless - if sudo grep -q "ROOTLESS" $sysctl; then + if runSystem grep -q "ROOTLESS" $sysctl; then isSuccessful "Docker Rootless appears to be installed." else isNotice "Docker Rootless does not appear to be installed." diff --git a/scripts/checks/requirements/check_install_type.sh b/scripts/checks/requirements/check_install_type.sh index b1b900b..6ae6a2a 100755 --- a/scripts/checks/requirements/check_install_type.sh +++ b/scripts/checks/requirements/check_install_type.sh @@ -22,7 +22,7 @@ checkInstallTypeRequirement() if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then ISCOMP=$( (docker compose -v ) 2>&1 ) ISUFW=$( (runSystem ufw status ) 2>&1 ) - ISUFWD=$( (sudo ufw-docker) 2>&1 ) + ISUFWD=$( (runSystem ufw-docker) 2>&1 ) resolveDockerInstallUser @@ -31,7 +31,7 @@ checkInstallTypeRequirement() ISACT=$( (runSystem systemctl is-active docker ) 2>&1 ) elif [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then # Used for checking the rootless user - local ISUSER=$( (sudo id -u "$CFG_DOCKER_INSTALL_USER")) + local ISUSER=$( (id -u "$CFG_DOCKER_INSTALL_USER")) if [[ "$ISUSER" == *"no such user"* ]]; then ISACT=$(command -v docker &> /dev/null) fi diff --git a/scripts/cli/commands/webui/cli_webui_commands.sh b/scripts/cli/commands/webui/cli_webui_commands.sh index 4b4b014..400b366 100755 --- a/scripts/cli/commands/webui/cli_webui_commands.sh +++ b/scripts/cli/commands/webui/cli_webui_commands.sh @@ -78,8 +78,8 @@ cliWebuiLoginReset() # Restore placeholders so the scan re-randomizes them if [ -f "$webui_logins_file" ]; then - sudo sed -i -E 's/^(CFG_WEBUI_USERNAME=).*$/\1RANDOMIZEDUSERNAME1/' "$webui_logins_file" - sudo sed -i -E 's/^(CFG_WEBUI_PASSWORD=).*$/\1RANDOMIZEDPASSWORD1/' "$webui_logins_file" + runInstallOp sed -i -E 's/^(CFG_WEBUI_USERNAME=).*$/\1RANDOMIZEDUSERNAME1/' "$webui_logins_file" + runInstallOp sed -i -E 's/^(CFG_WEBUI_PASSWORD=).*$/\1RANDOMIZEDPASSWORD1/' "$webui_logins_file" fi # Remove auth file to force credential regeneration on next container start diff --git a/scripts/config/application/application_edit_config.sh b/scripts/config/application/application_edit_config.sh index c427b67..061f234 100755 --- a/scripts/config/application/application_edit_config.sh +++ b/scripts/config/application/application_edit_config.sh @@ -22,7 +22,7 @@ editAppConfig() local original_checksum=$(md5sum "$config_file") # Open the file with $CFG_TEXT_EDITOR for editing - sudo $CFG_TEXT_EDITOR "$config_file" + $CFG_TEXT_EDITOR "$config_file" # Calculate the checksum of the edited file local edited_checksum=$(md5sum "$config_file") diff --git a/scripts/config/application/application_menu_apps.sh b/scripts/config/application/application_menu_apps.sh index f7e5d7f..0e02ae0 100755 --- a/scripts/config/application/application_menu_apps.sh +++ b/scripts/config/application/application_menu_apps.sh @@ -50,7 +50,7 @@ viewAppConfigs() local config_file="$containers_dir/${selected_app}/${selected_app}.config" if [ -f "$config_file" ]; then - sudo $CFG_TEXT_EDITOR "$config_file" + $CFG_TEXT_EDITOR "$config_file" createTouch "$config_file" $sudo_user_name echo "" isNotice "Configuration file for '$selected_app' has been updated." diff --git a/scripts/config/application/application_missing_variables.sh b/scripts/config/application/application_missing_variables.sh index eb99fa1..e5598ac 100755 --- a/scripts/config/application/application_missing_variables.sh +++ b/scripts/config/application/application_missing_variables.sh @@ -9,7 +9,7 @@ checkApplicationsConfigFilesMissingVariables() app=$(basename "$live" .config) remote="$install_containers_dir$app/$app.config" reconcileConfigFile "$live" "$remote" - done < <(sudo find "$containers_dir" -maxdepth 2 -type f -name '*.config' ! -name '*.bak') + done < <(runFileOp find "$containers_dir" -maxdepth 2 -type f -name '*.config' ! -name '*.bak') isSuccessful "Application config reconciliation completed." } diff --git a/scripts/config/core/config_manage_menu.sh b/scripts/config/core/config_manage_menu.sh index 76317ce..0f59878 100755 --- a/scripts/config/core/config_manage_menu.sh +++ b/scripts/config/core/config_manage_menu.sh @@ -51,7 +51,7 @@ viewLibrePortalConfigs() # Check if the specific config matches either the display name or config name if [[ "$display_name" == "$specific_config" ]] || [[ "$config_name" == "$specific_config" ]]; then - sudo $CFG_TEXT_EDITOR "${config_files[i]}" + $CFG_TEXT_EDITOR "${config_files[i]}" createTouch "${config_files[i]}" $sudo_user_name echo "" isNotice "Configuration file '$display_name' has been updated." @@ -109,7 +109,7 @@ viewLibrePortalConfigs() local selected_file="${config_files[index]}" local selected_display_name="${config_display_names[index]}" - sudo $CFG_TEXT_EDITOR "$selected_file" + $CFG_TEXT_EDITOR "$selected_file" createTouch "$selected_file" $sudo_user_name config_timestamps["$selected_display_name"]=$(stat -c "%y" "$selected_file") diff --git a/scripts/config/docker/docker_compose_menu.sh b/scripts/config/docker/docker_compose_menu.sh index a9c7225..8001567 100755 --- a/scripts/config/docker/docker_compose_menu.sh +++ b/scripts/config/docker/docker_compose_menu.sh @@ -84,7 +84,7 @@ viewComposeFiles() local index=$((file_number - 1)) if ((index >= 0 && index < ${#selected_compose_files[@]})); then local selected_file="${selected_compose_files[index]}" - sudo $CFG_TEXT_EDITOR "$selected_file" + $CFG_TEXT_EDITOR "$selected_file" fi done diff --git a/scripts/database/app/db_list_all_apps.sh b/scripts/database/app/db_list_all_apps.sh index ede97b3..cb9314d 100755 --- a/scripts/database/app/db_list_all_apps.sh +++ b/scripts/database/app/db_list_all_apps.sh @@ -5,7 +5,7 @@ databaseListAllApps() if [[ "$toollistallapps" == [yY] ]]; then # Check if sqlite3 is available - if ! command -v sudo sqlite3 &> /dev/null; then + if ! command -v runInstallOp sqlite3 &> /dev/null; then isNotice "sqlite3 command not found. Make sure it's installed." fi @@ -17,7 +17,7 @@ databaseListAllApps() isHeader "Listing full apps database" # Execute the SQLite query and store the output in a variable - local output=$(sudo sqlite3 -header -column $docker_dir/$db_file "SELECT * FROM apps;") + local output=$(runInstallOp sqlite3 -header -column $docker_dir/$db_file "SELECT * FROM apps;") # Count the number of non-header lines (data rows) in the 'output' local num_data_rows=$(echo "$output" | grep -v '^name[[:space:]]|') diff --git a/scripts/database/delete_db_file.sh b/scripts/database/delete_db_file.sh index 223b8cb..9244e78 100755 --- a/scripts/database/delete_db_file.sh +++ b/scripts/database/delete_db_file.sh @@ -3,7 +3,7 @@ databaseRemoveFile() { if [[ "$tooldeletedb" == [yY] ]]; then - local result=$(sudo rm $docker_dir/$db_file) + local result=$(runInstallOp rm $docker_dir/$db_file) checkSuccess "Removing $db_file file" fi } \ No newline at end of file diff --git a/scripts/database/install_sqlite.sh b/scripts/database/install_sqlite.sh index 7d0e203..e18ce50 100755 --- a/scripts/database/install_sqlite.sh +++ b/scripts/database/install_sqlite.sh @@ -10,10 +10,10 @@ installSQLiteDatabase() # Create SQLite database file if [ ! -e "$docker_dir/$db_file" ]; then - local result=$(sudo touch $docker_dir/$db_file) + local result=$(runInstallOp touch $docker_dir/$db_file) checkSuccess "Creating SQLite $db_file file" - local result=$(sudo chmod 755 $docker_dir/$db_file && sudo chown $sudo_user_name $docker_dir/$db_file) + local result=$(runInstallOp chmod 755 $docker_dir/$db_file) checkSuccess "Changing permissions for SQLite $db_file file" fi diff --git a/scripts/docker/app/uninstall/delete_data.sh b/scripts/docker/app/uninstall/delete_data.sh index 8b5f9d6..fb822ee 100755 --- a/scripts/docker/app/uninstall/delete_data.sh +++ b/scripts/docker/app/uninstall/delete_data.sh @@ -7,7 +7,7 @@ dockerDeleteData() if [[ "$app_name" == "" ]]; then isError "No app_name provided, unable to continue..." else - local result=$(sudo rm -rf $containers_dir$app_name) + local result=$(runFileOp rm -rf $containers_dir$app_name) checkSuccess "Deleting $app_name install folder" fi diff --git a/scripts/docker/app/uninstall/uninstall_app.sh b/scripts/docker/app/uninstall/uninstall_app.sh index 0a2a93e..5de5c8f 100755 --- a/scripts/docker/app/uninstall/uninstall_app.sh +++ b/scripts/docker/app/uninstall/uninstall_app.sh @@ -98,12 +98,12 @@ dockerUninstallApp() [[ ! -f "$_tf" ]] && continue # Skip in-flight tasks — that includes the uninstall task # we're currently inside, plus anything queued or running. - if sudo grep -qE "\"status\"[[:space:]]*:[[:space:]]*\"(running|queued|pending)\"" "$_tf" 2>/dev/null; then + if runFileOp grep -qE "\"status\"[[:space:]]*:[[:space:]]*\"(running|queued|pending)\"" "$_tf" 2>/dev/null; then continue fi - if sudo grep -q "\"app\"[[:space:]]*:[[:space:]]*\"${stored_app_name}\"" "$_tf" 2>/dev/null; then + if runFileOp grep -q "\"app\"[[:space:]]*:[[:space:]]*\"${stored_app_name}\"" "$_tf" 2>/dev/null; then local _id=$(basename "$_tf" .json) - sudo rm -f "$_tf" "$_tasks_dir/${_id}.log" "$_tasks_dir/${_id}.cancel" 2>/dev/null + runFileOp rm -f "$_tf" "$_tasks_dir/${_id}.log" "$_tasks_dir/${_id}.cancel" 2>/dev/null _removed=$((_removed + 1)) fi done diff --git a/scripts/docker/type_switcher/scan_container_socket.sh b/scripts/docker/type_switcher/scan_container_socket.sh index a6054ec..b0365d2 100755 --- a/scripts/docker/type_switcher/scan_container_socket.sh +++ b/scripts/docker/type_switcher/scan_container_socket.sh @@ -16,12 +16,12 @@ dockerSwitcherScanContainersForSocket() fi isSuccessful "Found Docker socket to change in file: $file" if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then - local result=$(sudo sed -i \ + local result=$(runFileOp sed -i \ -e "/#SOCKETHERE/s|.*| - /run/user/${docker_install_user_id}/docker.sock:/run/user/${docker_install_user_id}/docker.sock:ro #SOCKETHERE|" \ "$file") checkSuccess "Updating docker socket for $app_name" elif [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then - local result=$(sudo sed -i \ + local result=$(runFileOp sed -i \ -e "/#SOCKETHERE/s|.*| - $docker_rooted_socket:$docker_rooted_socket:ro #SOCKETHERE|" \ "$file") checkSuccess "Updating docker socket for $app_name" diff --git a/scripts/docker/update_docker_sudo_pass.sh b/scripts/docker/update_docker_sudo_pass.sh index 3eb2184..3a134b5 100755 --- a/scripts/docker/update_docker_sudo_pass.sh +++ b/scripts/docker/update_docker_sudo_pass.sh @@ -2,6 +2,6 @@ updateDockerSudoPassword() { - local result=$(echo -e "$CFG_LIBREPORTAL_USER_PASS\n$CFG_LIBREPORTAL_USER_PASS" | sudo passwd "$sudo_user_name" > /dev/null 2>&1) + local result=$(echo -e "$CFG_LIBREPORTAL_USER_PASS\n$CFG_LIBREPORTAL_USER_PASS" | runSystem passwd "$sudo_user_name" > /dev/null 2>&1) checkSuccess "Updating the password for the $sudo_user_name user" } diff --git a/scripts/docker/update_docker_user_pass.sh b/scripts/docker/update_docker_user_pass.sh index dd47a85..f73f280 100755 --- a/scripts/docker/update_docker_user_pass.sh +++ b/scripts/docker/update_docker_user_pass.sh @@ -2,6 +2,6 @@ updateDockerInstallPassword() { - local result=$(echo -e "$CFG_DOCKER_INSTALL_PASS\n$CFG_DOCKER_INSTALL_PASS" | sudo passwd "$CFG_DOCKER_INSTALL_USER" > /dev/null 2>&1) + local result=$(echo -e "$CFG_DOCKER_INSTALL_PASS\n$CFG_DOCKER_INSTALL_PASS" | runSystem passwd "$CFG_DOCKER_INSTALL_USER" > /dev/null 2>&1) checkSuccess "Updating the password for the $CFG_DOCKER_INSTALL_USER user" } diff --git a/scripts/headscale/local/headscale_setup_localhost.sh b/scripts/headscale/local/headscale_setup_localhost.sh index d767489..03a9b67 100755 --- a/scripts/headscale/local/headscale_setup_localhost.sh +++ b/scripts/headscale/local/headscale_setup_localhost.sh @@ -13,7 +13,7 @@ setupHeadscaleLocalhost() setupHeadscaleGenerateAuthKey; - result=$(sudo tailscale up --login-server $headscale_live_hostname --authkey $headscale_preauthkey --force-reauth) + result=$(runSystem tailscale up --login-server $headscale_live_hostname --authkey $headscale_preauthkey --force-reauth) checkSuccess "Connecting $app_name to Headscale Server" result=$(rm -rf $headscale_preauthkey_file) @@ -32,7 +32,7 @@ setupHeadscaleLocalhost() result=$(cd ~ && curl -fsSL https://tailscale.com/install.sh | sh) checkSuccess "Setting up Headscale" - result=$(sudo tailscale up --login-server https://$CFG_HEADSCALE_HOST --authkey $CFG_HEADSCALE_KEY --force-reauth) + result=$(runSystem tailscale up --login-server https://$CFG_HEADSCALE_HOST --authkey $CFG_HEADSCALE_KEY --force-reauth) checkSuccess "Connecting $app_name to $CFG_HEADSCALE_HOST Headscale Server" fi fi diff --git a/scripts/logs/installed_apps.sh b/scripts/logs/installed_apps.sh index d447992..f413551 100755 --- a/scripts/logs/installed_apps.sh +++ b/scripts/logs/installed_apps.sh @@ -31,7 +31,7 @@ viewLogs() ;; e) isNotice "Viewing libreportal.log:" - sudo $CFG_TEXT_EDITOR "$logs_dir/libreportal.log" + $CFG_TEXT_EDITOR "$logs_dir/libreportal.log" viewLogs; ;; x) diff --git a/scripts/webui/data/generators/apps/webui_config_patch.sh b/scripts/webui/data/generators/apps/webui_config_patch.sh index 2323f76..123d15d 100644 --- a/scripts/webui/data/generators/apps/webui_config_patch.sh +++ b/scripts/webui/data/generators/apps/webui_config_patch.sh @@ -58,7 +58,7 @@ webuiPatchAppConfigJson() { .apps |= map(if ((.command // "") | endswith(" " + $slug)) then .config = $cfg | .installed = $inst else . end) ' "$apps_json" > "$tmp" 2>/dev/null; then runFileWrite "$apps_json" < "$tmp"; rm -f "$tmp" - sudo chown "$docker_install_user:$docker_install_user" "$apps_json" 2>/dev/null || true + runFileOp chown "$docker_install_user:$docker_install_user" "$apps_json" 2>/dev/null || true return 0 fi rm -f "$tmp" diff --git a/scripts/webui/data/generators/system/webui_ssh_access.sh b/scripts/webui/data/generators/system/webui_ssh_access.sh index 656289b..2bb6a27 100644 --- a/scripts/webui/data/generators/system/webui_ssh_access.sh +++ b/scripts/webui/data/generators/system/webui_ssh_access.sh @@ -28,7 +28,7 @@ webuiGenerateSshAccess() fi local keys_json="[" first=true line type comment info fpr - if sudo test -f "$akf"; then + if runSystem test -f "$akf"; then while IFS= read -r line; do [[ -z "$line" || "$line" =~ ^[[:space:]]*# ]] && continue type=$(awk '{print $1}' <<< "$line") @@ -39,7 +39,7 @@ webuiGenerateSshAccess() $first || keys_json+="," first=false keys_json+="{\"type\":\"$(jsonEscape "$type")\",\"fingerprint\":\"$(jsonEscape "$fpr")\",\"comment\":\"$(jsonEscape "$comment")\"}" - done < <(sudo cat "$akf") + done < <(runSystem cat "$akf") fi keys_json+="]" diff --git a/scripts/webui/data/tasks/webui_task_files.sh b/scripts/webui/data/tasks/webui_task_files.sh index 218294c..a2ffb43 100755 --- a/scripts/webui/data/tasks/webui_task_files.sh +++ b/scripts/webui/data/tasks/webui_task_files.sh @@ -16,7 +16,7 @@ webuiEnsureTaskFiles() { if [ ! -f "$task_dir/queue.json" ]; then echo " Creating queue.json" createTouch "$task_dir/queue.json" $docker_install_user "silent" - local result=$(echo "[]" | sudo tee "$task_dir/queue.json" > /dev/null) + local result=$(echo "[]" | runFileWrite "$task_dir/queue.json" > /dev/null) checkSuccess "Created queue.json..." else echo " queue.json exists" @@ -26,7 +26,7 @@ webuiEnsureTaskFiles() { if [ ! -f "$task_dir/current.json" ]; then echo " Creating current.json" createTouch "$task_dir/current.json" $docker_install_user "silent" - local result=$(echo '{}' | sudo tee "$task_dir/current.json" > /dev/null) + local result=$(echo '{}' | runFileWrite "$task_dir/current.json" > /dev/null) checkSuccess "Created current.json..." else echo " current.json exists" diff --git a/scripts/webui/data/utils/webui_app_log.sh b/scripts/webui/data/utils/webui_app_log.sh index b9cd390..921fb63 100755 --- a/scripts/webui/data/utils/webui_app_log.sh +++ b/scripts/webui/data/utils/webui_app_log.sh @@ -19,7 +19,7 @@ webuiUpdateAppLog() # Create WebUI log file if it doesn't exist if [ ! -f "${log_file}" ]; then createTouch "$log_file" $sudo_user_name "silent" - echo "=== LibrePortal Installation Started at $(date) ===" | sudo tee "${log_file}" > /dev/null + echo "=== LibrePortal Installation Started at $(date) ===" | runFileWrite "${log_file}" > /dev/null fi elif [[ "$type" == "uninstall" ]]; then # Remove app log file diff --git a/scripts/webui/webui_install_systemd.sh b/scripts/webui/webui_install_systemd.sh index c40df9c..afc9073 100755 --- a/scripts/webui/webui_install_systemd.sh +++ b/scripts/webui/webui_install_systemd.sh @@ -67,7 +67,7 @@ EOF )" local current="" - [[ -f "$service_file" ]] && current="$(sudo cat "$service_file" 2>/dev/null)" + [[ -f "$service_file" ]] && current="$(runSystem cat "$service_file" 2>/dev/null)" if [[ "$desired" != "$current" ]]; then printf '%s\n' "$desired" | runSystem tee "$service_file" > /dev/null