From 21afae2eff4b400ba95415d6bab39704dbf14305 Mon Sep 17 00:00:00 2001 From: librelad Date: Sun, 24 May 2026 18:03:36 +0100 Subject: [PATCH] refactor(desudo): drop runtime root from docker_run, sqlite guards, restores - docker_run: in rooted mode run docker AS the manager via the docker group (no sudo); the type=='sudo' branch was unreachable dead code - 8 db helpers: fix 'command -v sudo sqlite3' guard to 'command -v sqlite3' (bodies already query via runInstallOp) - restic/kopia single-file dump: write target_file via runBackupOp tee (as the backup user, matching the snapshot-restore path) instead of root tee - adguard auth: root-owned scratch via runSystem mktemp Co-Authored-By: Claude Opus 4.7 Signed-off-by: librelad --- scripts/app/containers/adguard/adguard_auth.sh | 2 +- scripts/backup/engine/kopia_restore.sh | 2 +- scripts/backup/engine/restic_dump.sh | 2 +- scripts/database/app/db_app_scan.sh | 2 +- scripts/database/app/db_list_installed_app.sh | 2 +- scripts/database/app/db_list_installed_apps.sh | 2 +- scripts/database/app/db_uninstall_app.sh | 2 +- scripts/database/check_os_update.sh | 2 +- scripts/database/tables/db_display_tables.sh | 2 +- scripts/database/tables/db_empty_table.sh | 2 +- scripts/docker/app/checks/app_installed.sh | 2 +- scripts/docker/command/docker_run.sh | 13 ++++++------- scripts/unused/ssh_manager.sh | 2 +- 13 files changed, 18 insertions(+), 19 deletions(-) diff --git a/scripts/app/containers/adguard/adguard_auth.sh b/scripts/app/containers/adguard/adguard_auth.sh index 274f45e..6cbaf27 100644 --- a/scripts/app/containers/adguard/adguard_auth.sh +++ b/scripts/app/containers/adguard/adguard_auth.sh @@ -17,7 +17,7 @@ authAdapter_adguard_setPassword() { [[ -z "$bcrypt" ]] && { isError "bcrypt failed."; return 1; } local tmp - tmp=$(sudo mktemp) + tmp=$(runSystem mktemp) if ! runSystem awk -v u="$user" -v pw="$bcrypt" ' /^users:/ { in_users=1; print; next } in_users && /^[^[:space:]-]/ { in_users=0 } diff --git a/scripts/backup/engine/kopia_restore.sh b/scripts/backup/engine/kopia_restore.sh index f4616db..0eca47a 100644 --- a/scripts/backup/engine/kopia_restore.sh +++ b/scripts/backup/engine/kopia_restore.sh @@ -40,7 +40,7 @@ kopiaDumpFile() kopiaEnvExport "$idx" || return 1 # `kopia show` writes the file contents from a snapshot to stdout. if [[ -n "$target_file" ]]; then - runBackupOp kopia show "${snapshot_id}:${file_path}" | sudo tee "$target_file" >/dev/null + runBackupOp kopia show "${snapshot_id}:${file_path}" | runBackupOp tee "$target_file" >/dev/null else runBackupOp kopia show "${snapshot_id}:${file_path}" fi diff --git a/scripts/backup/engine/restic_dump.sh b/scripts/backup/engine/restic_dump.sh index 92948ca..ec2d8d8 100644 --- a/scripts/backup/engine/restic_dump.sh +++ b/scripts/backup/engine/restic_dump.sh @@ -10,7 +10,7 @@ resticDumpFile() resticEnvExport "$idx" || return 1 if [[ -n "$target_file" ]]; then - runBackupOp restic dump "$snapshot_id" "$file_path" | sudo tee "$target_file" >/dev/null + runBackupOp restic dump "$snapshot_id" "$file_path" | runBackupOp tee "$target_file" >/dev/null else runBackupOp restic dump "$snapshot_id" "$file_path" fi diff --git a/scripts/database/app/db_app_scan.sh b/scripts/database/app/db_app_scan.sh index cacd16a..c1fe51a 100755 --- a/scripts/database/app/db_app_scan.sh +++ b/scripts/database/app/db_app_scan.sh @@ -3,7 +3,7 @@ databaseAppScan() { # Check if sqlite3 is available - if ! command -v sudo sqlite3 &> /dev/null; then + if ! command -v sqlite3 &> /dev/null; then isNotice "sqlite3 command not found. Make sure it's installed." fi diff --git a/scripts/database/app/db_list_installed_app.sh b/scripts/database/app/db_list_installed_app.sh index d270eb2..5ef20c8 100755 --- a/scripts/database/app/db_list_installed_app.sh +++ b/scripts/database/app/db_list_installed_app.sh @@ -9,7 +9,7 @@ databaseListInstalledApp() isNotice "App name is required. Usage: databaseListInstalledApp " else # Check if sqlite3 is available - if ! command -v sudo sqlite3 &> /dev/null; then + if ! command -v sqlite3 &> /dev/null; then isNotice "sqlite3 command not found. Make sure it's installed." else # Check if database file is available diff --git a/scripts/database/app/db_list_installed_apps.sh b/scripts/database/app/db_list_installed_apps.sh index 803b84a..11b872d 100755 --- a/scripts/database/app/db_list_installed_apps.sh +++ b/scripts/database/app/db_list_installed_apps.sh @@ -3,7 +3,7 @@ databaseListInstalledApps() { # Check if sqlite3 is available - if ! command -v sudo sqlite3 &> /dev/null; then + if ! command -v sqlite3 &> /dev/null; then isNotice "sqlite3 command not found. Make sure it's installed." fi diff --git a/scripts/database/app/db_uninstall_app.sh b/scripts/database/app/db_uninstall_app.sh index f95e40a..1766a86 100755 --- a/scripts/database/app/db_uninstall_app.sh +++ b/scripts/database/app/db_uninstall_app.sh @@ -5,7 +5,7 @@ databaseUninstallApp() local app_name="$1" # Check if sqlite3 is available - if ! command -v sudo sqlite3 &> /dev/null; then + if ! command -v sqlite3 &> /dev/null; then isNotice "sqlite3 command not found. Make sure it's installed." fi diff --git a/scripts/database/check_os_update.sh b/scripts/database/check_os_update.sh index df20f23..8256d6d 100755 --- a/scripts/database/check_os_update.sh +++ b/scripts/database/check_os_update.sh @@ -3,7 +3,7 @@ # Function to check if we should run the update checkIfOSUpdateShouldRun() { - if ! command -v sudo sqlite3 &> /dev/null; then + if ! command -v sqlite3 &> /dev/null; then isNotice "sqlite3 command not found. Make sure it's installed." elif [ ! -f "$docker_dir/$db_file" ]; then isNotice "Database file not found: $docker_dir/$db_file" diff --git a/scripts/database/tables/db_display_tables.sh b/scripts/database/tables/db_display_tables.sh index a6e6f4c..22dfbb1 100755 --- a/scripts/database/tables/db_display_tables.sh +++ b/scripts/database/tables/db_display_tables.sh @@ -11,7 +11,7 @@ databaseDisplayTables() while true; do # Check if sqlite3 is available - if ! command -v sudo sqlite3 &> /dev/null; then + if ! command -v sqlite3 &> /dev/null; then isNotice "sqlite3 command not found. Make sure it's installed." fi diff --git a/scripts/database/tables/db_empty_table.sh b/scripts/database/tables/db_empty_table.sh index d7b26b0..8814a00 100755 --- a/scripts/database/tables/db_empty_table.sh +++ b/scripts/database/tables/db_empty_table.sh @@ -6,7 +6,7 @@ databaseEmptyTable() isHeader "Empty Database Table" # Check if sqlite3 is available - if ! command -v sudo sqlite3 &> /dev/null; then + if ! command -v sqlite3 &> /dev/null; then isNotice "sqlite3 command not found. Make sure it's installed." fi diff --git a/scripts/docker/app/checks/app_installed.sh b/scripts/docker/app/checks/app_installed.sh index 564afc0..b3b570b 100755 --- a/scripts/docker/app/checks/app_installed.sh +++ b/scripts/docker/app/checks/app_installed.sh @@ -19,7 +19,7 @@ dockerCheckAppInstalled() package_status="not_installed" fi elif [ "$flag" = "docker" ]; then - if ! command -v sudo sqlite3 &> /dev/null; then + if ! command -v sqlite3 &> /dev/null; then package_status="not_installed" elif [ ! -f "$docker_dir/$db_file" ]; then package_status="not_installed" diff --git a/scripts/docker/command/docker_run.sh b/scripts/docker/command/docker_run.sh index face706..215f931 100755 --- a/scripts/docker/command/docker_run.sh +++ b/scripts/docker/command/docker_run.sh @@ -1,17 +1,16 @@ #!/bin/bash -dockerCommandRun() +# Run a docker command-line string in the right context for the install mode. +# rootless -> as the docker install user (owns the rootless daemon + socket) +# rooted -> as the manager (in the docker group, talks to the root socket +# directly — no sudo) +dockerCommandRun() { local command="$1" - local type="$2" # sudo if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then dockerCommandRunInstallUser "$command" elif [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then - if [[ $type == "sudo" ]]; then - sudo bash -c "$command" - else - bash -c "$command" - fi + bash -c "$command" fi } diff --git a/scripts/unused/ssh_manager.sh b/scripts/unused/ssh_manager.sh index b18d650..e6f9581 100755 --- a/scripts/unused/ssh_manager.sh +++ b/scripts/unused/ssh_manager.sh @@ -153,7 +153,7 @@ databaseSSHScanForKeys() local ssh_directory="$ssh_dir$CFG_DOCKER_MANAGER_USER" # Check if sqlite3 is available - if ! command -v sudo sqlite3 &> /dev/null; then + if ! command -v sqlite3 &> /dev/null; then isNotice "sqlite3 command not found. Make sure it's installed." fi