refactor(desudo): drop runtime root from docker_run, sqlite guards, restores
- docker_run: in rooted mode run docker AS the manager via the docker group (no sudo); the type=='sudo' branch was unreachable dead code - 8 db helpers: fix 'command -v sudo sqlite3' guard to 'command -v sqlite3' (bodies already query via runInstallOp) - restic/kopia single-file dump: write target_file via runBackupOp tee (as the backup user, matching the snapshot-restore path) instead of root tee - adguard auth: root-owned scratch via runSystem mktemp Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
parent
f13a5bc548
commit
21afae2eff
@ -17,7 +17,7 @@ authAdapter_adguard_setPassword() {
|
||||
[[ -z "$bcrypt" ]] && { isError "bcrypt failed."; return 1; }
|
||||
|
||||
local tmp
|
||||
tmp=$(sudo mktemp)
|
||||
tmp=$(runSystem mktemp)
|
||||
if ! runSystem awk -v u="$user" -v pw="$bcrypt" '
|
||||
/^users:/ { in_users=1; print; next }
|
||||
in_users && /^[^[:space:]-]/ { in_users=0 }
|
||||
|
||||
@ -40,7 +40,7 @@ kopiaDumpFile()
|
||||
kopiaEnvExport "$idx" || return 1
|
||||
# `kopia show` writes the file contents from a snapshot to stdout.
|
||||
if [[ -n "$target_file" ]]; then
|
||||
runBackupOp kopia show "${snapshot_id}:${file_path}" | sudo tee "$target_file" >/dev/null
|
||||
runBackupOp kopia show "${snapshot_id}:${file_path}" | runBackupOp tee "$target_file" >/dev/null
|
||||
else
|
||||
runBackupOp kopia show "${snapshot_id}:${file_path}"
|
||||
fi
|
||||
|
||||
@ -10,7 +10,7 @@ resticDumpFile()
|
||||
resticEnvExport "$idx" || return 1
|
||||
|
||||
if [[ -n "$target_file" ]]; then
|
||||
runBackupOp restic dump "$snapshot_id" "$file_path" | sudo tee "$target_file" >/dev/null
|
||||
runBackupOp restic dump "$snapshot_id" "$file_path" | runBackupOp tee "$target_file" >/dev/null
|
||||
else
|
||||
runBackupOp restic dump "$snapshot_id" "$file_path"
|
||||
fi
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
databaseAppScan()
|
||||
{
|
||||
# Check if sqlite3 is available
|
||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
||||
if ! command -v sqlite3 &> /dev/null; then
|
||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||
fi
|
||||
|
||||
|
||||
@ -9,7 +9,7 @@ databaseListInstalledApp()
|
||||
isNotice "App name is required. Usage: databaseListInstalledApp <app_name>"
|
||||
else
|
||||
# Check if sqlite3 is available
|
||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
||||
if ! command -v sqlite3 &> /dev/null; then
|
||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||
else
|
||||
# Check if database file is available
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
databaseListInstalledApps()
|
||||
{
|
||||
# Check if sqlite3 is available
|
||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
||||
if ! command -v sqlite3 &> /dev/null; then
|
||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||
fi
|
||||
|
||||
|
||||
@ -5,7 +5,7 @@ databaseUninstallApp()
|
||||
local app_name="$1"
|
||||
|
||||
# Check if sqlite3 is available
|
||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
||||
if ! command -v sqlite3 &> /dev/null; then
|
||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||
fi
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
# Function to check if we should run the update
|
||||
checkIfOSUpdateShouldRun()
|
||||
{
|
||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
||||
if ! command -v sqlite3 &> /dev/null; then
|
||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||
elif [ ! -f "$docker_dir/$db_file" ]; then
|
||||
isNotice "Database file not found: $docker_dir/$db_file"
|
||||
|
||||
@ -11,7 +11,7 @@ databaseDisplayTables()
|
||||
|
||||
while true; do
|
||||
# Check if sqlite3 is available
|
||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
||||
if ! command -v sqlite3 &> /dev/null; then
|
||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||
fi
|
||||
|
||||
|
||||
@ -6,7 +6,7 @@ databaseEmptyTable()
|
||||
isHeader "Empty Database Table"
|
||||
|
||||
# Check if sqlite3 is available
|
||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
||||
if ! command -v sqlite3 &> /dev/null; then
|
||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||
fi
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ dockerCheckAppInstalled()
|
||||
package_status="not_installed"
|
||||
fi
|
||||
elif [ "$flag" = "docker" ]; then
|
||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
||||
if ! command -v sqlite3 &> /dev/null; then
|
||||
package_status="not_installed"
|
||||
elif [ ! -f "$docker_dir/$db_file" ]; then
|
||||
package_status="not_installed"
|
||||
|
||||
@ -1,17 +1,16 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Run a docker command-line string in the right context for the install mode.
|
||||
# rootless -> as the docker install user (owns the rootless daemon + socket)
|
||||
# rooted -> as the manager (in the docker group, talks to the root socket
|
||||
# directly — no sudo)
|
||||
dockerCommandRun()
|
||||
{
|
||||
local command="$1"
|
||||
local type="$2" # sudo
|
||||
|
||||
if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
|
||||
dockerCommandRunInstallUser "$command"
|
||||
elif [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then
|
||||
if [[ $type == "sudo" ]]; then
|
||||
sudo bash -c "$command"
|
||||
else
|
||||
bash -c "$command"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
@ -153,7 +153,7 @@ databaseSSHScanForKeys()
|
||||
local ssh_directory="$ssh_dir$CFG_DOCKER_MANAGER_USER"
|
||||
|
||||
# Check if sqlite3 is available
|
||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
||||
if ! command -v sqlite3 &> /dev/null; then
|
||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||
fi
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user