fix(init): reclaim /home/<manager> from a stale uid (recycled or rename)

On installs that went through the EasyDocker rename (or any case where the
manager user's uid was recycled), /home/<manager> stays owned by the old uid
(useradd doesn't take over an existing home dir). Files inside, including
restic's ~/.cache/restic, become unreadable by the new manager → restic logs
"mkdir: permission denied" every backup. Non-fatal but slows them.

Same recycled-uid pattern as the cron-spool cleanup right above this block:
chown -R only when the directory's owner uid != the manager's current uid.
Idempotent — a fresh install or one that's already correct is a no-op.

Closes the EasyDocker-artifact item from the live-backups memory.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-05-26 14:26:26 +01:00
parent e219602518
commit 50415a8655

12
init.sh
View File

@ -838,6 +838,18 @@ initUsers()
isNotice "Removed a stale cron spool for $sudo_user_name (recycled uid)." isNotice "Removed a stale cron spool for $sudo_user_name (recycled uid)."
fi fi
sudo rm -f "$spool_dir/easydocker" sudo rm -f "$spool_dir/easydocker"
# /home/$sudo_user_name may be owned by a stale uid from a previous install
# (e.g. the EasyDocker rename): useradd doesn't reclaim an existing home dir,
# so files inside — incl. restic's cache dir under ~/.cache/restic — end up
# unreadable by the new manager. restic then logs `mkdir: permission denied`
# every backup (non-fatal but slows them). Same recycled-uid pattern as the
# cron spool above. Idempotent: no-op when ownership already matches.
if [[ -d "/home/$sudo_user_name" \
&& "$(stat -c %u "/home/$sudo_user_name" 2>/dev/null)" != "$mgr_uid" ]]; then
sudo chown -R "$sudo_user_name":"$sudo_user_name" "/home/$sudo_user_name"
isNotice "Reclaimed /home/$sudo_user_name from a stale uid (recycled or rename)."
fi
# Install-phase sudo: the heavy install runs AS this user (see the handoff in # Install-phase sudo: the heavy install runs AS this user (see the handoff in
# completeInitMessage) and needs BROAD root — useradd for the docker-install # completeInitMessage) and needs BROAD root — useradd for the docker-install
# user, rootless setup, apt, sysctl, etc. So grant a temporary validated # user, rootless setup, apt, sysctl, etc. So grant a temporary validated