refactor(desudo): route scattered runtime sudo through privilege helpers

Convert the remaining ad-hoc 'sudo' calls across the data plane to the
run_privileged helpers so every file op lands as the correct owner with
no blanket root:

- DB/configs (manager-owned): db_list_all_apps, delete_db_file,
  install_sqlite, cli_webui_commands -> runInstallOp
- containers (dockerinstall-owned): scan_container_socket, delete_data,
  webui_task_files, webui_app_log, webui_config_patch,
  application_missing_variables, uninstall_app -> runFileOp/runFileWrite
- genuine root: passwd, tailscale, ufw-docker, sysctl grep, systemd
  unit read, authorized_keys read, nobody chown -> runSystem
- interactive editors and 'id -u': drop sudo entirely (run as caller)
- owncloud/adguard container-UID config edits -> runSystem (funnel;
  docker-exec rework deferred)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-05-24 18:00:19 +01:00
parent fb87d0e687
commit 8b14f26125
26 changed files with 53 additions and 53 deletions

View File

@ -33,7 +33,7 @@ appUpdateSpecifics()
# under its mounted data dir; fixPermissionsBeforeStart hands the dir to # under its mounted data dir; fixPermissionsBeforeStart hands the dir to
# the install user, so give it to 65534 here or the server can't open # the install user, so give it to 65534 here or the server can't open
# the database. Restart so it picks the dir up. # the database. Restart so it picks the dir up.
sudo chown -R 65534:65534 "$containers_dir$app_name/data"; runSystem chown -R 65534:65534 "$containers_dir$app_name/data";
shouldrestart="true"; shouldrestart="true";
fi fi

View File

@ -18,7 +18,7 @@ authAdapter_adguard_setPassword() {
local tmp local tmp
tmp=$(sudo mktemp) tmp=$(sudo mktemp)
if ! sudo awk -v u="$user" -v pw="$bcrypt" ' if ! runSystem awk -v u="$user" -v pw="$bcrypt" '
/^users:/ { in_users=1; print; next } /^users:/ { in_users=1; print; next }
in_users && /^[^[:space:]-]/ { in_users=0 } in_users && /^[^[:space:]-]/ { in_users=0 }
in_users && /^[[:space:]]+name:/ && !done_user { in_users && /^[[:space:]]+name:/ && !done_user {
@ -29,13 +29,13 @@ authAdapter_adguard_setPassword() {
} }
{ print } { print }
END { exit (done_pw ? 0 : 1) } END { exit (done_pw ? 0 : 1) }
' "$yaml" | sudo tee "$tmp" >/dev/null; then ' "$yaml" | runSystem tee "$tmp" >/dev/null; then
sudo rm -f "$tmp" runSystem rm -f "$tmp"
isError "AdGuardHome.yaml does not contain a 'users:' password line." isError "AdGuardHome.yaml does not contain a 'users:' password line."
return 1 return 1
fi fi
sudo cp "$tmp" "$yaml" runSystem cp "$tmp" "$yaml"
sudo rm -f "$tmp" runSystem rm -f "$tmp"
authPersistCfg adguard ADMIN_USER "$user" authPersistCfg adguard ADMIN_USER "$user"
authPersistCfg adguard ADMIN_PASSWORD "$password" authPersistCfg adguard ADMIN_PASSWORD "$password"

View File

@ -19,7 +19,7 @@ appOwnCloudSetupConfig()
local owncloud_wait_time=5 # seconds local owncloud_wait_time=5 # seconds
# Remove the temporary folder in /tmp # Remove the temporary folder in /tmp
result=$(sudo rm -rf "$owncloud_config") result=$(runSystem rm -rf "$owncloud_config")
checkSuccess "Removed default config.php" checkSuccess "Removed default config.php"
# Check when owncloud is setup. # Check when owncloud is setup.
@ -51,40 +51,40 @@ appOwnCloudSetupConfig()
# Backups and Creation of config files # Backups and Creation of config files
# Copy the original config.php to the temporary file # Copy the original config.php to the temporary file
# Create a temporary folder in /tmp # Create a temporary folder in /tmp
result=$(sudo mkdir -p "$tmp_folder") result=$(runSystem mkdir -p "$tmp_folder")
checkSuccess "Created temporary folder: $tmp_folder" checkSuccess "Created temporary folder: $tmp_folder"
# Backups and Creation of config files # Backups and Creation of config files
# Copy the original config.php to the temporary file in /tmp # Copy the original config.php to the temporary file in /tmp
result=$(sudo cp "$owncloud_config" "$tmp_folder/config.php.tmp") result=$(runSystem cp "$owncloud_config" "$tmp_folder/config.php.tmp")
checkSuccess "Copy the original config.php contents to the temporary file" checkSuccess "Copy the original config.php contents to the temporary file"
result=$(sudo cp "$owncloud_config" "$owncloud_config_folder/config.php.backup") result=$(runSystem cp "$owncloud_config" "$owncloud_config_folder/config.php.backup")
checkSuccess "Backing up the original config.php file" checkSuccess "Backing up the original config.php file"
local result=$(sudo chmod -R 777 "$tmp_folder") local result=$(runSystem chmod -R 777 "$tmp_folder")
checkSuccess "Set permissions to for temp folder & files." checkSuccess "Set permissions to for temp folder & files."
local result=$(sudo chown -R $docker_install_user:$docker_install_user "$tmp_folder") local result=$(runSystem chown -R $docker_install_user:$docker_install_user "$tmp_folder")
checkSuccess "Updating ownership on temp folder to $docker_install_user" checkSuccess "Updating ownership on temp folder to $docker_install_user"
# Create another temporary file for awk output # Create another temporary file for awk output
local tmp_awk_output="$tmp_folder/config_awk_output.tmp" local tmp_awk_output="$tmp_folder/config_awk_output.tmp"
# Use awk to delete lines for 'trusted_domains' from the temporary file # Use awk to delete lines for 'trusted_domains' from the temporary file
result=$(sudo awk '/'"'trusted_domains'"'/,/\),/{next} {print}' "$tmp_folder/config.php.tmp" > "$tmp_awk_output") result=$(runSystem awk '/'"'trusted_domains'"'/,/\),/{next} {print}' "$tmp_folder/config.php.tmp" > "$tmp_awk_output")
checkSuccess "Use awk to delete lines for 'trusted_domains' from the temporary file" checkSuccess "Use awk to delete lines for 'trusted_domains' from the temporary file"
# Remove the line containing 'overwrite.cli.url' # Remove the line containing 'overwrite.cli.url'
result=$(sudo sed -i '/overwrite\.cli\.url/d' "$tmp_awk_output") result=$(runSystem sed -i '/overwrite\.cli\.url/d' "$tmp_awk_output")
checkSuccess "Remove line containing 'overwrite.cli.url'" checkSuccess "Remove line containing 'overwrite.cli.url'"
# Remove the existing ');' from the end of the file # Remove the existing ');' from the end of the file
result=$(sudo sed -i '$s/);//' "$tmp_awk_output") result=$(runSystem sed -i '$s/);//' "$tmp_awk_output")
checkSuccess "Remove ');' from the end of the file" checkSuccess "Remove ');' from the end of the file"
# Remove empty lines from the temporary file # Remove empty lines from the temporary file
result=$(sudo sed -i '/^ *$/d' "$tmp_awk_output") result=$(runSystem sed -i '/^ *$/d' "$tmp_awk_output")
checkSuccess "Remove empty lines from the temporary file" checkSuccess "Remove empty lines from the temporary file"
if [[ $public == "true" ]]; then if [[ $public == "true" ]]; then
@ -117,14 +117,14 @@ fi
# Update permissions # Update permissions
# Move the modified temporary file back to the original location # Move the modified temporary file back to the original location
result=$(sudo mv "$tmp_awk_output" "$owncloud_config") result=$(runSystem mv "$tmp_awk_output" "$owncloud_config")
checkSuccess "Overwrite the original config.php with the updated content" checkSuccess "Overwrite the original config.php with the updated content"
result=$(sudo chown 165568:$docker_install_user $owncloud_config) result=$(runSystem chown 165568:$docker_install_user $owncloud_config)
checkSuccess "Update permissions of ownCloud config to reflect container needs." checkSuccess "Update permissions of ownCloud config to reflect container needs."
# Remove the temporary folder in /tmp # Remove the temporary folder in /tmp
result=$(sudo rm -rf "$tmp_folder") result=$(runSystem rm -rf "$tmp_folder")
checkSuccess "Removed temporary folder: $tmp_folder" checkSuccess "Removed temporary folder: $tmp_folder"
else else
isError "Container is not healthy. Setup seems to have failed." isError "Container is not healthy. Setup seems to have failed."

View File

@ -4,7 +4,7 @@ checkDockerRootlessRequirement()
{ {
if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
### Docker Rootless ### Docker Rootless
if sudo grep -q "ROOTLESS" $sysctl; then if runSystem grep -q "ROOTLESS" $sysctl; then
isSuccessful "Docker Rootless appears to be installed." isSuccessful "Docker Rootless appears to be installed."
else else
isNotice "Docker Rootless does not appear to be installed." isNotice "Docker Rootless does not appear to be installed."

View File

@ -22,7 +22,7 @@ checkInstallTypeRequirement()
if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then if [[ "$OS_TYPE" == "Ubuntu" || "$OS_TYPE" == "Debian" ]]; then
ISCOMP=$( (docker compose -v ) 2>&1 ) ISCOMP=$( (docker compose -v ) 2>&1 )
ISUFW=$( (runSystem ufw status ) 2>&1 ) ISUFW=$( (runSystem ufw status ) 2>&1 )
ISUFWD=$( (sudo ufw-docker) 2>&1 ) ISUFWD=$( (runSystem ufw-docker) 2>&1 )
resolveDockerInstallUser resolveDockerInstallUser
@ -31,7 +31,7 @@ checkInstallTypeRequirement()
ISACT=$( (runSystem systemctl is-active docker ) 2>&1 ) ISACT=$( (runSystem systemctl is-active docker ) 2>&1 )
elif [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then elif [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
# Used for checking the rootless user # Used for checking the rootless user
local ISUSER=$( (sudo id -u "$CFG_DOCKER_INSTALL_USER")) local ISUSER=$( (id -u "$CFG_DOCKER_INSTALL_USER"))
if [[ "$ISUSER" == *"no such user"* ]]; then if [[ "$ISUSER" == *"no such user"* ]]; then
ISACT=$(command -v docker &> /dev/null) ISACT=$(command -v docker &> /dev/null)
fi fi

View File

@ -78,8 +78,8 @@ cliWebuiLoginReset()
# Restore placeholders so the scan re-randomizes them # Restore placeholders so the scan re-randomizes them
if [ -f "$webui_logins_file" ]; then if [ -f "$webui_logins_file" ]; then
sudo sed -i -E 's/^(CFG_WEBUI_USERNAME=).*$/\1RANDOMIZEDUSERNAME1/' "$webui_logins_file" runInstallOp sed -i -E 's/^(CFG_WEBUI_USERNAME=).*$/\1RANDOMIZEDUSERNAME1/' "$webui_logins_file"
sudo sed -i -E 's/^(CFG_WEBUI_PASSWORD=).*$/\1RANDOMIZEDPASSWORD1/' "$webui_logins_file" runInstallOp sed -i -E 's/^(CFG_WEBUI_PASSWORD=).*$/\1RANDOMIZEDPASSWORD1/' "$webui_logins_file"
fi fi
# Remove auth file to force credential regeneration on next container start # Remove auth file to force credential regeneration on next container start

View File

@ -22,7 +22,7 @@ editAppConfig()
local original_checksum=$(md5sum "$config_file") local original_checksum=$(md5sum "$config_file")
# Open the file with $CFG_TEXT_EDITOR for editing # Open the file with $CFG_TEXT_EDITOR for editing
sudo $CFG_TEXT_EDITOR "$config_file" $CFG_TEXT_EDITOR "$config_file"
# Calculate the checksum of the edited file # Calculate the checksum of the edited file
local edited_checksum=$(md5sum "$config_file") local edited_checksum=$(md5sum "$config_file")

View File

@ -50,7 +50,7 @@ viewAppConfigs()
local config_file="$containers_dir/${selected_app}/${selected_app}.config" local config_file="$containers_dir/${selected_app}/${selected_app}.config"
if [ -f "$config_file" ]; then if [ -f "$config_file" ]; then
sudo $CFG_TEXT_EDITOR "$config_file" $CFG_TEXT_EDITOR "$config_file"
createTouch "$config_file" $sudo_user_name createTouch "$config_file" $sudo_user_name
echo "" echo ""
isNotice "Configuration file for '$selected_app' has been updated." isNotice "Configuration file for '$selected_app' has been updated."

View File

@ -9,7 +9,7 @@ checkApplicationsConfigFilesMissingVariables()
app=$(basename "$live" .config) app=$(basename "$live" .config)
remote="$install_containers_dir$app/$app.config" remote="$install_containers_dir$app/$app.config"
reconcileConfigFile "$live" "$remote" reconcileConfigFile "$live" "$remote"
done < <(sudo find "$containers_dir" -maxdepth 2 -type f -name '*.config' ! -name '*.bak') done < <(runFileOp find "$containers_dir" -maxdepth 2 -type f -name '*.config' ! -name '*.bak')
isSuccessful "Application config reconciliation completed." isSuccessful "Application config reconciliation completed."
} }

View File

@ -51,7 +51,7 @@ viewLibrePortalConfigs()
# Check if the specific config matches either the display name or config name # Check if the specific config matches either the display name or config name
if [[ "$display_name" == "$specific_config" ]] || [[ "$config_name" == "$specific_config" ]]; then if [[ "$display_name" == "$specific_config" ]] || [[ "$config_name" == "$specific_config" ]]; then
sudo $CFG_TEXT_EDITOR "${config_files[i]}" $CFG_TEXT_EDITOR "${config_files[i]}"
createTouch "${config_files[i]}" $sudo_user_name createTouch "${config_files[i]}" $sudo_user_name
echo "" echo ""
isNotice "Configuration file '$display_name' has been updated." isNotice "Configuration file '$display_name' has been updated."
@ -109,7 +109,7 @@ viewLibrePortalConfigs()
local selected_file="${config_files[index]}" local selected_file="${config_files[index]}"
local selected_display_name="${config_display_names[index]}" local selected_display_name="${config_display_names[index]}"
sudo $CFG_TEXT_EDITOR "$selected_file" $CFG_TEXT_EDITOR "$selected_file"
createTouch "$selected_file" $sudo_user_name createTouch "$selected_file" $sudo_user_name
config_timestamps["$selected_display_name"]=$(stat -c "%y" "$selected_file") config_timestamps["$selected_display_name"]=$(stat -c "%y" "$selected_file")

View File

@ -84,7 +84,7 @@ viewComposeFiles()
local index=$((file_number - 1)) local index=$((file_number - 1))
if ((index >= 0 && index < ${#selected_compose_files[@]})); then if ((index >= 0 && index < ${#selected_compose_files[@]})); then
local selected_file="${selected_compose_files[index]}" local selected_file="${selected_compose_files[index]}"
sudo $CFG_TEXT_EDITOR "$selected_file" $CFG_TEXT_EDITOR "$selected_file"
fi fi
done done

View File

@ -5,7 +5,7 @@ databaseListAllApps()
if [[ "$toollistallapps" == [yY] ]]; then if [[ "$toollistallapps" == [yY] ]]; then
# Check if sqlite3 is available # Check if sqlite3 is available
if ! command -v sudo sqlite3 &> /dev/null; then if ! command -v runInstallOp sqlite3 &> /dev/null; then
isNotice "sqlite3 command not found. Make sure it's installed." isNotice "sqlite3 command not found. Make sure it's installed."
fi fi
@ -17,7 +17,7 @@ databaseListAllApps()
isHeader "Listing full apps database" isHeader "Listing full apps database"
# Execute the SQLite query and store the output in a variable # Execute the SQLite query and store the output in a variable
local output=$(sudo sqlite3 -header -column $docker_dir/$db_file "SELECT * FROM apps;") local output=$(runInstallOp sqlite3 -header -column $docker_dir/$db_file "SELECT * FROM apps;")
# Count the number of non-header lines (data rows) in the 'output' # Count the number of non-header lines (data rows) in the 'output'
local num_data_rows=$(echo "$output" | grep -v '^name[[:space:]]|') local num_data_rows=$(echo "$output" | grep -v '^name[[:space:]]|')

View File

@ -3,7 +3,7 @@
databaseRemoveFile() databaseRemoveFile()
{ {
if [[ "$tooldeletedb" == [yY] ]]; then if [[ "$tooldeletedb" == [yY] ]]; then
local result=$(sudo rm $docker_dir/$db_file) local result=$(runInstallOp rm $docker_dir/$db_file)
checkSuccess "Removing $db_file file" checkSuccess "Removing $db_file file"
fi fi
} }

View File

@ -10,10 +10,10 @@ installSQLiteDatabase()
# Create SQLite database file # Create SQLite database file
if [ ! -e "$docker_dir/$db_file" ]; then if [ ! -e "$docker_dir/$db_file" ]; then
local result=$(sudo touch $docker_dir/$db_file) local result=$(runInstallOp touch $docker_dir/$db_file)
checkSuccess "Creating SQLite $db_file file" checkSuccess "Creating SQLite $db_file file"
local result=$(sudo chmod 755 $docker_dir/$db_file && sudo chown $sudo_user_name $docker_dir/$db_file) local result=$(runInstallOp chmod 755 $docker_dir/$db_file)
checkSuccess "Changing permissions for SQLite $db_file file" checkSuccess "Changing permissions for SQLite $db_file file"
fi fi

View File

@ -7,7 +7,7 @@ dockerDeleteData()
if [[ "$app_name" == "" ]]; then if [[ "$app_name" == "" ]]; then
isError "No app_name provided, unable to continue..." isError "No app_name provided, unable to continue..."
else else
local result=$(sudo rm -rf $containers_dir$app_name) local result=$(runFileOp rm -rf $containers_dir$app_name)
checkSuccess "Deleting $app_name install folder" checkSuccess "Deleting $app_name install folder"
fi fi

View File

@ -98,12 +98,12 @@ dockerUninstallApp()
[[ ! -f "$_tf" ]] && continue [[ ! -f "$_tf" ]] && continue
# Skip in-flight tasks — that includes the uninstall task # Skip in-flight tasks — that includes the uninstall task
# we're currently inside, plus anything queued or running. # we're currently inside, plus anything queued or running.
if sudo grep -qE "\"status\"[[:space:]]*:[[:space:]]*\"(running|queued|pending)\"" "$_tf" 2>/dev/null; then if runFileOp grep -qE "\"status\"[[:space:]]*:[[:space:]]*\"(running|queued|pending)\"" "$_tf" 2>/dev/null; then
continue continue
fi fi
if sudo grep -q "\"app\"[[:space:]]*:[[:space:]]*\"${stored_app_name}\"" "$_tf" 2>/dev/null; then if runFileOp grep -q "\"app\"[[:space:]]*:[[:space:]]*\"${stored_app_name}\"" "$_tf" 2>/dev/null; then
local _id=$(basename "$_tf" .json) local _id=$(basename "$_tf" .json)
sudo rm -f "$_tf" "$_tasks_dir/${_id}.log" "$_tasks_dir/${_id}.cancel" 2>/dev/null runFileOp rm -f "$_tf" "$_tasks_dir/${_id}.log" "$_tasks_dir/${_id}.cancel" 2>/dev/null
_removed=$((_removed + 1)) _removed=$((_removed + 1))
fi fi
done done

View File

@ -16,12 +16,12 @@ dockerSwitcherScanContainersForSocket()
fi fi
isSuccessful "Found Docker socket to change in file: $file" isSuccessful "Found Docker socket to change in file: $file"
if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
local result=$(sudo sed -i \ local result=$(runFileOp sed -i \
-e "/#SOCKETHERE/s|.*| - /run/user/${docker_install_user_id}/docker.sock:/run/user/${docker_install_user_id}/docker.sock:ro #SOCKETHERE|" \ -e "/#SOCKETHERE/s|.*| - /run/user/${docker_install_user_id}/docker.sock:/run/user/${docker_install_user_id}/docker.sock:ro #SOCKETHERE|" \
"$file") "$file")
checkSuccess "Updating docker socket for $app_name" checkSuccess "Updating docker socket for $app_name"
elif [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then elif [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then
local result=$(sudo sed -i \ local result=$(runFileOp sed -i \
-e "/#SOCKETHERE/s|.*| - $docker_rooted_socket:$docker_rooted_socket:ro #SOCKETHERE|" \ -e "/#SOCKETHERE/s|.*| - $docker_rooted_socket:$docker_rooted_socket:ro #SOCKETHERE|" \
"$file") "$file")
checkSuccess "Updating docker socket for $app_name" checkSuccess "Updating docker socket for $app_name"

View File

@ -2,6 +2,6 @@
updateDockerSudoPassword() updateDockerSudoPassword()
{ {
local result=$(echo -e "$CFG_LIBREPORTAL_USER_PASS\n$CFG_LIBREPORTAL_USER_PASS" | sudo passwd "$sudo_user_name" > /dev/null 2>&1) local result=$(echo -e "$CFG_LIBREPORTAL_USER_PASS\n$CFG_LIBREPORTAL_USER_PASS" | runSystem passwd "$sudo_user_name" > /dev/null 2>&1)
checkSuccess "Updating the password for the $sudo_user_name user" checkSuccess "Updating the password for the $sudo_user_name user"
} }

View File

@ -2,6 +2,6 @@
updateDockerInstallPassword() updateDockerInstallPassword()
{ {
local result=$(echo -e "$CFG_DOCKER_INSTALL_PASS\n$CFG_DOCKER_INSTALL_PASS" | sudo passwd "$CFG_DOCKER_INSTALL_USER" > /dev/null 2>&1) local result=$(echo -e "$CFG_DOCKER_INSTALL_PASS\n$CFG_DOCKER_INSTALL_PASS" | runSystem passwd "$CFG_DOCKER_INSTALL_USER" > /dev/null 2>&1)
checkSuccess "Updating the password for the $CFG_DOCKER_INSTALL_USER user" checkSuccess "Updating the password for the $CFG_DOCKER_INSTALL_USER user"
} }

View File

@ -13,7 +13,7 @@ setupHeadscaleLocalhost()
setupHeadscaleGenerateAuthKey; setupHeadscaleGenerateAuthKey;
result=$(sudo tailscale up --login-server $headscale_live_hostname --authkey $headscale_preauthkey --force-reauth) result=$(runSystem tailscale up --login-server $headscale_live_hostname --authkey $headscale_preauthkey --force-reauth)
checkSuccess "Connecting $app_name to Headscale Server" checkSuccess "Connecting $app_name to Headscale Server"
result=$(rm -rf $headscale_preauthkey_file) result=$(rm -rf $headscale_preauthkey_file)
@ -32,7 +32,7 @@ setupHeadscaleLocalhost()
result=$(cd ~ && curl -fsSL https://tailscale.com/install.sh | sh) result=$(cd ~ && curl -fsSL https://tailscale.com/install.sh | sh)
checkSuccess "Setting up Headscale" checkSuccess "Setting up Headscale"
result=$(sudo tailscale up --login-server https://$CFG_HEADSCALE_HOST --authkey $CFG_HEADSCALE_KEY --force-reauth) result=$(runSystem tailscale up --login-server https://$CFG_HEADSCALE_HOST --authkey $CFG_HEADSCALE_KEY --force-reauth)
checkSuccess "Connecting $app_name to $CFG_HEADSCALE_HOST Headscale Server" checkSuccess "Connecting $app_name to $CFG_HEADSCALE_HOST Headscale Server"
fi fi
fi fi

View File

@ -31,7 +31,7 @@ viewLogs()
;; ;;
e) e)
isNotice "Viewing libreportal.log:" isNotice "Viewing libreportal.log:"
sudo $CFG_TEXT_EDITOR "$logs_dir/libreportal.log" $CFG_TEXT_EDITOR "$logs_dir/libreportal.log"
viewLogs; viewLogs;
;; ;;
x) x)

View File

@ -58,7 +58,7 @@ webuiPatchAppConfigJson() {
.apps |= map(if ((.command // "") | endswith(" " + $slug)) then .config = $cfg | .installed = $inst else . end) .apps |= map(if ((.command // "") | endswith(" " + $slug)) then .config = $cfg | .installed = $inst else . end)
' "$apps_json" > "$tmp" 2>/dev/null; then ' "$apps_json" > "$tmp" 2>/dev/null; then
runFileWrite "$apps_json" < "$tmp"; rm -f "$tmp" runFileWrite "$apps_json" < "$tmp"; rm -f "$tmp"
sudo chown "$docker_install_user:$docker_install_user" "$apps_json" 2>/dev/null || true runFileOp chown "$docker_install_user:$docker_install_user" "$apps_json" 2>/dev/null || true
return 0 return 0
fi fi
rm -f "$tmp" rm -f "$tmp"

View File

@ -28,7 +28,7 @@ webuiGenerateSshAccess()
fi fi
local keys_json="[" first=true line type comment info fpr local keys_json="[" first=true line type comment info fpr
if sudo test -f "$akf"; then if runSystem test -f "$akf"; then
while IFS= read -r line; do while IFS= read -r line; do
[[ -z "$line" || "$line" =~ ^[[:space:]]*# ]] && continue [[ -z "$line" || "$line" =~ ^[[:space:]]*# ]] && continue
type=$(awk '{print $1}' <<< "$line") type=$(awk '{print $1}' <<< "$line")
@ -39,7 +39,7 @@ webuiGenerateSshAccess()
$first || keys_json+="," $first || keys_json+=","
first=false first=false
keys_json+="{\"type\":\"$(jsonEscape "$type")\",\"fingerprint\":\"$(jsonEscape "$fpr")\",\"comment\":\"$(jsonEscape "$comment")\"}" keys_json+="{\"type\":\"$(jsonEscape "$type")\",\"fingerprint\":\"$(jsonEscape "$fpr")\",\"comment\":\"$(jsonEscape "$comment")\"}"
done < <(sudo cat "$akf") done < <(runSystem cat "$akf")
fi fi
keys_json+="]" keys_json+="]"

View File

@ -16,7 +16,7 @@ webuiEnsureTaskFiles() {
if [ ! -f "$task_dir/queue.json" ]; then if [ ! -f "$task_dir/queue.json" ]; then
echo " Creating queue.json" echo " Creating queue.json"
createTouch "$task_dir/queue.json" $docker_install_user "silent" createTouch "$task_dir/queue.json" $docker_install_user "silent"
local result=$(echo "[]" | sudo tee "$task_dir/queue.json" > /dev/null) local result=$(echo "[]" | runFileWrite "$task_dir/queue.json" > /dev/null)
checkSuccess "Created queue.json..." checkSuccess "Created queue.json..."
else else
echo " queue.json exists" echo " queue.json exists"
@ -26,7 +26,7 @@ webuiEnsureTaskFiles() {
if [ ! -f "$task_dir/current.json" ]; then if [ ! -f "$task_dir/current.json" ]; then
echo " Creating current.json" echo " Creating current.json"
createTouch "$task_dir/current.json" $docker_install_user "silent" createTouch "$task_dir/current.json" $docker_install_user "silent"
local result=$(echo '{}' | sudo tee "$task_dir/current.json" > /dev/null) local result=$(echo '{}' | runFileWrite "$task_dir/current.json" > /dev/null)
checkSuccess "Created current.json..." checkSuccess "Created current.json..."
else else
echo " current.json exists" echo " current.json exists"

View File

@ -19,7 +19,7 @@ webuiUpdateAppLog()
# Create WebUI log file if it doesn't exist # Create WebUI log file if it doesn't exist
if [ ! -f "${log_file}" ]; then if [ ! -f "${log_file}" ]; then
createTouch "$log_file" $sudo_user_name "silent" createTouch "$log_file" $sudo_user_name "silent"
echo "=== LibrePortal Installation Started at $(date) ===" | sudo tee "${log_file}" > /dev/null echo "=== LibrePortal Installation Started at $(date) ===" | runFileWrite "${log_file}" > /dev/null
fi fi
elif [[ "$type" == "uninstall" ]]; then elif [[ "$type" == "uninstall" ]]; then
# Remove app log file # Remove app log file

View File

@ -67,7 +67,7 @@ EOF
)" )"
local current="" local current=""
[[ -f "$service_file" ]] && current="$(sudo cat "$service_file" 2>/dev/null)" [[ -f "$service_file" ]] && current="$(runSystem cat "$service_file" 2>/dev/null)"
if [[ "$desired" != "$current" ]]; then if [[ "$desired" != "$current" ]]; then
printf '%s\n' "$desired" | runSystem tee "$service_file" > /dev/null printf '%s\n' "$desired" | runSystem tee "$service_file" > /dev/null