fix(de-sudo): skip runtime manager-password re-sync (surfaced by error_report)

The honest-checkSuccess + masking fixes immediately surfaced a real masked
failure in error_report.log: updateDockerSudoPassword (run every system scan
from start_scan.sh) does 'sudo passwd $sudo_user_name', but Model A's scoped
sudoers grants only LP_HELPERS/LP_SYSTEM + run-as-install-user — not passwd.
So at runtime (manager, non-root) it failed exit 1 every scan, masked until now.
The password is set at install (root, chpasswd) and admin login is key-based,
so the runtime re-sync is legacy + impossible under de-sudo: guard it to skip
unless EUID 0. (Validates the surfacing mechanism working as intended.)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-05-31 11:17:17 +01:00
parent 63e956ded4
commit 9050a8c783

View File

@ -2,6 +2,16 @@
updateDockerSudoPassword() updateDockerSudoPassword()
{ {
# The manager's system password is set at install (as root, via chpasswd).
# Under the de-sudo model the runtime runs AS the manager with a SCOPED
# sudoers that grants only LP_HELPERS/LP_SYSTEM + running-as-the-install-user
# — NOT `passwd`. So re-syncing here at runtime can't work (sudo passwd is
# denied) and isn't needed (sudo is NOPASSWD-scoped; admin login is key-based
# / managed by the SSH page). Skip unless actually root, else every system
# scan fails this step. (Previously masked by `local result=$(…)`.)
if [[ $EUID -ne 0 ]]; then
return 0
fi
local result; result=$(echo -e "$CFG_LIBREPORTAL_USER_PASS\n$CFG_LIBREPORTAL_USER_PASS" | runSystem passwd "$sudo_user_name" > /dev/null 2>&1) local result; result=$(echo -e "$CFG_LIBREPORTAL_USER_PASS\n$CFG_LIBREPORTAL_USER_PASS" | runSystem passwd "$sudo_user_name" > /dev/null 2>&1)
checkSuccess "Updating the password for the $sudo_user_name user" checkSuccess "Updating the password for the $sudo_user_name user"
} }