From 9817d6945a54591d16521386b11c74aadd08c74a Mon Sep 17 00:00:00 2001 From: librelad Date: Wed, 27 May 2026 15:14:08 +0100 Subject: [PATCH] fix(config): silence app-data Permission-denied chatter from config reconcile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit checkApplicationsConfigFilesMissingVariables does a `find $containers_dir -maxdepth 2 -type f -name '*.config'` to enumerate every app's live config. runFileOp drops privileges to $CFG_DOCKER_INSTALL_USER (dockerinstall), which is intentionally the *manager* for the rootless data plane — but doesn't own the per-app container sub-UID dirs (e.g. invidious/postgresdata uid 232070, nextcloud/html uid 33). At maxdepth 2 find doesn't actually need to descend into those dirs to satisfy the name filter, but it tries to anyway and emits chatter like find: '.../invidious/postgresdata': Permission denied every time the function runs (config-reconcile path on install / app start / restart). Cosmetic only — the actual .config files are at the right depth and ARE found — but it shows up in the live CLI output during installs. 2>/dev/null on the find. The function's purpose is purely to enumerate LibrePortal-managed .config files; sub-UID data dirs are by design unreachable to the manager and there's no signal in that error. Signed-off-by: librelad --- .../config/application/application_missing_variables.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/config/application/application_missing_variables.sh b/scripts/config/application/application_missing_variables.sh index e5598ac..b69779a 100755 --- a/scripts/config/application/application_missing_variables.sh +++ b/scripts/config/application/application_missing_variables.sh @@ -9,7 +9,12 @@ checkApplicationsConfigFilesMissingVariables() app=$(basename "$live" .config) remote="$install_containers_dir$app/$app.config" reconcileConfigFile "$live" "$remote" - done < <(runFileOp find "$containers_dir" -maxdepth 2 -type f -name '*.config' ! -name '*.bak') + # 2>/dev/null on the find: app data dirs (e.g. invidious/postgresdata, + # nextcloud/html) are owned by container sub-UIDs that the manager user + # can't read into, and they're harmless permission-denied chatter — find + # at this maxdepth doesn't need to enter them to satisfy -name '*.config' + # at depth 2. Keep the noise out of CLI/log output. + done < <(runFileOp find "$containers_dir" -maxdepth 2 -type f -name '*.config' ! -name '*.bak' 2>/dev/null) isSuccessful "Application config reconciliation completed." }