fix(config): silence app-data Permission-denied chatter from config reconcile

checkApplicationsConfigFilesMissingVariables does a `find $containers_dir
-maxdepth 2 -type f -name '*.config'` to enumerate every app's live
config. runFileOp drops privileges to $CFG_DOCKER_INSTALL_USER
(dockerinstall), which is intentionally the *manager* for the rootless
data plane — but doesn't own the per-app container sub-UID dirs (e.g.
invidious/postgresdata uid 232070, nextcloud/html uid 33).

At maxdepth 2 find doesn't actually need to descend into those dirs to
satisfy the name filter, but it tries to anyway and emits chatter like

  find: '.../invidious/postgresdata': Permission denied

every time the function runs (config-reconcile path on install / app
start / restart). Cosmetic only — the actual .config files are at the
right depth and ARE found — but it shows up in the live CLI output
during installs.

2>/dev/null on the find. The function's purpose is purely to enumerate
LibrePortal-managed .config files; sub-UID data dirs are by design
unreachable to the manager and there's no signal in that error.

Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-05-27 15:14:08 +01:00
parent 338cd801fd
commit 9817d6945a

View File

@ -9,7 +9,12 @@ checkApplicationsConfigFilesMissingVariables()
app=$(basename "$live" .config) app=$(basename "$live" .config)
remote="$install_containers_dir$app/$app.config" remote="$install_containers_dir$app/$app.config"
reconcileConfigFile "$live" "$remote" reconcileConfigFile "$live" "$remote"
done < <(runFileOp find "$containers_dir" -maxdepth 2 -type f -name '*.config' ! -name '*.bak') # 2>/dev/null on the find: app data dirs (e.g. invidious/postgresdata,
# nextcloud/html) are owned by container sub-UIDs that the manager user
# can't read into, and they're harmless permission-denied chatter — find
# at this maxdepth doesn't need to enter them to satisfy -name '*.config'
# at depth 2. Keep the noise out of CLI/log output.
done < <(runFileOp find "$containers_dir" -maxdepth 2 -type f -name '*.config' ! -name '*.bak' 2>/dev/null)
isSuccessful "Application config reconciliation completed." isSuccessful "Application config reconciliation completed."
} }