From 07b3e7896d3f4b01aacb193897900daae85d3d07 Mon Sep 17 00:00:00 2001 From: librelad Date: Sun, 24 May 2026 17:06:46 +0100 Subject: [PATCH] refactor(de-sudo): drop pointless sudo on htpasswd hash computation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit htpasswd -bnBC just computes a bcrypt hash to stdout (no file/root access), so the sudo was unnecessary — drop it in the adguard/focalboard/invidious auth helpers and password_hash. (App-config file edits owned by container UIDs — owncloud config.php/adguard yaml — are deferred as category-3 cross-owner work for the root-owned ownership helper.) Co-Authored-By: Claude Opus 4.7 Signed-off-by: librelad --- scripts/app/containers/adguard/adguard_auth.sh | 2 +- scripts/app/containers/focalboard/focalboard_auth.sh | 2 +- scripts/app/containers/invidious/invidious_auth.sh | 2 +- scripts/config/password/password_hash.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/app/containers/adguard/adguard_auth.sh b/scripts/app/containers/adguard/adguard_auth.sh index 2882f56..7d338e0 100644 --- a/scripts/app/containers/adguard/adguard_auth.sh +++ b/scripts/app/containers/adguard/adguard_auth.sh @@ -13,7 +13,7 @@ authAdapter_adguard_setPassword() { fi local bcrypt - bcrypt=$(sudo htpasswd -bnBC 10 "" "$password" | tr -d ':\n') + bcrypt=$(htpasswd -bnBC 10 "" "$password" | tr -d ':\n') [[ -z "$bcrypt" ]] && { isError "bcrypt failed."; return 1; } local tmp diff --git a/scripts/app/containers/focalboard/focalboard_auth.sh b/scripts/app/containers/focalboard/focalboard_auth.sh index ee731f8..5da5321 100644 --- a/scripts/app/containers/focalboard/focalboard_auth.sh +++ b/scripts/app/containers/focalboard/focalboard_auth.sh @@ -8,7 +8,7 @@ _focalboardBcrypt() { if ! command -v htpasswd >/dev/null 2>&1; then isError "htpasswd is required to bcrypt the password."; return 1 fi - sudo htpasswd -bnBC 10 "" "$1" | tr -d ':\n' + htpasswd -bnBC 10 "" "$1" | tr -d ':\n' } authAdapter_focalboard_setPassword() { diff --git a/scripts/app/containers/invidious/invidious_auth.sh b/scripts/app/containers/invidious/invidious_auth.sh index f84ed1a..d002208 100644 --- a/scripts/app/containers/invidious/invidious_auth.sh +++ b/scripts/app/containers/invidious/invidious_auth.sh @@ -8,7 +8,7 @@ _invidiousBcrypt() { if ! command -v htpasswd >/dev/null 2>&1; then isError "htpasswd is required to bcrypt the password."; return 1 fi - sudo htpasswd -bnBC 10 "" "$1" | tr -d ':\n' + htpasswd -bnBC 10 "" "$1" | tr -d ':\n' } authAdapter_invidious_setPassword() { diff --git a/scripts/config/password/password_hash.sh b/scripts/config/password/password_hash.sh index bd2acb5..a701397 100755 --- a/scripts/config/password/password_hash.sh +++ b/scripts/config/password/password_hash.sh @@ -7,7 +7,7 @@ hashPassword() # htpasswd first (local, instant). docker fallback pulls a ~50MB image. if command -v htpasswd &>/dev/null; then local bcrypt_hash - bcrypt_hash=$(sudo htpasswd -bnBC 10 "" "$password" | tr -d ':\n') + bcrypt_hash=$(htpasswd -bnBC 10 "" "$password" | tr -d ':\n') if [[ -n "$bcrypt_hash" ]]; then bcrypt_hash=$(echo "$bcrypt_hash" | awk -F= '{print $NF}') local escaped_hash