Merge claude/1
This commit is contained in:
commit
ad902c6478
@ -25,39 +25,50 @@ reconcileDockerOwnership()
|
|||||||
# The control plane is owned by the MANAGER user in BOTH modes. root:root was
|
# The control plane is owned by the MANAGER user in BOTH modes. root:root was
|
||||||
# never the intended model — it only ever showed up as an artifact of
|
# never the intended model — it only ever showed up as an artifact of
|
||||||
# un-de-sudo'd commands (sudo creating files as root instead of libreportal).
|
# un-de-sudo'd commands (sudo creating files as root instead of libreportal).
|
||||||
|
# Robust resolution — these globals aren't always populated in the CLI/switch
|
||||||
|
# context, which previously made ops silently no-op (relative paths / empty
|
||||||
|
# user). Fall back to absolute defaults and the live config file; never empty.
|
||||||
local owner="${sudo_user_name:-libreportal}"
|
local owner="${sudo_user_name:-libreportal}"
|
||||||
local appusr="${docker_install_user:-$CFG_DOCKER_INSTALL_USER}"
|
local ddir="${docker_dir:-/docker}"
|
||||||
|
local cdir="${containers_dir:-$ddir/containers/}"
|
||||||
|
local cfgdir="${configs_dir:-$ddir/configs/}"
|
||||||
|
local logdir="${logs_dir:-$ddir/logs/}"
|
||||||
|
local scrdir="${script_dir:-$ddir/install}"
|
||||||
|
local dbpath="$ddir/${db_file:-database.db}"
|
||||||
|
local appusr="${docker_install_user:-${CFG_DOCKER_INSTALL_USER:-}}"
|
||||||
|
[[ -z "$appusr" ]] && appusr=$(grep -h '^CFG_DOCKER_INSTALL_USER=' "$cfgdir/general/general_docker_install" 2>/dev/null | head -1 | cut -d= -f2 | awk '{print $1}')
|
||||||
|
appusr="${appusr:-dockerinstall}"
|
||||||
|
|
||||||
# Swap ONLY the owner on our own control-plane files; never reset mode bits
|
[[ -d "$ddir" ]] || return 0
|
||||||
# (so nothing that validates its permissions gets surprised). The only two
|
|
||||||
# bits we *add* (never remove) are structural and on our own dirs, not app
|
|
||||||
# files: o+x on /docker so the docker user can still traverse to its
|
|
||||||
# container dirs, and o+r on the DB so the WebUI container can read it.
|
|
||||||
runSystem chown "$owner:$owner" "$docker_dir"
|
|
||||||
runSystem chmod o+x "$docker_dir"
|
|
||||||
|
|
||||||
# LibrePortal-owned control plane (NOT containers/ backups/ ssl/ ssh) — owner
|
# Swap ONLY the owner on our own control-plane files; never reset mode bits.
|
||||||
# only, modes preserved.
|
# The only two bits we *add* (never remove) are structural: o+x on /docker so
|
||||||
|
# the docker user can traverse to its container dirs, and o+r on the DB so the
|
||||||
|
# WebUI container can read it.
|
||||||
|
runSystem chown "$owner:$owner" "$ddir"
|
||||||
|
runSystem chmod o+x "$ddir"
|
||||||
local p
|
local p
|
||||||
for p in "$configs_dir" "$logs_dir" "$script_dir" "$docker_dir/$db_file"; do
|
for p in "$cfgdir" "$logdir" "$scrdir" "$dbpath"; do
|
||||||
[[ -e "$p" ]] && runSystem chown -R "$owner:$owner" "$p"
|
[[ -e "$p" ]] && runSystem chown -R "$owner:$owner" "$p"
|
||||||
done
|
done
|
||||||
[[ -f "$docker_dir/$db_file" ]] && runSystem chmod o+r "$docker_dir/$db_file"
|
[[ -f "$dbpath" ]] && runSystem chmod o+r "$dbpath"
|
||||||
|
|
||||||
# LibrePortal's OWN WebUI container dir is regenerable, so flip it to the
|
# LibrePortal's OWN WebUI container dir is regenerable, so flip it to the
|
||||||
# mode's container owner so the WebUI survives a switch (safe to recurse —
|
# mode's container owner so the WebUI survives a switch (safe to recurse —
|
||||||
# it's all one UID, no per-app uid to clobber). Third-party app data
|
# one UID, no per-app uid to clobber). Third-party app data is left untouched.
|
||||||
# elsewhere under containers/ is left untouched.
|
# rooted -> the manager (owns everything under /docker in rooted)
|
||||||
# rooted -> the manager (it owns everything under /docker in rooted)
|
|
||||||
# rootless -> the docker install user (owns /docker/containers/**)
|
# rootless -> the docker install user (owns /docker/containers/**)
|
||||||
local webui_dir="${containers_dir}libreportal"
|
local webui_dir="${cdir}libreportal"
|
||||||
if [[ -d "$webui_dir" ]]; then
|
if [[ -d "$webui_dir" ]]; then
|
||||||
local app_owner="$owner"
|
local app_owner="$owner"
|
||||||
[[ "$mode" == "rootless" ]] && app_owner="$appusr"
|
[[ "$mode" == "rootless" ]] && app_owner="$appusr"
|
||||||
runSystem chown -R "$app_owner:$app_owner" "$webui_dir"
|
runSystem chown -R "$app_owner:$app_owner" "$webui_dir"
|
||||||
|
isSuccessful "Reconciled WebUI dir ($webui_dir) -> $app_owner"
|
||||||
|
else
|
||||||
|
isNotice "reconcileDockerOwnership: WebUI dir '$webui_dir' not found — skipped"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
isSuccessful "Reconciled LibrePortal control-plane ownership for $mode ($owner)"
|
isSuccessful "Reconciled ownership for $mode — control plane: $owner, app install user: $appusr"
|
||||||
}
|
}
|
||||||
|
|
||||||
fixFolderPermissions()
|
fixFolderPermissions()
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user