fix(manager): marker-guard the manager-user sshd append

install_user_manager appended a 'Match User' block to sshd_config with no
marker guard, unlike the rootless .bashrc block beside it. The enclosing
'if ! userExists' gate hides it today, but a user delete+recreate would append
a second block. Guard on the '### LibrePortal Manager User Start' marker so the
append is idempotent.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-05-24 15:11:35 +01:00
parent d733b70ee7
commit ba385a8b97

View File

@ -46,7 +46,12 @@ installDockerManagerUser()
local result=$(source ~/.bashrc)
checkSuccess "Reloading .bashrc"
local result=$(sudo bash -c "cat >> $sshd_config <<EOL
# Marker-guard the append (matching the rootless .bashrc pattern)
# so a re-run or a user delete+recreate can't duplicate the block.
if sudo grep -q "### LibrePortal Manager User Start" "$sshd_config"; then
isNotice "Manager-user SSH server config already present — skipping."
else
local result=$(sudo bash -c "cat >> $sshd_config <<EOL
### LibrePortal Manager User Start
Match User $CFG_DOCKER_MANAGER_USER
@ -58,12 +63,12 @@ Match User $CFG_DOCKER_MANAGER_USER
PasswordAuthentication yes
### LibrePortal Manager User End
EOL")
checkSuccess "Updating SSH Server Configuration for the Manager User."
checkSuccess "Updating SSH Server Configuration for the Manager User."
# Reload SSH Service
local result=$(sudo service ssh reload)
checkSuccess "Reloading SSH Service"
# Reload SSH Service
local result=$(sudo service ssh reload)
checkSuccess "Reloading SSH Service"
fi
isSuccessful "User '$CFG_DOCKER_MANAGER_USER' with restricted SFTP access to '/home/$CFG_DOCKER_MANAGER_USER' has been set up."
fi