diff --git a/scripts/config/tags/processors/tags_processor_docker_installation.sh b/scripts/config/tags/processors/tags_processor_docker_installation.sh index bededdb..f33e897 100755 --- a/scripts/config/tags/processors/tags_processor_docker_installation.sh +++ b/scripts/config/tags/processors/tags_processor_docker_installation.sh @@ -18,7 +18,7 @@ tagsProcessorDockerInstallation() tagsManagerUpdateUniversalTag "$full_file_path" "GID_TAG" "$docker_install_user_id" # Enable user directive (non-tag replacement) - sudo sed -i 's|#user:|user:|g' "$full_file_path" + runFileOp sed -i 's|#user:|user:|g' "$full_file_path" checkSuccess "Docker rootless installation tags applied using universal tag manager" fi diff --git a/scripts/crontab/crontab_clear.sh b/scripts/crontab/crontab_clear.sh index 7579c99..164a1a0 100755 --- a/scripts/crontab/crontab_clear.sh +++ b/scripts/crontab/crontab_clear.sh @@ -8,6 +8,6 @@ crontabClear() # user rename. The sticky bit on /var/spool/cron/crontabs otherwise stops # the user replacing a file it doesn't own ("rename: Operation not # permitted"); setup recreates the crontab as the user next. - sudo crontab -u "$sudo_user_name" -r 2>/dev/null + runInstallOp crontab -r 2>/dev/null isSuccessful "All crontab data has been deleted." } \ No newline at end of file diff --git a/scripts/docker/compose/copy_build_context.sh b/scripts/docker/compose/copy_build_context.sh index 0ef1380..7cb6083 100644 --- a/scripts/docker/compose/copy_build_context.sh +++ b/scripts/docker/compose/copy_build_context.sh @@ -41,7 +41,7 @@ dockerCopyBuildContext() # container dir — the chown below sets the correct owner. Without this the # rsync re-stamps the WebUI tree as uid 1000 every install. if command -v rsync >/dev/null 2>&1; then - sudo rsync -a --no-owner --no-group \ + runFileOp rsync -a --no-owner --no-group \ --exclude="docker-compose.yml" \ --exclude="docker-compose.${app_name}.yml" \ --exclude="${app_name}.config" \ @@ -52,15 +52,12 @@ dockerCopyBuildContext() else # Best-effort fallback. Copies everything then nukes the # excluded items in the target. - sudo cp -R "$source_dir/." "$target_dir/" - sudo rm -f "$target_dir/${app_name}.config" "$target_dir/${app_name}.tools.json" + runFileOp cp -R "$source_dir/." "$target_dir/" + runFileOp rm -f "$target_dir/${app_name}.config" "$target_dir/${app_name}.tools.json" fi - # Own the deployed tree as the mode's container owner (config-authoritative, - # never the stale/empty $docker_install_user global that let uid 1000 slip - # through before). - local owner - owner="$(dockerContainerOwner)" - runSystem chown -R "$owner:$owner" "$target_dir" + # runFileOp above wrote the tree AS the container owner (rootless: the docker + # install user; rooted: the manager) with --no-owner so the repo-clone uid + # isn't carried — no root, no chown needed. isSuccessful "Build context copied for $app_name." } diff --git a/scripts/docker/compose/update_compose_yml.sh b/scripts/docker/compose/update_compose_yml.sh index fd4ed89..167cee0 100755 --- a/scripts/docker/compose/update_compose_yml.sh +++ b/scripts/docker/compose/update_compose_yml.sh @@ -33,11 +33,11 @@ dockerComposeUpdate() local jail_local_file="$containers_dir/$app_name/config/$app_name/jail.local" if [ -f "$jail_local_file" ]; then - if sudo grep -q "ignoreip = ips_whitelist" "$jail_local_file"; then + if runFileOp grep -q "ignoreip = ips_whitelist" "$jail_local_file"; then # Whitelist not set up yet - if sudo grep -q "ignoreip = ips_whitelist" "$jail_local_file"; then - local result=$(sudo sed -i "s/ips_whitelist/$CFG_IPS_WHITELIST/" "$jail_local_file") + if runFileOp grep -q "ignoreip = ips_whitelist" "$jail_local_file"; then + local result=$(runFileOp sed -i "s/ips_whitelist/$CFG_IPS_WHITELIST/" "$jail_local_file") checkSuccess "Update the IP whitelist for $app_name" local whitelistupdates=true fi @@ -45,7 +45,7 @@ dockerComposeUpdate() # If the IPs are set up already but need an update local current_ip_range=$(grep "ignoreip = " "$jail_local_file" | cut -d ' ' -f 2) if [ "$current_ip_range" != "$CFG_IPS_WHITELIST" ]; then - local result=$(sudo sed -i "s/ignoreip = ips_whitelist/ignoreip = $CFG_IPS_WHITELIST/" "$jail_local_file") + local result=$(runFileOp sed -i "s/ignoreip = ips_whitelist/ignoreip = $CFG_IPS_WHITELIST/" "$jail_local_file") checkSuccess "Update the IP whitelist for $app_name" local whitelistupdates=true fi diff --git a/scripts/function/run/create_successful_run_file.sh b/scripts/function/run/create_successful_run_file.sh index bfefbad..91ceb2d 100755 --- a/scripts/function/run/create_successful_run_file.sh +++ b/scripts/function/run/create_successful_run_file.sh @@ -2,5 +2,5 @@ createSuccessfulRunFile() { - sudo echo "LibrePortal last ran on :" $(date) > $docker_dir/run.txt + echo "LibrePortal last ran on : $(date)" | runInstallWrite "$docker_dir/run.txt" } \ No newline at end of file diff --git a/scripts/function/run/reinstall_libreportal.sh b/scripts/function/run/reinstall_libreportal.sh index eca6c11..e9b6d53 100755 --- a/scripts/function/run/reinstall_libreportal.sh +++ b/scripts/function/run/reinstall_libreportal.sh @@ -64,7 +64,7 @@ runReinstall() # Try HTTPS first if sudo -u $sudo_user_name git clone -q "$AUTH_HTTPS_REPO_URL" "/docker/install" 2>/dev/null; then - sudo cp -f /docker/install/init.sh /root/ + runSystem cp -f /docker/install/init.sh /root/ echo "SUCCESS: Git repository cloned via HTTPS into /docker/install." echo "" echo "SUCCESS: Reinstallation complete, you can now run the "libreportal run" command." @@ -72,7 +72,7 @@ runReinstall() else # If HTTPS fails, try HTTP if sudo -u $sudo_user_name git clone -q "$AUTH_HTTP_REPO_URL" "/docker/install" 2>/dev/null; then - sudo cp -f /docker/install/init.sh /root/ + runSystem cp -f /docker/install/init.sh /root/ echo "SUCCESS: Git repository cloned via HTTP into /docker/install." echo "" echo "SUCCESS: Reinstallation complete, you can now run the "libreportal run" command." diff --git a/scripts/setup/setup_lock.sh b/scripts/setup/setup_lock.sh index ec4dcd3..909bbef 100644 --- a/scripts/setup/setup_lock.sh +++ b/scripts/setup/setup_lock.sh @@ -9,12 +9,13 @@ isSetupWizardComplete() setupWizardMarkComplete() { - sudo touch "$SETUP_LOCK_FILE" 2>/dev/null - sudo chown "$sudo_user_name:$sudo_user_name" "$SETUP_LOCK_FILE" 2>/dev/null - sudo chmod 644 "$SETUP_LOCK_FILE" 2>/dev/null + # .setup_complete lives in the docker-install-owned frontend/data -> runFileOp + # (created as that user; no root, no chown). + runFileOp touch "$SETUP_LOCK_FILE" 2>/dev/null + runFileOp chmod 644 "$SETUP_LOCK_FILE" 2>/dev/null } setupWizardReset() { - sudo rm -f "$SETUP_LOCK_FILE" 2>/dev/null + runFileOp rm -f "$SETUP_LOCK_FILE" 2>/dev/null }