diff --git a/scripts/docker/update_docker_user_pass.sh b/scripts/docker/update_docker_user_pass.sh index 2cb6c8f..492d9bc 100755 --- a/scripts/docker/update_docker_user_pass.sh +++ b/scripts/docker/update_docker_user_pass.sh @@ -2,6 +2,17 @@ updateDockerInstallPassword() { + # The rootless docker user's password is set at install (as root, from the + # startPreInstall → installDockerRootlessUser path). Under the de-sudo model + # the runtime runs AS the manager with a SCOPED sudoers that grants only + # LP_HELPERS/LP_SYSTEM + running-as-the-install-user — NOT `passwd`. So the + # per-scan re-sync from start_scan.sh can't work (sudo passwd is denied) and + # isn't needed (the user is operated via rootless-docker tooling, not a + # password login). Skip unless actually root, else every system scan fails + # this step. Twin of the updateDockerSudoPassword guard. + if [[ $EUID -ne 0 ]]; then + return 0 + fi local result; result=$(echo -e "$CFG_DOCKER_INSTALL_PASS\n$CFG_DOCKER_INSTALL_PASS" | runSystem passwd "$CFG_DOCKER_INSTALL_USER" > /dev/null 2>&1) checkSuccess "Updating the password for the $CFG_DOCKER_INSTALL_USER user" }