Merge claude/1

This commit is contained in:
librelad 2026-06-21 23:00:47 +01:00
commit d842ed8447
4 changed files with 29 additions and 8 deletions

View File

@ -55,13 +55,6 @@ installLibrePortal()
((menu_number++))
echo ""
echo "---- $menu_number. Updating file permissions before starting."
echo ""
fixPermissionsBeforeStart $app_name;
((menu_number++))
echo ""
echo "---- $menu_number. Randomizing WebUI login credentials."
echo ""
@ -72,6 +65,18 @@ installLibrePortal()
((menu_number++))
echo ""
echo "---- $menu_number. Updating file permissions before starting."
echo ""
# Must run AFTER the credential rewrite above: that rewrite (as the non-root
# manager) resets webui_logins' group, dropping the container-owner group the
# rootless WebUI reads it through. This pass restores it, so it has to be the
# last ownership touch before the container starts — else the container can't
# read its own login file and exits on boot.
fixPermissionsBeforeStart $app_name;
((menu_number++))
echo ""
echo "---- $menu_number. Running the docker-compose.yml to install and start $app_name"
echo ""

View File

@ -97,6 +97,12 @@ cliWebuiLoginReset()
isNotice "Regenerating WebUI config files..."
webuiLibrePortalUpdate
# The credential rewrite above ran as the non-root manager, which resets
# webui_logins' group and drops the container-owner group the rootless WebUI
# reads it through. Restore it before restarting, or the container can't read
# its own login file and exits on boot.
reconcileWebuiDirOwnership
# Restart the libreportal container so it picks up the new credentials
isNotice "Restarting LibrePortal container..."
dockerComposeRestart libreportal

View File

@ -64,6 +64,14 @@ reconcileContainersTopOwnership()
# reconcile and the fresh-install WebUI setup so a fresh install gets the same
# ownership a switch does — otherwise rootless generators hit "Permission
# denied" on a manager-owned frontend/data tree.
#
# Also restores the configs/webui bind-mount access (webui-bind): those system-tree
# files are read by the container through the container-owner GROUP, but any rewrite
# by the non-root manager (e.g. the credential randomizer's sed of webui_logins)
# resets their group to the manager's own — after which the rootless container can
# no longer read them and exits on boot. Folding it in here makes this the single
# "ready the WebUI for its container" pass: run it after any config write and right
# before the container (re)starts.
reconcileWebuiDirOwnership()
{
local mode="${1:-$CFG_DOCKER_INSTALL_TYPE}"
@ -74,6 +82,7 @@ reconcileWebuiDirOwnership()
return 0
fi
runOwnership webui
runOwnership webui-bind
isSuccessful "Reconciled WebUI dir ($webui_dir)"
}

View File

@ -259,9 +259,10 @@ case "$action" in
db-own) db_own;;
app-perms) app_perms;;
webui) webui;;
webui-bind) _webui_bind_access;;
taskdir) taskdir;;
app-data-nobody) app_data_nobody "${1:-}";;
app-data-remove) app_data_remove "${1:-}";;
app-file) app_file "${1:-}" "${2:-}";;
*) echo "usage: libreportal-ownership {reconcile [mode]|traversal|containers-top|backups-top|db-own|app-perms|webui|taskdir|app-data-nobody <app>|app-data-remove <app>|app-file <app> <relpath>}" >&2; exit 2;;
*) echo "usage: libreportal-ownership {reconcile [mode]|traversal|containers-top|backups-top|db-own|app-perms|webui|webui-bind|taskdir|app-data-nobody <app>|app-data-remove <app>|app-file <app> <relpath>}" >&2; exit 2;;
esac