diff --git a/scripts/function/file/create_touch.sh b/scripts/function/file/create_touch.sh index 3537162..45f32d0 100755 --- a/scripts/function/file/create_touch.sh +++ b/scripts/function/file/create_touch.sh @@ -1,22 +1,36 @@ #!/bin/bash +# Create an empty file with the correct owner FOR ITS LOCATION. +# under /docker/containers// -> app data, owned by the docker install +# user -> create via runFileOp. +# anywhere else -> manager control plane -> runInstallOp +# (the current/manager user). +# Creating the file directly as the right owner avoids chown-to-another-user, +# which needs real root and isn't available to the unprivileged runtime. +# $2 (user_name) is kept for call-site compatibility but is now advisory — the +# path decides the owner, so a stale hint (e.g. passing the manager user for a +# file that lives under containers/) no longer lands the file with the wrong +# owner. Parent dirs are created with the same owner. createTouch() { local file="$1" - local user_name="$2" + local user_name="$2" # advisory; location determines the real owner local silent_flag="$3" - local file_name=$(basename "$file") - local file_dir=$(dirname "$file") - local clean_dir=$(echo "$file" | sed 's#//*#/#g') + local clean_file=$(echo "$file" | sed 's#//*#/#g') + local file_name=$(basename "$clean_file") + local file_dir=$(dirname "$clean_file") + + local op="runInstallOp" + if [[ "$clean_file" == "$containers_dir"* || "$clean_file" == /docker/containers/* ]]; then + op="runFileOp" + fi if [ "$silent_flag" == "silent" ]; then - runFileOp touch "$clean_dir" - runFileOp chown $user_name:$user_name "$file" + $op mkdir -p "$file_dir" 2>/dev/null + $op touch "$clean_file" else - local result=$(runFileOp touch "$clean_dir") + local result=$($op mkdir -p "$file_dir") + local result=$($op touch "$clean_file") checkSuccess "Touching $file_name" - - local result=$(runFileOp chown $user_name:$user_name "$file") - checkSuccess "Updating $file_name with $user_name ownership" fi }