From e9bea13d3bf449ab282f2faf153d413078c60cda Mon Sep 17 00:00:00 2001 From: librelad Date: Sun, 24 May 2026 01:28:56 +0100 Subject: [PATCH] fix(switcher): reconcile also flips the WebUI's own (0:0) dir so it survives a switch Round-trip test exposed it: during a rooted stint the WebUI (root-in- container) writes root-owned files into its data dir; back in rootless the WebUI user (dockerinstall) can't manage them -> container Exited(137). Since the WebUI is LibrePortal's OWN regenerable 0:0 component, reconcile now also chowns containers/libreportal to the mode's container owner (root rooted / install user rootless). Validated: after this the WebUI returns to HTTP 200. Third-party app data under containers/ is still untouched (backup/restore). Co-Authored-By: Claude Opus 4.7 Signed-off-by: librelad --- scripts/function/permission/libreportal_folders.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scripts/function/permission/libreportal_folders.sh b/scripts/function/permission/libreportal_folders.sh index 64d4a5a..89b01c1 100755 --- a/scripts/function/permission/libreportal_folders.sh +++ b/scripts/function/permission/libreportal_folders.sh @@ -41,6 +41,18 @@ reconcileDockerOwnership() done [[ -f "$docker_dir/$db_file" ]] && runSystem chmod o+r "$docker_dir/$db_file" + # LibrePortal's OWN WebUI container dir is regenerable and runs as 0:0 + # (root-in-container -> root rooted / install user rootless). Flip it to the + # mode's container owner so the WebUI survives a switch; it's safe to recurse + # because it's all one UID (no per-app uid to clobber). Third-party app data + # elsewhere under containers/ is still left untouched. + local webui_dir="${containers_dir}libreportal" + if [[ -d "$webui_dir" ]]; then + local app_owner="root" + [[ "$mode" == "rootless" ]] && app_owner="$docker_install_user" + runSystem chown -R "$app_owner:$app_owner" "$webui_dir" + fi + isSuccessful "Reconciled LibrePortal control-plane ownership for $mode ($owner)" }