fix(de-sudo): skip runtime dockerinstall-password re-sync (twin of 9050a8c)

start_scan.sh runs updateDockerInstallPassword every system scan, doing
`sudo passwd $CFG_DOCKER_INSTALL_USER` via runSystem. Model A's scoped
sudoers grants only LP_HELPERS/LP_SYSTEM + run-as-install-user — not passwd
— so at runtime (manager, non-root) it fails exit 1 every scan. This is the
exact sibling of the updateDockerSudoPassword failure fixed in 9050a8c; that
guard was added to the manager/sudo user but the dockerinstall user was
missed, so error_report.log kept logging "Updating the password for the
dockerinstall user" on every scan.

The password is set at install (root path, startPreInstall →
installDockerRootlessUser) and the rootless docker user is driven by tooling,
not a password login, so the runtime re-sync is legacy + impossible under
de-sudo. Guard it to skip unless EUID 0, mirroring the sudo-pass fix.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-07-05 19:48:22 +01:00
parent caf90bfdfa
commit f8e1072d1e

View File

@ -2,6 +2,17 @@
updateDockerInstallPassword()
{
# The rootless docker user's password is set at install (as root, from the
# startPreInstall → installDockerRootlessUser path). Under the de-sudo model
# the runtime runs AS the manager with a SCOPED sudoers that grants only
# LP_HELPERS/LP_SYSTEM + running-as-the-install-user — NOT `passwd`. So the
# per-scan re-sync from start_scan.sh can't work (sudo passwd is denied) and
# isn't needed (the user is operated via rootless-docker tooling, not a
# password login). Skip unless actually root, else every system scan fails
# this step. Twin of the updateDockerSudoPassword guard.
if [[ $EUID -ne 0 ]]; then
return 0
fi
local result; result=$(echo -e "$CFG_DOCKER_INSTALL_PASS\n$CFG_DOCKER_INSTALL_PASS" | runSystem passwd "$CFG_DOCKER_INSTALL_USER" > /dev/null 2>&1)
checkSuccess "Updating the password for the $CFG_DOCKER_INSTALL_USER user"
}