Compare commits
2 Commits
38b3f189b8
...
d842ed8447
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
d842ed8447 | ||
|
|
655dbc2bb9 |
@ -55,13 +55,6 @@ installLibrePortal()
|
||||
|
||||
((menu_number++))
|
||||
echo ""
|
||||
echo "---- $menu_number. Updating file permissions before starting."
|
||||
echo ""
|
||||
|
||||
fixPermissionsBeforeStart $app_name;
|
||||
|
||||
((menu_number++))
|
||||
echo ""
|
||||
echo "---- $menu_number. Randomizing WebUI login credentials."
|
||||
echo ""
|
||||
|
||||
@ -72,6 +65,18 @@ installLibrePortal()
|
||||
|
||||
((menu_number++))
|
||||
echo ""
|
||||
echo "---- $menu_number. Updating file permissions before starting."
|
||||
echo ""
|
||||
|
||||
# Must run AFTER the credential rewrite above: that rewrite (as the non-root
|
||||
# manager) resets webui_logins' group, dropping the container-owner group the
|
||||
# rootless WebUI reads it through. This pass restores it, so it has to be the
|
||||
# last ownership touch before the container starts — else the container can't
|
||||
# read its own login file and exits on boot.
|
||||
fixPermissionsBeforeStart $app_name;
|
||||
|
||||
((menu_number++))
|
||||
echo ""
|
||||
echo "---- $menu_number. Running the docker-compose.yml to install and start $app_name"
|
||||
echo ""
|
||||
|
||||
|
||||
@ -97,6 +97,12 @@ cliWebuiLoginReset()
|
||||
isNotice "Regenerating WebUI config files..."
|
||||
webuiLibrePortalUpdate
|
||||
|
||||
# The credential rewrite above ran as the non-root manager, which resets
|
||||
# webui_logins' group and drops the container-owner group the rootless WebUI
|
||||
# reads it through. Restore it before restarting, or the container can't read
|
||||
# its own login file and exits on boot.
|
||||
reconcileWebuiDirOwnership
|
||||
|
||||
# Restart the libreportal container so it picks up the new credentials
|
||||
isNotice "Restarting LibrePortal container..."
|
||||
dockerComposeRestart libreportal
|
||||
|
||||
@ -64,6 +64,14 @@ reconcileContainersTopOwnership()
|
||||
# reconcile and the fresh-install WebUI setup so a fresh install gets the same
|
||||
# ownership a switch does — otherwise rootless generators hit "Permission
|
||||
# denied" on a manager-owned frontend/data tree.
|
||||
#
|
||||
# Also restores the configs/webui bind-mount access (webui-bind): those system-tree
|
||||
# files are read by the container through the container-owner GROUP, but any rewrite
|
||||
# by the non-root manager (e.g. the credential randomizer's sed of webui_logins)
|
||||
# resets their group to the manager's own — after which the rootless container can
|
||||
# no longer read them and exits on boot. Folding it in here makes this the single
|
||||
# "ready the WebUI for its container" pass: run it after any config write and right
|
||||
# before the container (re)starts.
|
||||
reconcileWebuiDirOwnership()
|
||||
{
|
||||
local mode="${1:-$CFG_DOCKER_INSTALL_TYPE}"
|
||||
@ -74,6 +82,7 @@ reconcileWebuiDirOwnership()
|
||||
return 0
|
||||
fi
|
||||
runOwnership webui
|
||||
runOwnership webui-bind
|
||||
isSuccessful "Reconciled WebUI dir ($webui_dir)"
|
||||
}
|
||||
|
||||
|
||||
@ -259,9 +259,10 @@ case "$action" in
|
||||
db-own) db_own;;
|
||||
app-perms) app_perms;;
|
||||
webui) webui;;
|
||||
webui-bind) _webui_bind_access;;
|
||||
taskdir) taskdir;;
|
||||
app-data-nobody) app_data_nobody "${1:-}";;
|
||||
app-data-remove) app_data_remove "${1:-}";;
|
||||
app-file) app_file "${1:-}" "${2:-}";;
|
||||
*) echo "usage: libreportal-ownership {reconcile [mode]|traversal|containers-top|backups-top|db-own|app-perms|webui|taskdir|app-data-nobody <app>|app-data-remove <app>|app-file <app> <relpath>}" >&2; exit 2;;
|
||||
*) echo "usage: libreportal-ownership {reconcile [mode]|traversal|containers-top|backups-top|db-own|app-perms|webui|webui-bind|taskdir|app-data-nobody <app>|app-data-remove <app>|app-file <app> <relpath>}" >&2; exit 2;;
|
||||
esac
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user