#!/bin/bash updateDockerSudoPassword() { # The manager's system password is set at install (as root, via chpasswd). # Under the de-sudo model the runtime runs AS the manager with a SCOPED # sudoers that grants only LP_HELPERS/LP_SYSTEM + running-as-the-install-user # — NOT `passwd`. So re-syncing here at runtime can't work (sudo passwd is # denied) and isn't needed (sudo is NOPASSWD-scoped; admin login is key-based # / managed by the SSH page). Skip unless actually root, else every system # scan fails this step. (Previously masked by `local result=$(…)`.) if [[ $EUID -ne 0 ]]; then return 0 fi local result; result=$(echo -e "$CFG_LIBREPORTAL_USER_PASS\n$CFG_LIBREPORTAL_USER_PASS" | runSystem passwd "$sudo_user_name" > /dev/null 2>&1) checkSuccess "Updating the password for the $sudo_user_name user" }