#!/bin/bash # Mode-aware privileged operations. # # The privilege a file operation needs depends on the Docker mode: # rooted — app/container files under /docker are root-owned, so ops run via # sudo. This is byte-for-byte the historical behaviour. # rootless — those files are owned by the unprivileged Docker install user, so # ops run AS that user over the existing SSH channel and need no # root at all. # Centralising the branch here means each call site is written once and is # correct in both modes, and rooted installs (incl. live boxes) are unchanged. # Run a /docker data-plane command — mkdir/chown/rm/cp/mv/find/sqlite3/etc. on # app or container files. # rooted -> sudo # rootless -> run as the Docker install user (no sudo) # Note: for stdin-fed writes (e.g. `… | sudo tee file`) use runFileWrite below; # this helper is for self-contained commands. runFileOp() { if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then dockerCommandRunInstallUser "$*" else sudo "$@" fi } # Write stdin to a path with the right privilege (replaces `… | sudo tee path`). # rooted -> sudo tee # rootless -> tee as the Docker install user # Usage: some_command | runFileWrite /path/to/file runFileWrite() { local dest="$1" if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then dockerCommandRunInstallUser "tee '$dest' >/dev/null" else sudo tee "$dest" >/dev/null fi } # Genuine system-administration command (ufw/systemctl/apt/sysctl/useradd, /etc # edits). Needs real root in both modes; kept as sudo and funnelled through one # place so it can later be confined to a scoped sudoers allowlist. runSystem() { sudo "$@" }