librelad 0b27ed1072 refactor(desudo): funnel backup-engine privilege drop through runBackupOp
The borg/restic/kopia engines all dropped to the dedicated backup user
via scattered 'sudo -E -u $docker_install_user'. Centralize that into a
single runBackupOp helper so the backup subsystem has one audit point and
the scoped sudoers needs only the (dockerinstall) drop rule.

Also:
- owncloud config heredoc tees -> runSystem (container-UID file)
- webui_display_logins: fix the broken 'command -v sudo sqlite3' guard
  to 'command -v sqlite3' (body already runs sqlite3 via runInstallOp)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 18:01:51 +01:00

50 lines
1.1 KiB
Bash

#!/bin/bash
resticCheckLocation()
{
local idx="$1"
local read_data="$2"
resticEnvExport "$idx" || return 1
local args=(check)
if [[ "$read_data" == "full" ]]; then
args+=(--read-data)
elif [[ -n "$read_data" ]]; then
args+=(--read-data-subset "${read_data}%")
fi
isNotice "Checking $(resticLocationName "$idx")${read_data:+ (sample: ${read_data}%)}"
runBackupOp restic "${args[@]}"
local rc=$?
resticEnvUnset
if [[ $rc -eq 0 ]]; then
isSuccessful "$(resticLocationName "$idx") integrity OK"
else
isError "$(resticLocationName "$idx") integrity FAILED"
fi
return $rc
}
resticCheckAllLocations()
{
local read_data="$1"
local idx
local failed=0
while IFS= read -r idx; do
[[ -z "$idx" ]] && continue
resticCheckLocation "$idx" "$read_data" || failed=$((failed + 1))
done < <(resticEnabledLocations)
return $failed
}
resticLocationStats()
{
local idx="$1"
resticEnvExport "$idx" || return 1
runBackupOp restic stats --json --no-lock 2>/dev/null
local rc=$?
resticEnvUnset
return $rc
}