Convert the remaining ad-hoc 'sudo' calls across the data plane to the run_privileged helpers so every file op lands as the correct owner with no blanket root: - DB/configs (manager-owned): db_list_all_apps, delete_db_file, install_sqlite, cli_webui_commands -> runInstallOp - containers (dockerinstall-owned): scan_container_socket, delete_data, webui_task_files, webui_app_log, webui_config_patch, application_missing_variables, uninstall_app -> runFileOp/runFileWrite - genuine root: passwd, tailscale, ufw-docker, sysctl grep, systemd unit read, authorized_keys read, nobody chown -> runSystem - interactive editors and 'id -u': drop sudo entirely (run as caller) - owncloud/adguard container-UID config edits -> runSystem (funnel; docker-exec rework deferred) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
36 lines
1.2 KiB
Bash
Executable File
36 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
installSQLiteDatabase()
|
|
{
|
|
if [[ $CFG_REQUIREMENT_DATABASE == "true" ]]; then
|
|
# Safeguard loading
|
|
if [ ! -e "$docker_dir/$db_file" ]; then
|
|
if command -v sqlite3 &> /dev/null; then
|
|
isHeader "Setup SQLite Database"
|
|
|
|
# Create SQLite database file
|
|
if [ ! -e "$docker_dir/$db_file" ]; then
|
|
local result=$(runInstallOp touch $docker_dir/$db_file)
|
|
checkSuccess "Creating SQLite $db_file file"
|
|
|
|
local result=$(runInstallOp chmod 755 $docker_dir/$db_file)
|
|
checkSuccess "Changing permissions for SQLite $db_file file"
|
|
fi
|
|
|
|
databaseCreateTables;
|
|
|
|
# Get list of table names from database
|
|
sql_table_names=$(sqlite3 "$docker_dir/$db_file" ".tables")
|
|
|
|
# Loop through table names and print the desired text
|
|
for sql_table_name in $sql_table_names; do
|
|
isSuccessful "Table $sql_table_name found in database."
|
|
done
|
|
fi
|
|
else
|
|
# Make sure tables are always setup
|
|
databaseCreateTables;
|
|
fi
|
|
fi
|
|
}
|