Convert the remaining ad-hoc 'sudo' calls across the data plane to the run_privileged helpers so every file op lands as the correct owner with no blanket root: - DB/configs (manager-owned): db_list_all_apps, delete_db_file, install_sqlite, cli_webui_commands -> runInstallOp - containers (dockerinstall-owned): scan_container_socket, delete_data, webui_task_files, webui_app_log, webui_config_patch, application_missing_variables, uninstall_app -> runFileOp/runFileWrite - genuine root: passwd, tailscale, ufw-docker, sysctl grep, systemd unit read, authorized_keys read, nobody chown -> runSystem - interactive editors and 'id -u': drop sudo entirely (run as caller) - owncloud/adguard container-UID config edits -> runSystem (funnel; docker-exec rework deferred) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
31 lines
1.0 KiB
Bash
Executable File
31 lines
1.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
webuiUpdateAppLog()
|
|
{
|
|
local app_name=$1
|
|
local type=$2 # install or uninstall
|
|
|
|
# Create logs directory if it doesn't exist
|
|
local log_dir="${containers_dir}libreportal/frontend/logs"
|
|
local apps_dir="${log_dir}/apps"
|
|
if [ ! -d "$apps_dir" ]; then
|
|
local result=$(createFolders "loud" $sudo_user_name $log_dir $apps_dir)
|
|
checkSuccess "Creating frontend logs folder"
|
|
fi
|
|
|
|
local log_file="${apps_dir}/${app_name}.log"
|
|
# Handle different log types
|
|
if [[ "$type" == "install" ]]; then
|
|
# Create WebUI log file if it doesn't exist
|
|
if [ ! -f "${log_file}" ]; then
|
|
createTouch "$log_file" $sudo_user_name "silent"
|
|
echo "=== LibrePortal Installation Started at $(date) ===" | runFileWrite "${log_file}" > /dev/null
|
|
fi
|
|
elif [[ "$type" == "uninstall" ]]; then
|
|
# Remove app log file
|
|
if [ -f "${log_file}" ]; then
|
|
local result=$(rm "${log_file}")
|
|
checkSuccess "Removed ${app_name}.log"
|
|
fi
|
|
fi
|
|
} |