LibrePortal/scripts/config/password/password_user_replace.sh
librelad 6089eb0882 fix(de-sudo): route container-tree writes through the privileged path
Two more cases of the manager writing directly into the container-owned
/libreportal-containers tree (same class as the regen-poll stamp), both masked
by a '✓ Success' that printed anyway:

- Password replacers (config/password/*): used 'runInstallOp sed -i' (manager)
  on app configs copied into the container tree, so sed -i EACCES'd its temp
  file and the substitution silently failed — the adguard.config 'couldn't open
  temporary file', leaving the literal RANDOMIZEDPASSWORD placeholder. Added
  runCfgOp (picks runFileOp vs runInstallOp by the target file's location) and
  routed every $file grep/sed/awk through it: password, username, hex, vapid,
  appkey, and bcrypt.

- Updater generator (webui_updater_scan): 'runFileOp cp <manager-tmp>' can't
  read the manager's 0600 mktemp as the container user, so it fell through to a
  manager 'cp' that EACCES'd on the container-owned out_dir. Switched the three
  writes to 'runFileWrite < tmp' (manager shell reads the tmp; container user
  tees the write).

Both deploy via the normal quick path (relocatable scripts) — no footprint bump,
no reinstall.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-31 02:33:10 +01:00

20 lines
709 B
Bash
Executable File

#!/bin/bash
replaceRandomUsernames()
{
local file="$1"
# Only scan for placeholders that actually exist in the file
local existing_placeholders=$(runCfgOp grep -oE 'RANDOMIZEDUSERNAME[0-9]+' "$file" 2>/dev/null | sort -u)
if [[ -n "$existing_placeholders" ]]; then
while IFS= read -r username_placeholder; do
if [[ -n "$username_placeholder" ]]; then
local random_username=$(generateRandomUsername)
runCfgOp sed -i 's/'"${username_placeholder}"'/'"${random_username}"'/g' "$file"
checkSuccess "Updated ${username_placeholder} in $(basename "$file")."
fi
done <<< "$existing_placeholders"
fi
}