Exhaustive audit (workflow: 19 finders + adversarial per-file verify; 85 raw -> 66 unique -> 39 confirmed) found 36 direct writes into the container-owned tree that bypass runFileOp/runFileWrite/runCfgOp (manager => EACCES in rootless) plus 3 $?-masking sites. Fixes by area: - apps: grafana + prometheus install hooks (sudo chmod -> runFileOp chmod); gluetun provider etag (tee -> runFileWrite). - webui generators: task-create (10 sites: mkdir/chown/tee/jq|tee/sed|tee -> runFileOp/runFileWrite); app-icons (mkdir/cp/mv); config icon cp; system metrics + update throttle stamps (runAsManager touch -> runFileOp touch); setup-lock rm; updater history seed + cp. - task health checker: 4 log writes (tee -a -> runFileWrite -a) + 3 find -delete (-> runFileOp find). - config reconcile: backup cp -> runCfgOp; live cp -> runFileWrite < tmp for container-owned configs (the container user can't read a manager 0600 tmp). - peer pull: tar extract into the container tree -> runFileOp tar. - masking: ip_find_available + folder_group(x2) — split 'local VAR=$(cmd)' so $? reaches the following [[ $? ]] check. 15 files, all pass bash -n; fixed idioms confirmed gone. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
44 lines
1.4 KiB
Bash
Executable File
44 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
changeUserGroupOnFolder()
|
|
{
|
|
local source_user="$1"
|
|
local target_user="$2"
|
|
local directory="$3"
|
|
|
|
# Check if the source user exists
|
|
id "$source_user" > /dev/null 2>&1
|
|
if [ $? -ne 0 ]; then
|
|
isError " Source user '$source_user' does not exist."
|
|
fi
|
|
|
|
# Check if the target user exists
|
|
id "$target_user" > /dev/null 2>&1
|
|
if [ $? -ne 0 ]; then
|
|
isError " Target user '$target_user' does not exist."
|
|
fi
|
|
|
|
# Check if the directory exists
|
|
if [ ! -d "$directory" ]; then
|
|
isError "Directory '$directory' not found."
|
|
fi
|
|
|
|
local result; result=$(find "$directory" -user "$source_user" -exec chown "$target_user" {} +)
|
|
checkSuccess "Updating $directory user to be $target_user... This may take a while..."
|
|
|
|
# Check if the source group exists
|
|
local source_group; source_group=$(id -g -n "$source_user")
|
|
if [ $? -ne 0 ]; then
|
|
isError "Unable to determine source group for user '$source_user'."
|
|
fi
|
|
|
|
# Check if the target group exists
|
|
local target_group; target_group=$(id -g -n "$target_user")
|
|
if [ $? -ne 0 ]; then
|
|
isError "Unable to determine target group for user '$target_user'."
|
|
fi
|
|
|
|
local result; result=$(find "$directory" -group "$source_group" -exec chgrp "$target_group" {} +)
|
|
checkSuccess "Updating $directory group to be $target_user... This may take a while..."
|
|
}
|