start_scan.sh runs updateDockerInstallPassword every system scan, doing `sudo passwd $CFG_DOCKER_INSTALL_USER` via runSystem. Model A's scoped sudoers grants only LP_HELPERS/LP_SYSTEM + run-as-install-user — not passwd — so at runtime (manager, non-root) it fails exit 1 every scan. This is the exact sibling of the updateDockerSudoPassword failure fixed in 9050a8c; that guard was added to the manager/sudo user but the dockerinstall user was missed, so error_report.log kept logging "Updating the password for the dockerinstall user" on every scan. The password is set at install (root path, startPreInstall → installDockerRootlessUser) and the rootless docker user is driven by tooling, not a password login, so the runtime re-sync is legacy + impossible under de-sudo. Guard it to skip unless EUID 0, mirroring the sudo-pass fix. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
19 lines
951 B
Bash
Executable File
19 lines
951 B
Bash
Executable File
#!/bin/bash
|
|
|
|
updateDockerInstallPassword()
|
|
{
|
|
# The rootless docker user's password is set at install (as root, from the
|
|
# startPreInstall → installDockerRootlessUser path). Under the de-sudo model
|
|
# the runtime runs AS the manager with a SCOPED sudoers that grants only
|
|
# LP_HELPERS/LP_SYSTEM + running-as-the-install-user — NOT `passwd`. So the
|
|
# per-scan re-sync from start_scan.sh can't work (sudo passwd is denied) and
|
|
# isn't needed (the user is operated via rootless-docker tooling, not a
|
|
# password login). Skip unless actually root, else every system scan fails
|
|
# this step. Twin of the updateDockerSudoPassword guard.
|
|
if [[ $EUID -ne 0 ]]; then
|
|
return 0
|
|
fi
|
|
local result; result=$(echo -e "$CFG_DOCKER_INSTALL_PASS\n$CFG_DOCKER_INSTALL_PASS" | runSystem passwd "$CFG_DOCKER_INSTALL_USER" > /dev/null 2>&1)
|
|
checkSuccess "Updating the password for the $CFG_DOCKER_INSTALL_USER user"
|
|
}
|