Under Model A the runtime runs as the manager, so establishing the /docker ownership model needs root. Granting the manager a blanket 'sudo chown'/'sudo chmod' in the scoped sudoers would be root-equivalent (chown /etc/sudoers, ...). Introduce a self-contained, root-owned helper that performs only a FIXED set of reconciles on FIXED LibrePortal paths, with owners derived from config + a baked manager name (never the caller) and a strictly-validated app-name argument. - scripts/system/libreportal-ownership: the helper (actions: reconcile, traversal, containers-top, app-perms, webui, taskdir, app-data-nobody) - run_privileged: runOwnership wrapper (sudo the installed helper; run the bundled copy directly when already root mid-install) - init.sh: installOwnershipHelper bakes the manager name and installs it root:root 0755 to /usr/local/sbin (manager can't modify it) - libreportal_folders/app_folder/app_update_specifics/task processor: delegate the ownership chowns to runOwnership instead of runSystem chown This removes chown/chmod-on-/docker from the runtime sudo surface, a prerequisite for a non-root-equivalent scoped sudoers. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
15 lines
501 B
Bash
Executable File
15 lines
501 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# Per-app structural permissions + ownership of the LibrePortal-managed files
|
|
# (config + compose) for every installed app. The actual chown/chmod run in the
|
|
# root-owned ownership helper (runOwnership) so the manager-run runtime needs no
|
|
# blanket sudo; the helper walks /docker/containers itself.
|
|
fixAppFolderPermissions()
|
|
{
|
|
local silent_flag="$1"
|
|
runOwnership app-perms
|
|
if [ "$silent_flag" == "loud" ]; then
|
|
checkSuccess "Updating app folder permissions."
|
|
fi
|
|
}
|