librelad a3afb2aeae feat(model-a): run app as manager; route bare docker calls through runFileOp
Model A prototype (run start.sh AS the manager, escalate only via helpers):
- check_root.sh: accept the manager user, not root-only (init.sh keeps its own
  install-time root check).
- init.sh: guard the top-level root-check + installer entrypoint with
  BASH_SOURCE!=$0 so it runs ONLY when init.sh is executed directly; when
  start.sh sources it as the manager the entrypoint (and its root check) no
  longer fires.

Also: convert bare daemon-touching 'docker' calls (no helper -> hit the
nonexistent /var/run socket in rootless) to runFileOp docker across
app_status, app_health_*, network_prune, ip_is_available, check_docker_network,
backup_db (db dumps) and crontab_check_processor. cd&&compose rooted-branches
and 'docker compose --version' checks left as-is (rooted-only / no daemon).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 16:53:37 +01:00

17 lines
550 B
Bash
Executable File

#!/bin/bash
checkRootRequirement()
{
if [[ $CFG_REQUIREMENT_ROOT == "true" ]]; then
# Model A least-privilege: the app runs AS the manager user and escalates
# only specific commands via runSystem, so accept the manager as well as
# root — not root-only. (init.sh keeps its own install-time root check.)
local mgr="${sudo_user_name:-libreportal}"
if [[ $EUID -eq 0 || "$(id -un)" == "$mgr" ]]; then
isSuccessful "Running as $(id -un)."
else
echo "This script must be run as root or the manager user ($mgr)."
exit 1
fi
fi
}