LibrePortal/scripts/app/app_update_specifics.sh
librelad 46622cd2f9 feat(desudo): root-owned ownership helper (no blanket sudo chown needed)
Under Model A the runtime runs as the manager, so establishing the
/docker ownership model needs root. Granting the manager a blanket
'sudo chown'/'sudo chmod' in the scoped sudoers would be root-equivalent
(chown /etc/sudoers, ...). Introduce a self-contained, root-owned helper
that performs only a FIXED set of reconciles on FIXED LibrePortal paths,
with owners derived from config + a baked manager name (never the caller)
and a strictly-validated app-name argument.

- scripts/system/libreportal-ownership: the helper (actions: reconcile,
  traversal, containers-top, app-perms, webui, taskdir, app-data-nobody)
- run_privileged: runOwnership wrapper (sudo the installed helper; run the
  bundled copy directly when already root mid-install)
- init.sh: installOwnershipHelper bakes the manager name and installs it
  root:root 0755 to /usr/local/sbin (manager can't modify it)
- libreportal_folders/app_folder/app_update_specifics/task processor:
  delegate the ownership chowns to runOwnership instead of runSystem chown

This removes chown/chmod-on-/docker from the runtime sudo surface, a
prerequisite for a non-root-equivalent scoped sudoers.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 18:16:23 +01:00

46 lines
1.5 KiB
Bash
Executable File

#!/bin/bash
appUpdateSpecifics()
{
local app_name="$1"
# Initialize setup.
initializeAppVariables $app_name;
if [[ $app_name == "adguard" ]] || [[ $app_name == "pihole" ]]; then
if [[ $CFG_REQUIREMENT_DNS_UPDATER == "true" ]]; then
updateDNS $app_name install;
fi
# Split-horizon local DNS: app subdomains resolve to the box on the LAN.
declare -F setupLocalDnsRewrites >/dev/null 2>&1 && setupLocalDnsRewrites
fi
if [[ $app_name == "libreportal" ]]; then
webuiLibrePortalUpdate;
fi
if [[ $app_name == "dashy" ]]; then
# Refresh apps-services.json (the source of truth that
# appDashyUpdateConf reads) before generating dashy's conf.yml.
# On a first dashy install the file may not yet reflect dashy
# itself; on a re-install the previous selection survives.
webuiLibrePortalUpdate;
appDashyUpdateConf;
fi
if [[ $app_name == "focalboard" ]]; then
# Focalboard runs as nobody (65534) and writes its sqlite db + uploads
# under its mounted data dir; fixPermissionsBeforeStart hands the dir to
# the install user, so give it to 65534 here or the server can't open
# the database. Restart so it picks the dir up.
runOwnership app-data-nobody "$app_name";
shouldrestart="true";
fi
if [[ $shouldrestart == "true" ]]; then
dockerComposeRestart $app_name;
fi
isSuccessful "All application specific updates have been completed."
}