librelad 92c0261ca4 refactor(de-sudo): config-plane + permission helpers off raw sudo
config_scan_variables + config_check_missing operate on the manager-owned
configs_dir -> runInstallOp (test/cat/cmp/cp/mkdir). Container-path chmods in
before_start (traefik) + config.sh -> runFileOp. Fix the 'sudo sudo chown'
double in root_file.sh -> runSystem chown (ownership establishment).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 17:03:19 +01:00

35 lines
1.4 KiB
Bash
Executable File

#!/bin/bash
fixPermissionsBeforeStart()
{
local app_name="$1"
local flag="$2"
if [[ $flag == "update" ]]; then
isHeader "Updating File/Folder Permissions"
fi
fixAppFolderPermissions;
changeRootOwnedFile $docker_dir/$db_file $sudo_user_name
# The regenerable WebUI dir is reconciled to the mode's container owner via
# the shared helper (same code path as install + switch). Third-party app
# data ownership is established at install/restore time, not blanket-chowned
# here — a wrong-owner chown would break permission-strict apps.
if [[ "$app_name" == "libreportal" ]]; then
reconcileWebuiDirOwnership
fi
# Traefik
if [ -f "${containers_dir}traefik/etc/certs/acme.json" ]; then
updateFileOwnership "${containers_dir}traefik/etc/certs/acme.json" $docker_install_user $docker_install_user
local result=$(runFileOp chmod 600 "${containers_dir}traefik/etc/certs/acme.json")
checkSuccess "Set permissions to acme.json file for traefik"
fi
if [ -f "${containers_dir}traefik/etc/traefik.yml" ]; then
updateFileOwnership "${containers_dir}traefik/etc/traefik.yml" $docker_install_user $docker_install_user
local result=$(runFileOp chmod 600 "${containers_dir}traefik/etc/traefik.yml")
checkSuccess "Set permissions to traefik.yml file for traefik"
fi
}