Convert the remaining ad-hoc 'sudo' calls across the data plane to the run_privileged helpers so every file op lands as the correct owner with no blanket root: - DB/configs (manager-owned): db_list_all_apps, delete_db_file, install_sqlite, cli_webui_commands -> runInstallOp - containers (dockerinstall-owned): scan_container_socket, delete_data, webui_task_files, webui_app_log, webui_config_patch, application_missing_variables, uninstall_app -> runFileOp/runFileWrite - genuine root: passwd, tailscale, ufw-docker, sysctl grep, systemd unit read, authorized_keys read, nobody chown -> runSystem - interactive editors and 'id -u': drop sudo entirely (run as caller) - owncloud/adguard container-UID config edits -> runSystem (funnel; docker-exec rework deferred) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
16 lines
595 B
Bash
Executable File
16 lines
595 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# Reconcile each application's config ($containers_dir/<app>/<app>.config) against
|
|
# its freshly-cloned template ($install_containers_dir). See reconcileConfigFile.
|
|
checkApplicationsConfigFilesMissingVariables()
|
|
{
|
|
local live app remote
|
|
while IFS= read -r live; do
|
|
app=$(basename "$live" .config)
|
|
remote="$install_containers_dir$app/$app.config"
|
|
reconcileConfigFile "$live" "$remote"
|
|
done < <(runFileOp find "$containers_dir" -maxdepth 2 -type f -name '*.config' ! -name '*.bak')
|
|
|
|
isSuccessful "Application config reconciliation completed."
|
|
}
|