Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix]: UI upgrade now runs as the same user as the js-controller #2950

Merged
merged 6 commits into from
Oct 25, 2024
Merged

[fix]: UI upgrade now runs as the same user as the js-controller #2950

merged 6 commits into from
Oct 25, 2024

Conversation

foxriver76
Copy link
Collaborator

@foxriver76 foxriver76 commented Oct 22, 2024
edited
Loading

Link the issue which is closed by this PR

See this problem here https://forum.iobroker.net/topic/77574/änderungen-iob-cli-installer-fixer-mit-root-accounts/116?_=1729624052577

Implementation details

Currently the UI upgrade runs as root as the upgrade process needs to be started via systemd to survive the stop of the controller which runs as systemd itself. This has the downside that everything including npm is executed as root.
Hence, the /opt/iobroker/node_modules/iobroker.js-controller/ content and likely other modules touched by npm are now owned by root.

Due to permission errors it seems that the iobroker user cannot read the users file and is not able to start the systemd via sudo -u iobroker leading to

sudo: Unbekannter Benutzer iobroker
sudo: Fehler beim Initialisieren des Audit-Plugins sudoers_audit

Hence, we need another solution. This solution proposed here requires the controller to pass the current uid and gid to the upgrade process which then degrades itself from root to the given gid and uid.

Tests

  • I have added tests to avoid a recursion of this bug
  • It is not possible to test for this bug

If no tests added, please specify why it was not possible

Would need to upgrade the controller and a specific setup

@foxriver76 foxriver76 changed the title UI install permissions [fix]: UI upgrade now runs as the same user as the js-controller Oct 22, 2024
@foxriver76 foxriver76 merged commit 8055a25 into master Oct 25, 2024
12 checks passed
@foxriver76 foxriver76 deleted the ui-install-permissions branch October 25, 2024 16:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Apollon77 Apollon77 Apollon77 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@foxriver76 @Apollon77