Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion backend/src/routes/updates.rs
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,18 @@ pub async fn install_update(
tokio::spawn(async move {
tracing::info!("Spawning update process for version {}", version_clone);

match Command::new("sh")
// Check if we're running as root or need sudo
let use_sudo = unsafe { libc::geteuid() } != 0;

let mut command = if use_sudo {
let mut cmd = Command::new("sudo");
cmd.arg("bash");
cmd
} else {
Command::new("bash")
};

match command
.arg(&script_path_clone)
.arg(&version_clone)
.stdout(std::process::Stdio::piped())
Expand Down
10 changes: 10 additions & 0 deletions scripts/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,16 @@ create_service_user() {
print_success "Benutzer '$SERVICE_USER' erstellt"
fi

# Configure sudo access for update script (passwordless, specific command only)
print_step "Konfiguriere sudo-Zugriff für Updates..."
cat > /etc/sudoers.d/csf-core << EOF
# Allow csf-core user to run update script without password
$SERVICE_USER ALL=(ALL) NOPASSWD: /opt/csf-core/scripts/update.sh
$SERVICE_USER ALL=(ALL) NOPASSWD: /bin/bash /opt/csf-core/scripts/update.sh
EOF
chmod 0440 /etc/sudoers.d/csf-core
print_success "sudo-Zugriff für Updates konfiguriert"

# Add user to docker group if Docker is installed
if command -v docker &> /dev/null; then
if getent group docker > /dev/null 2>&1; then
Expand Down
Loading