diff --git a/backend/src/routes/updates.rs b/backend/src/routes/updates.rs index 2338c46a..6ef0f866 100644 --- a/backend/src/routes/updates.rs +++ b/backend/src/routes/updates.rs @@ -7,7 +7,6 @@ use axum::{ }; use serde::{Deserialize, Serialize}; use std::process::Command; -use tokio::fs; use crate::AppState; @@ -256,14 +255,16 @@ pub async fn install_update( tracing::info!("Spawning update process for version {}", version_clone); // Check if we're running as root or need sudo - let use_sudo = unsafe { libc::geteuid() } != 0; + // On Unix systems, check effective user ID via USER env var + let use_sudo = std::env::var("USER").map(|u| u != "root").unwrap_or(true); let mut command = if use_sudo { let mut cmd = Command::new("sudo"); - cmd.arg("bash"); + // Use full path to bash for better compatibility with sudoers + cmd.arg("/bin/bash"); cmd } else { - Command::new("bash") + Command::new("/bin/bash") }; match command diff --git a/scripts/install.sh b/scripts/install.sh index a45f14c3..c744fff3 100644 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -282,7 +282,8 @@ create_service_user() { cat > /etc/sudoers.d/csf-core << EOF # Allow csf-core user to run update script without password $SERVICE_USER ALL=(ALL) NOPASSWD: /opt/csf-core/scripts/update.sh -$SERVICE_USER ALL=(ALL) NOPASSWD: /bin/bash /opt/csf-core/scripts/update.sh +$SERVICE_USER ALL=(ALL) NOPASSWD: /bin/bash /opt/csf-core/scripts/update.sh* +$SERVICE_USER ALL=(ALL) NOPASSWD: /usr/bin/bash /opt/csf-core/scripts/update.sh* EOF chmod 0440 /etc/sudoers.d/csf-core print_success "sudo-Zugriff für Updates konfiguriert"