Moved local dir to /opt/sys_config

Improved error logging and added function handling calls with log and return values
Improved check for matching sudo rule

client_software/.gitignore

@@ -0,0 +1 @@
+.sync_*.db

client_software/0010_nextcloud_desktopclient/install.sh

@@ -0,0 +1,79 @@
+#!/usr/bin/env sh
+# SPDX-FileCopyrightText: Daniel Pätzold
+# SPDX-License-Identifier: AGPL-3.0-or-later
+#
+# Sofwareinstallation script for Nextcloud Desktop
+#
+echo "Setup Nextcloud- Sync"
+
+#Check for root
+if [ "$EUID" -ne 0 ]; then
+    echo "Error: Script requires root. Please check if ${SCRIPTPATH}/${SCRIPTNAME} is in sudoers rules and if you are a member. And if executed via sudo."
+    exit 1
+fi
+
+#Check Token
+if [ "${DAVTOKEN_USER}." == "." ]; then
+    echo "Error: Script cannot be executed standalone and needs a prereserved Environment. Quit."
+    exit 1
+fi
+
+#Check if Option is Configured to use Nextcloud Desktop Data- Sync
+if [ "${CLIENT_DATA_DST}." == "." ]; then
+    echo "CLIENT_DATA_DST not set, skipping setup of Nextcloud Desktop sync of Data-Directory"
+    exit 0
+fi
+
+#Local Vars
+BASECMD="/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloud com.nextcloud.desktopclient.nextcloud"
+SYNCCMD="$BASECMD --userid ${DAVTOKEN_USER} --apppassword ${DAVTOKEN_PASS} --localdirpath ${CLIENT_DATA_DST} --remotedirpath ${CLIENT_DATA_SRC} --serverurl https://${SERVERFQDN_NC}"
+SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" )
+
+#Check if Nextcloud was already setup
+if grep -q "localPath=${CLIENT_DATA_DST}" "/${SUDO_HOME}/.var/app/com.nextcloud.desktopclient.nextcloud/config/Nextcloud/nextcloud.cfg"; then
+    SETUP_NEEDED="0"
+else
+    SETUP_NEEDED="1"
+fi
+
+#Remove Nextcloud from autostart - if it was started befor the ecrypted mount, i will never sync and always throw an error that the local dir is missing
+if [ -f "$SUDO_HOME/.config/autostart/com.nextcloud.desktopclient.nextcloud.desktop" ]; then
+  echo "Remove Autostart Nextcloud"
+  rm $SUDO_HOME/.config/autostart/com.nextcloud.desktopclient.nextcloud.desktop
+  #Stopping Nextcloud
+  su -c "$BASECMD --quit 1>/dev/null 2>/dev/null" $SUDO_USER
+  sleep 5
+fi
+
+if [ $SETUP_NEEDED = "0" ]; then
+    echo "Nextcloud was already setup, skipping configure and starting Service"
+    echo "If you want to reset, please delete the Folder [HOME]/.var/app/com.nextcloud.desktopclient.nextcloud manually."
+    echo "Command: rm -ri ~/.var/app/com.nextcloud.desktopclient.nextcloud/"
+    su -c "nohup ${BASECMD} 1>/dev/null 2>/dev/null &" $SUDO_USER
+    exit $?
+fi
+
+#No check for installed Nextcloud needed, because it will be installed by calling script sync_client_software.sh
+
+echo "Syncing Files from remote ${CLIENT_DATA_SRC} to local ${CLIENT_DATA_DST}"
+if [ -d "${CLIENT_DATA_DST}" ]; then
+    echo "Old unsynced Foler ${CLIENT_DATA_DST} was found, renaming to ${CLIENT_DATA_DST}_bak."
+    mv "${CLIENT_DATA_DST}" "${CLIENT_DATA_DST}_bak"
+fi
+su -c "mkdir -p ${CLIENT_DATA_DST}" $SUDO_USER
+#Cleanup Nextcloud Configuration completely, while otherwise, the configure will not work
+echo "Remove $SUDO_HOME/.var/app/com.nextcloud.desktopclient.nextcloud"
+rm -rif "$SUDO_HOME/.var/app/com.nextcloud.desktopclient.nextcloud"
+
+#echo "Exec as $SUDO_USER: ${SYNCCMD}"
+echo "Exec as $SUDO_USER: ${SYNCCMD_HIDDENPW}"
+su -c "${SYNCCMD}" $SUDO_USER
+if [ $? -ne 0 ]; then
+    echo "=========== !!! ========================"
+    echo "Error: It looks like this did not work!"
+    echo "Please check the above output!"
+    exit 1
+fi
+# Now start Nextcloud
+su -c "nohup ${BASECMD} 1>/dev/null 2>/dev/null &" $SUDO_USER
+echo "Done Setup of Nextcloud."

client_software/0030_desktop/Firefox.desktop

@@ -0,0 +1,17 @@
+[Desktop Entry]
+Comment[de_DE]=
+Comment=
+Exec=/opt/sys_config/system_setup/mozilla_starter.sh firefox run
+GenericName[de_DE]=
+GenericName=
+Icon=firefox
+MimeType=
+Name[de_DE]=Firefox
+Name=Firefox
+Path=/opt/sys_config/system_setup
+StartupNotify=true
+Terminal=true
+TerminalOptions=
+Type=Application
+X-KDE-SubstituteUID=false
+X-KDE-Username=

client_software/0030_desktop/Thunderbird.desktop

@@ -0,0 +1,17 @@
+[Desktop Entry]
+Comment[de_DE]=
+Comment=
+Exec=/opt/sys_config/system_setup/mozilla_starter.sh thunderbird run
+GenericName[de_DE]=
+GenericName=
+Icon=thunderbird
+MimeType=
+Name[de_DE]=Thunderbird
+Name=Thunderbird
+Path=/opt/sys_config/system_setup
+StartupNotify=true
+Terminal=true
+TerminalOptions=
+Type=Application
+X-KDE-SubstituteUID=false
+X-KDE-Username=

client_software/0030_desktop/install.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env sh
+# SPDX-FileCopyrightText: Daniel Pätzold
+# SPDX-License-Identifier: AGPL-3.0-or-later
+#
+# Sofwareinstallation script for Nextcloud Talk.
+#
+
+#Check for root
+if [ "$EUID" -ne 0 ]; then
+    echo "Error: Script requires root. Please check if ${SCRIPTPATH}/${SCRIPTNAME} is in sudoers rules and if you are a member. And if executed via sudo."
+    exit 1
+fi
+
+cp -n *.desktop $SUDO_HOME/Schreibtisch
+chown $SUDO_USER:$SUDO_USER $SUDO_HOME/Schreibtisch/*.desktop

client_software/0110_nextcloud_talk_app/.gitignore

@@ -0,0 +1 @@
+Nextcloud.Talk-linux-x64.flatpak

client_software/0110_nextcloud_talk_app/com.nextcloud.talk.desktop

@@ -0,0 +1,10 @@
+[Desktop Entry]
+Categories=Network;InstantMessaging;Chat;VideoConference;
+Comment=Official desktop client for Nextcloud Talk
+Exec=/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=electron-wrapper --file-forwarding com.nextcloud.talk @@u %U @@
+GenericName=Video and Chat Communication
+Icon=com.nextcloud.talk
+Name=Nextcloud Talk
+StartupNotify=true
+Type=Application
+X-Flatpak=com.nextcloud.talk

client_software/0110_nextcloud_talk_app/install.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env sh
+# SPDX-FileCopyrightText: Daniel Pätzold
+# SPDX-License-Identifier: AGPL-3.0-or-later
+#
+# Sofwareinstallation script for Nextcloud Talk.
+#
+
+#Check for root
+if [ "$EUID" -ne 0 ]; then
+    echo "Error: Script requires root. Please check if ${SCRIPTPATH}/${SCRIPTNAME} is in sudoers rules and if you are a member. And if executed via sudo."
+    exit 1
+fi
+
+FILENAME="Nextcloud.Talk-linux-x64.flatpak"
+SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
+if [ ${SCRIPTPATH::2} == "//" ]; then
+    SCRIPTPATH=${SCRIPTPATH:1}
+fi
+echo "Getting new Version online and saving File to ${SCRIPTPATH}/${FILENAME}"
+wget -q -P ${SCRIPTPATH} --timestamping https://github.com/nextcloud-releases/talk-desktop/releases/latest/download/${FILENAME}
+
+# Not needed: Package has no Version, but internal Commit should be automagically detected, see "flatpak list -d"
+#INSTINFO=$( /usr/bin/flatpak list --columns=app,version | grep com.nextcloud.talk )
+
+#Hint: If this fails, try to remove and Download the File again
+
+# Install or update Talk - always in Superuser- Mode
+# As User you may install Talk in userspace (with -u), but you cannot update the runtime org.freedesktop.Platform/x86_64/XX.YY
+# So it does not make any sense to install as user
+/usr/bin/flatpak install -y --or-update --noninteractive --bundle ${SCRIPTPATH}/${FILENAME} && echo Done Install of ${FILENAME}
+
+#TODO: Check if Talk is installed - if not, exit 1
+
+exit 0
+
+#Start App - is not working, always quits with that shell
+#nohup /usr/bin/flatpak run -u --branch=stable --arch=x86_64 --command=electron-wrapper --file-forwarding com.nextcloud.talk --background >/dev/null &
+#/usr/bin/flatpak run -u --branch=stable --arch=x86_64 --command=electron-wrapper --file-forwarding com.nextcloud.talk --background @@u %U @@ >/dev/null 2>&1 &

client_software/README.md

@@ -0,0 +1,7 @@
+Central Software installation script Repository
+Must be executed from script ../sync_client_software.sh
+
+The install script here will check for the right environment, and execute the install.sh script in each directory.
+
+Be sure to name the directories to get sorted the right way.
+E.g. you may use all base installations with directories beginning with numbers < 0100 and all additional apps with numbers > 0100

client_software/install.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env sh
+# SPDX-FileCopyrightText: Daniel Pätzold
+# SPDX-License-Identifier: AGPL-3.0-or-later
+#
+# Central sofwareinstallation script. Should be called from ""/sys_config/system_setup/sync_client_software.sh install"
+#
+if [ "$EUID" -ne 0 ] || [ "$SUDO_USER." == "." ]; then
+    echo "Error: Script requires root privileges and a sudo environment."
+    exit 1
+fi
+
+#Check Token
+if [ "${DAVTOKEN_USER}." == "." ]; then
+    echo "Error: Script cannot be executed standalone and needs a prereserved environement from logon-script."
+    echo "To get executed without password prompt, use the NOPASSWD rule in sudo. In FreeIPA you can use the sudo-option !authenticate in the sudo rule."
+    echo "Additionally add the sudo command to the rule: ^\/sys_config\/system_setup\/sync_client_software\.sh.*$"
+    echo "Press any key to continue" && read -n 1 -s -r && exit 1
+fi
+
+echo "Installing additional Software."
+for DIR in $(ls -d /${SCRIPTPATH}/*/ | sort);     # list directories in the form "/tmp/dirname/"
+do
+    DIR=${DIR%*/}      # remove the trailing "/"
+    if [ -f "${DIR}/install.sh" ]; then
+        echo "*** ==================== ***"
+        echo "*** Installing ${DIR##*/} ***" # print everything after the final "/"
+        cd ${DIR}
+        ${DIR}/install.sh
+        if [ $? -ne 0 ]; then
+          echo "*** ==================== ***"
+          echo "Some Error in script, will not continue. Please check."
+          echo "Press any key to continue."
+          read -n 1 -s -r
+          cd ${SCRIPTPATH}
+          exit 1
+        fi
+        echo "*** ==================== ***"
+    fi
+done
+cd ${SCRIPTPATH}
+
+#Last, remove unused Flatpak- Runtimes and unused Data
+echo "Removing unused Flatpak- Data."
+flatpak uninstall --unused -y
+su -c "flatpak uninstall --delete-data -y" $SUDO_USER
+echo "Sucessfully Installed Software."

system_setup/logon_script.sh

@@ -14,7 +14,7 @@ elog_add "Logging to File ${LOGFILE}"
 
 if [ "$EUID" -eq 0 ]; then
     elog_add "Error: Cannot run this script as root."
-    exit 1
+    echo "Press any key to continue" && read -n 1 -s -r && exit 1
 fi
 
 #TODO C: Check if Desktop is KDE/Plasma and support other Displays
@@ -22,51 +22,62 @@ fi
 kwriteconfig5 --file kdesurc --group super-user-command --key super-user-command sudo
 if [ $? -ne 0 ]; then
     elog_add "This script should be run in KDE- Desktop. The setup of kwriteconfig5 has failed. Please check, if you are using KDE."
-    exit 1
+    echo "Press any key to continue" && read -n 1 -s -r && exit 1
 fi
 
 #Copy current Version of Autostart-Entry
+rm -f "${HOME}/.config/autostart/logon_script.sh.desktop"
 cp "${SCRIPTPATH}/logon_script.sh.desktop" "${HOME}/.config/autostart"
 if [ $? -ne 0 ]; then
     elog_add "Failed to setup autostart- entry. Check your installation of these scripts."
-    exit 1
+    echo "Press any key to continue" && read -n 1 -s -r && exit 1
 fi
 
 # Mount the private Directory
-if [ ${IPAVAULTUSE} == "true" ]; then
-    ./mount_ecrypt_home.sh
-else
-    ./mount_nocrypt_home.sh
-fi
+elog_add_command "${SYSCONFIGPATH}/system_setup/mount_ecrypt_home.sh"
 if [ $? -ne 0 ]; then
     elog_add "Some Error when mounting private Directory, cannot continue. Your Data will not be available."
+    elog_add "The script was searched by SYSCONFIGPATH in directory ${SYSCONFIGPATH}, please check if your setup is correct."
     elog_add "If you want to redo this script here, execute ${SCRIPTPATH}/${SCRIPTNAME}"
-    echo "Press any key to continue"
-    read -n 1 -s -r
-    exit 1
+    echo "Press any key to continue" && read -n 1 -s -r && exit 1
 fi
 
 #Get WEBDAV TOKEN from Nextcloud
 get_nc_token
+if [ $? -ne 0 ]; then
+    elog_add "Some Error when mounting private Directory, cannot continue. Your Data will not be available."
+    echo "Press any key to continue" && read -n 1 -s -r && exit 1
+fi
 elog_add "Successfully obtained Token for User ${DAVTOKEN_USER}"
 
 #Install Software
-elog_add "==="
-elog_add "Update and install client Software"
-# Without sudoers-rule for run without asking for password, it won't run and quit complaining about not askpass utilities found
-# Hint: To get this working, create a new ipa rule with options "!authenticate" and "setenv"
-# And also add the following sudo-rule: "^\/sys_config\/system_setup\/sync_client_software\.sh.*$"
-/usr/bin/sudo -A --preserve-env /sys_config/system_setup/sync_client_software.sh install 2>&1 | tee ${LOGFILE} -a | grep -v askpass
-INST_RET=$?
-INST_OUT=$( cat ${LOGFILE} )
-if [[ $INST_RET -ne 0 ]]; then
-    if [[ $INST_OUT == *"askpass"* ]]; then
-        elog_add "Not doing Software Updates, as your user is not allowed to execute the script without a password."
-        elog_add "If you want to change this, make a FreeIPA sudoers rule for the script sync_client_software.sh with !authenticate for you and become a member."
-    else
-        elog_add "*** Error executing software sync and install, please check your output! ***"
-        # TODO: This is not working due to the above Command. Redesign command to make it work
-        exit 1
+elog_add ""
+elog_add "Update and install client software"
+
+# First, check the sudo rule
+elog_add "Check the matching client rule:"
+#Somewhat strange sudo -l will ask for password instead of just checking if the rule can be found, so it needs -n to be silent
+# The behaviour will be:
+# If a matching rule with !authenticate is found, no passwd will be asked and retno is 0
+# If there is a rule matching with no !authenticate, then a password would be asked. This is prevented, so there will only be the
+# error "a password is needed" an retno is 1
+# If there is no sudo rule at all, it will only set retno to 1
+elog_add_command "/usr/bin/sudo -n -l ${SYSCONFIGPATH}/system_setup/sync_client_software.sh"
+if [[ $RETNO -ne 0 ]]; then
+    elog_add "Error was no $RETNO"
+    elog_add "No matching IPA rule found for this user, so the user is not allowed to install software, skipping this."
+    elog_add "If you want to change: Please check the sudo rules in ipa and your group membership."
+    elog_add "Hint: the rule must contain the !authenticate and setenv option to work."
+    elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
+else
+    elog_add "Matching Sudo rule found."
+    elog_add_command "/usr/bin/sudo -n --preserve-env ${SYSCONFIGPATH}/system_setup/sync_client_software.sh install"
+    #ERRTXT=$( { /usr/bin/sudo -n --preserve-env ${SYSCONFIGPATH}/system_setup/sync_client_software.sh install > >(tee -a ${LOGFILE}); } 2>&1 )
+    #ERR=$?
+    if [[ $RETNO -ne 0 ]]; then
+        elog_add "Errorcode was $RETNO"
+        elog_add "Error executing software sync and install, please check your output!"
+        echo "Press any key to continue" && read -n 1 -s -r && exit 1
     fi
 fi
 

system_setup/logon_script.sh.desktop

@@ -1,19 +1,7 @@
 #!/usr/bin/env xdg-open
 [Desktop Entry]
-Comment[de_DE]=
-Comment=
-Exec=/usr/bin/konsole --fullscreen --hide-tabbar --hide-menubar -e /sys_config/system_setup/logon_script.sh
-GenericName[de_DE]=
-GenericName=
+Exec=/usr/bin/konsole --fullscreen --hide-tabbar --hide-menubar -e /opt/sys_config/system_setup/logon_script.sh
 Icon=application-x-shellscript
-MimeType=
-Name[de_DE]=logon_script.sh
 Name=logon_script.sh
-Path=/sys_config/system_setup
-StartupNotify=true
-Terminal=false
-TerminalOptions=
 Type=Application
 X-KDE-AutostartScript=true
-X-KDE-SubstituteUID=false
-X-KDE-Username=

system_setup/mount_ecrypt_home.sh

@@ -19,6 +19,22 @@ if [ $? -eq 0 ]; then
     exit 0
 fi
 
+if [ ${IPAVAULTUSE} == "false" ]; then
+    #No encryption configured, will warn, but will continue
+    echo "Warning: Encryption is turned off by configuration (IPAVAULTUSE is set to false)!"
+    echo "This makes your private data readable by anyone having access to the harddrive. Will continue, but this is not safe!"
+    echo
+    mkdir -p ${DECRYPTEDDATADIR}
+    RETNO=$?
+    if [ ${RETNO} -eq 0 ]; then
+        echo "Private Directory set to ${DECRYPTEDDATADIR}"
+    else
+        echo "Error setting up Directory ${DECRYPTEDDATADIR}"
+    fi
+    ENCKEY=""
+    exit ${RETNO}
+fi
+
 #Test for connectivity
 curl -I https://${SERVERFQDN_IPA}/ipa/session/json >/dev/null 2>&1
 if [ $? -ne 0 ]; then

system_setup/mount_nocrypt_home.sh

@@ -1,32 +0,0 @@
-#!/bin/sh
-# SPDX-FileCopyrightText: Daniel Pätzold
-# SPDX-License-Identifier: AGPL-3.0-or-later
-#
-# 30.12.2025 - Currently, the basic Encryption- System of FreeIPA is NOT WORKING due to failing KRA- Install at FreeIPA
-# I created an Issue for that: https://github.com/dogtagpki/pki/issues/5242
-# So we will skip encryption completely!
-
-source $(dirname "$0")/setup_system.inc.sh
-EXECDIR=$(pwd)
-
-#Check if Directory is alread mounted
-grep ${DECRYPTEDDATADIR} /etc/mtab >/dev/null
-if [ $? -eq 0 ]; then
-    #Directory is already mounted
-    echo "It looks like the directory is already mounted. Not mounting again."
-    exit 0
-fi
-
-#Setup and use encrypted filesystem
-if [ ! -d "${DECRYPTEDDATADIR}" ]; then
-  #Key has been obtained, but no Directory was created till know
-  echo "First Setup of encryption: Creating new Directories now"
-  mkdir -p ${DECRYPTEDDATADIR}
-  if [ $? -eq 0 ]; then
-    echo "Sucessfully mounted encrypted private Directory ${DECRYPTEDDATADIR}"
-    exit 0
-  else
-    echo "Errorcode ${RETAVAL}"
-    exit 1
-  fi
-fi

system_setup/setup_system.conf.dist

@@ -6,7 +6,7 @@ export TLDOMAIN=domain.tld
 export DOMAIN=clients.${TLDOMAIN}
 export SERVERFQDN_IPA=ipa.${TLDOMAIN} # Needs to be the IPA- Server
 export SERVERFQDN_NC=nextcloud.${TLDOMAIN}
-export SYSCONFIGPATH="/sys_config"
+export SYSCONFIGPATH="/opt/sys_config"
 export INSTALLDOCS="https://gitea.dtext.online/obel1x/fedora-OEMDRV/src/branch/main/README.md"
 export CLIENTADMINGROUP="clientadmins"
 
@@ -19,8 +19,8 @@ fi
 export FQDN=${HOSTNM}.${DOMAIN}
 
 #Additional Client-Software- Repository-Folder in Nextcloud (Shared Folder / Systemwide)
-export CLIENT_SOFTWARE_DST="/opt/client_software" # Optional. If you don't have a Folder that should always be synced, leave this empty
-export CLIENT_SOFTWARE_SRC="/Shared/sw_geteilt/client_software"
+export CLIENT_SOFTWARE_DST="/opt/sys_config/client_software" # Optional. If you don't have a Folder that should always be synced, leave this empty
+export CLIENT_SOFTWARE_SRC="/Shared/sw_geteilt/client_software" Set to the Nextcloud directory where the software should come from
 
 #Secure File Encryption
 #Needs a running KRA- Service on FreeIPA

system_setup/setup_system.inc.sh

@@ -14,11 +14,11 @@
 #    fi
 #    return 0
 #}
-if [ ! -f $(pwd)/setup_system.conf ]; then
+if [ ! -f $(dirname "$0")/setup_system.conf ]; then
     echo "System configuration not found. Please make a copy of setup_system.conf.dist, name it setup_system.conf and check the settings in it before running."
-    exit 1
+    echo "Press any key to continue" && read -n 1 -s -r && exit 1
 fi
-source $(pwd)/setup_system.conf
+source $(dirname "$0")/setup_system.conf
 
 #Check if the Data- Directory is encrypted
 check_data_isecrypted() {
@@ -32,11 +32,21 @@ check_data_isecrypted() {
 
 # Functions for logging
 elog_init() {
+    #Create a new logfile and put some text in it
     echo $@ | tee ${LOGFILE}
 }
 elog_add() {
+    #Append some text to the logile
     echo $@ | tee ${LOGFILE} -a
 }
+elog_add_command() {
+    #Run a command, capture all output (STD and ERR) to the logfile AND in variable RETTXT AND output to screen
+    #Returns the exit value of the command in $? and in RETNO
+    RETTXT=$( { $@ > >(tee -a ${LOGFILE}); } 2> >(tee -a ${LOGFILE}) )
+    RETNO=$?
+    echo "${RETTXT}"
+    return ${RETNO}
+}
 
 # Will set variable DAVTOKEN_USER and DAVTOKEN_PASS to the stored value or get a new one
 get_nc_token() {

system_setup/sync_client_software.sh

@@ -9,15 +9,15 @@ source $(dirname "$0")/setup_system.inc.sh
 #Check for root
 if [ "$EUID" -ne 0 ]; then
     echo "Error: Script requires root privileges. It should be executed via logon-script and not standalone."
-    exit 1
+    echo "Press any key to continue" && read -n 1 -s -r && exit 1
 fi
 
 #Check Token
 if [ "${DAVTOKEN_USER}." == "." ]; then
-    echo "Error: Script cannot be executed standalone and needs a prereserved environement from logon-script."
-    echo "To get executed without password prompt, use the NOPASSWD rule in sudo. In FreeIPA you can use the sudo-option !authenticate in the sudo rule."
-    echo "Additionally add the sudo command to the rule: ^\/sys_config\/system_setup\/sync_client_software\.sh.*$"
-    exit 1
+    echo "Error: Script cannot be executed standalone, must be run with a matching sudo rule and needs a prereserved environement from logon-script."
+    elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
+    elog_add "Hint: the rule must contain the !authenticate and setenv option to work."
+    echo "Press any key to continue" && read -n 1 -s -r && exit 1
 fi
 
 #Check if Repository is defined