From fe8c7f172460f0b811eb792f46508755bdef8308 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=C3=A4tzold?= Date: Mon, 16 Mar 2026 12:07:29 +0100 Subject: [PATCH] Bug: Set rights for client sw split function elog_add_command_subshell and elog_add_command --- system_setup/logon_script.sh | 2 +- system_setup/setup_system.inc.sh | 12 +++++++++++- system_setup/sync_client_software.sh | 4 ++-- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/system_setup/logon_script.sh b/system_setup/logon_script.sh index 0bf858c..2c11ce6 100755 --- a/system_setup/logon_script.sh +++ b/system_setup/logon_script.sh @@ -69,7 +69,7 @@ elog_add "Check the matching client rule:" # RETNO = 0 , but the Output of "sudo -l -l" must als be checked, if there is an Option !authenticate in the returnung string, otherwise a failed installation cannot be # divided from a missing sudo-rule # -elog_add_command "/usr/bin/sudo -n -l -l ${SYSCONFIGPATH}/system_setup/sync_client_software.sh" +elog_add_command_subshell "/usr/bin/sudo -n -l -l ${SYSCONFIGPATH}/system_setup/sync_client_software.sh" if [[ $RETNO -ne 0 ]]; then elog_add "Error was no $RETNO" elog_add "No matching IPA rule found for this user, so the user is not allowed to install software, skipping this." diff --git a/system_setup/setup_system.inc.sh b/system_setup/setup_system.inc.sh index 6ad41de..a730739 100644 --- a/system_setup/setup_system.inc.sh +++ b/system_setup/setup_system.inc.sh @@ -41,8 +41,18 @@ elog_add() { echo $@ | tee ${LOGFILE} -a } elog_add_command() { - #Run a command, capture all output (STD and ERR) to the logfile AND in variable RETTXT AND output to screen + #Run a command, capture output (STD and ERR) to the logfile AND in variable RETTXT AND output to screen #Returns the exit value of the command in $? and in RETNO + RETTXT=$( $@ > >(tee -a ${LOGFILE}) 2>&1 ) + RETNO=$? + echo "${RETTXT}" + return ${RETNO} +} +elog_add_command_subshell() { + # Special Version of above, where the command will be completely executed in a subshell. This is needed for some commands, that may output to + # something else than STD or ERR and otherwise cannot be captured completely. + # Benefit: Really catch everything that is send to output + # Disadvantage: Output wont't display directly, but only after finshed execution RETTXT=$( { $@ > >(tee -a ${LOGFILE}); } 2> >(tee -a ${LOGFILE}) ) RETNO=$? echo "${RETTXT}" diff --git a/system_setup/sync_client_software.sh b/system_setup/sync_client_software.sh index 52b50a9..1593f92 100755 --- a/system_setup/sync_client_software.sh +++ b/system_setup/sync_client_software.sh @@ -43,7 +43,7 @@ echo "Update or install Nextcloud client" SYNCCMD="sudo -i /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloudcmd com.nextcloud.desktopclient.nextcloud -h -u ${DAVTOKEN_USER} -p ${DAVTOKEN_PASS} --path ${CLIENT_SOFTWARE_SRC} ${CLIENT_SOFTWARE_DST} https://${SERVERFQDN_NC}" SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" ) chown root:${CLIENTADMINGROUP} -R ${CLIENT_SOFTWARE_DST} -chmod ug+rw,o-rwx -R ${CLIENT_SOFTWARE_DST} +chmod ug+rwX,o=r-X -R ${CLIENT_SOFTWARE_DST} echo "Exec: ${SYNCCMD_HIDDENPW}" echo "Sync Client Software" > ${LOGFILE} echo "====================" >> ${LOGFILE} @@ -64,7 +64,7 @@ if [[ $? -ne 0 ]]; then fi #Files must be owned by root (we are root!) chown root:${CLIENTADMINGROUP} -R ${CLIENT_SOFTWARE_DST} -chmod ug+rwX,o-rwx -R ${CLIENT_SOFTWARE_DST} +chmod ug+rwX,o=r-X -R ${CLIENT_SOFTWARE_DST} #Make all install.sh executable find ${CLIENT_SOFTWARE_DST} -type f -name install.sh -exec chmod ug+x {} \; if [ -f "${CLIENT_SOFTWARE_DST}/install.sh" ]; then