Initial Commit

setup_web_permissions.sh

@@ -0,0 +1,102 @@
+#!/bin/bash
+
+# LED Matrix Web Interface Setup Script
+# Combines permissions fixes, sudoers configuration, and service file check
+
+set -e
+
+echo "=== LED Matrix Web Interface Setup ==="
+
+WEB_USER=$(whoami)
+PROJECT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+echo "Detected web interface user: $WEB_USER"
+echo "Project directory: $PROJECT_DIR"
+
+if [ "$EUID" -eq 0 ]; then
+    echo "Error: Do not run this script as root."
+    echo "Run it as the user that will run the web interface (e.g. pi)."
+    exit 1
+fi
+
+echo ""
+echo "This script will:"
+echo "1. Add $WEB_USER to 'systemd-journal' and 'adm' groups"
+echo "2. Fix ownership and permissions for config.json and assets/sponsors"
+echo "3. Configure passwordless sudo for service control and reboot"
+echo "4. Check for ledmatrix-web.service file"
+echo ""
+
+read -p "Proceed with setup? (y/N): " -n 1 -r
+echo
+[[ ! $REPLY =~ ^[Yy]$ ]] && echo "Cancelled." && exit 0
+
+# --- Group memberships ---
+echo "Adding $WEB_USER to groups..."
+sudo usermod -a -G systemd-journal "$WEB_USER" && echo "✓ systemd-journal"
+sudo usermod -a -G adm "$WEB_USER" && echo "✓ adm"
+
+# --- File ownership/permissions ---
+echo "Fixing file permissions..."
+sudo chown -R "$WEB_USER:$WEB_USER" "$PROJECT_DIR"
+sudo mkdir -p "$PROJECT_DIR/assets/sponsors"
+sudo chown -R "$WEB_USER:$WEB_USER" "$PROJECT_DIR/assets/sponsors"
+
+if [ -f "$PROJECT_DIR/config/config.json" ]; then
+    sudo chmod 644 "$PROJECT_DIR/config/config.json"
+    echo "✓ config.json permissions set"
+else
+    echo "⚠ config/config.json not found"
+fi
+
+# --- Sudoers configuration ---
+echo "Configuring sudoers..."
+PYTHON_PATH=$(which python3)
+SYSTEMCTL_PATH=$(which systemctl)
+REBOOT_PATH=$(which reboot)
+POWEROFF_PATH=$(which poweroff)
+BASH_PATH=$(which bash)
+
+TEMP_SUDOERS="/tmp/ledmatrix_web_sudoers_$$"
+cat > "$TEMP_SUDOERS" << EOF
+# LED Matrix Web Interface sudo rules
+$WEB_USER ALL=(ALL) NOPASSWD: $REBOOT_PATH
+$WEB_USER ALL=(ALL) NOPASSWD: $POWEROFF_PATH
+$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH start ledmatrix.service
+$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH stop ledmatrix.service
+$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH restart ledmatrix.service
+$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH enable ledmatrix.service
+$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH disable ledmatrix.service
+$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH status ledmatrix.service
+$WEB_USER ALL=(ALL) NOPASSWD: $PYTHON_PATH $PROJECT_DIR/display_controller.py
+$WEB_USER ALL=(ALL) NOPASSWD: $BASH_PATH $PROJECT_DIR/start_display.sh
+$WEB_USER ALL=(ALL) NOPASSWD: $BASH_PATH $PROJECT_DIR/stop_display.sh
+EOF
+
+sudo cp "$TEMP_SUDOERS" /etc/sudoers.d/ledmatrix_web
+sudo chmod 440 /etc/sudoers.d/ledmatrix_web
+rm -f "$TEMP_SUDOERS"
+echo "✓ sudoers installed"
+
+# --- Service file check ---
+SERVICE_FILE="$PROJECT_DIR/ledmatrix-web.service"
+if [ -f "$SERVICE_FILE" ]; then
+    echo "✓ Service file found: $SERVICE_FILE"
+else
+    echo "⚠ Service file not found in $PROJECT_DIR"
+    echo "   Make sure ledmatrix-web.service exists and points to web_interface.py or start_web_conditionally.py"
+fi
+
+# --- Tests ---
+echo ""
+echo "Testing sudo/systemctl access..."
+if sudo -n systemctl status ledmatrix.service > /dev/null 2>&1; then
+    echo "✓ systemctl status works without password"
+else
+    echo "⚠ systemctl status failed (check service name and sudoers)"
+fi
+
+echo ""
+echo "Setup complete!"
+echo "You may need to log out and back in for group changes to take effect."
+echo "Then restart the web service: sudo systemctl restart ledmatrix-web.service"