mirror of
https://github.com/ChuckBuilds/LEDMatrix.git
synced 2026-04-10 13:02:59 +00:00
158e07c82b
* fix(web): unify operation history tracking for monorepo plugin operations The operation history UI was reading from the wrong data source (operation_queue instead of operation_history), install/update records lacked version details, toggle operations used a type name that didn't match UI filters, and the Clear History button was non-functional. - Switch GET /plugins/operation/history to read from OperationHistory audit log with return type hint and targeted exception handling - Add DELETE /plugins/operation/history endpoint; wire up Clear button - Add _get_plugin_version helper with specific exception handling (FileNotFoundError, PermissionError, json.JSONDecodeError) and structured logging with plugin_id/path context - Record plugin version, branch, and commit details on install/update - Record install failures in the direct (non-queue) code path - Replace "toggle" operation type with "enable"/"disable" - Add normalizeStatus() in JS to map completed→success, error→failed so status filter works regardless of server-side convention - Truncate commit SHAs to 7 chars in details display - Fix HTML filter options, operation type colors, duplicate JS init Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(plugins): prevent root-owned files from blocking plugin updates The root ledmatrix service creates __pycache__ and data cache files owned by root inside plugin directories. The web service (non-root) cannot delete these when updating or uninstalling plugins, causing operations to fail with "Permission denied". Defense in depth with three layers: - Prevent: PYTHONDONTWRITEBYTECODE=1 in systemd service + run.py - Fallback: sudoers rules for rm on plugin directories - Code: _safe_remove_directory() now uses sudo as last resort, and all bare shutil.rmtree() calls routed through it Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): harden sudo removal with path-validated helper script Address code review findings: - Replace raw rm/find sudoers wildcards with a vetted helper script (safe_plugin_rm.sh) that resolves symlinks and validates the target is a strict child of plugin-repos/ or plugins/ before deletion - Add allow-list validation in sudo_remove_directory() that checks resolved paths against allowed bases before invoking sudo - Check _safe_remove_directory() return value before shutil.move() in the manifest ID rename path - Move stat import to module level in store_manager.py - Use stat.S_IRWXU instead of 0o777 in chmod fallback stage - Add ignore_errors=True to temp dir cleanup in finally block - Use command -v instead of which in configure_web_sudo.sh Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): address code review round 2 — harden paths and error handling - safe_plugin_rm.sh: use realpath --canonicalize-missing for ALLOWED_BASES so the script doesn't fail under set -e when dirs don't exist yet - safe_plugin_rm.sh: add -- before path in rm -rf to prevent flag injection - permission_utils.py: use shutil.which('bash') instead of hardcoded /bin/bash to match whatever path the sudoers BASH_PATH resolves to - store_manager.py: check _safe_remove_directory() return before shutil.move() in _install_from_monorepo_zip to prevent moving into a non-removed target - store_manager.py: catch OSError instead of PermissionError in Stage 1 removal to handle both EACCES and EPERM error codes - store_manager.py: hoist sudo_remove_directory import to module level - configure_web_sudo.sh: harden safe_plugin_rm.sh to root-owned 755 so the web user cannot modify the vetted helper script Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): validate command paths in sudoers config and use resolved paths - configure_web_sudo.sh: validate that required commands (systemctl, bash, python3) resolve to non-empty paths before generating sudoers entries; abort with clear error if any are missing; skip optional commands (reboot, poweroff, journalctl) with a warning instead of emitting malformed NOPASSWD lines; validate helper script exists on disk - permission_utils.py: pass the already-resolved path to the subprocess call and use it for the post-removal exists() check, eliminating a TOCTOU window between Python-side validation and shell-side execution Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Chuck <chuck@example.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
190 lines
6.9 KiB
Bash
190 lines
6.9 KiB
Bash
#!/bin/bash
|
|
|
|
# LED Matrix Web Interface Sudo Configuration Script
|
|
# This script configures passwordless sudo access for the web interface user
|
|
|
|
set -e
|
|
|
|
echo "Configuring passwordless sudo access for LED Matrix Web Interface..."
|
|
|
|
# Get the current user (should be the user running the web interface)
|
|
WEB_USER=$(whoami)
|
|
PROJECT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROJECT_ROOT="$(cd "$PROJECT_DIR/../.." && pwd)"
|
|
|
|
echo "Detected web interface user: $WEB_USER"
|
|
echo "Project directory: $PROJECT_DIR"
|
|
echo "Project root: $PROJECT_ROOT"
|
|
|
|
# Check if running as root
|
|
if [ "$EUID" -eq 0 ]; then
|
|
echo "Error: This script should not be run as root."
|
|
echo "Run it as the user that will be running the web interface."
|
|
exit 1
|
|
fi
|
|
|
|
# Get the full paths to commands and validate each one
|
|
MISSING_CMDS=()
|
|
|
|
PYTHON_PATH=$(command -v python3) || true
|
|
SYSTEMCTL_PATH=$(command -v systemctl) || true
|
|
REBOOT_PATH=$(command -v reboot) || true
|
|
POWEROFF_PATH=$(command -v poweroff) || true
|
|
BASH_PATH=$(command -v bash) || true
|
|
JOURNALCTL_PATH=$(command -v journalctl) || true
|
|
SAFE_RM_PATH="$PROJECT_ROOT/scripts/fix_perms/safe_plugin_rm.sh"
|
|
|
|
# Validate required commands (systemctl, bash, python3 are essential)
|
|
for CMD_NAME in SYSTEMCTL_PATH BASH_PATH PYTHON_PATH; do
|
|
CMD_VAL="${!CMD_NAME}"
|
|
if [ -z "$CMD_VAL" ]; then
|
|
MISSING_CMDS+=("$CMD_NAME")
|
|
fi
|
|
done
|
|
|
|
if [ ${#MISSING_CMDS[@]} -gt 0 ]; then
|
|
echo "Error: Required commands not found: ${MISSING_CMDS[*]}" >&2
|
|
echo "Cannot generate valid sudoers configuration without these." >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Validate helper script exists
|
|
if [ ! -f "$SAFE_RM_PATH" ]; then
|
|
echo "Error: Safe plugin removal helper not found: $SAFE_RM_PATH" >&2
|
|
exit 1
|
|
fi
|
|
|
|
echo "Command paths:"
|
|
echo " Python: $PYTHON_PATH"
|
|
echo " Systemctl: $SYSTEMCTL_PATH"
|
|
echo " Reboot: ${REBOOT_PATH:-(not found, skipping)}"
|
|
echo " Poweroff: ${POWEROFF_PATH:-(not found, skipping)}"
|
|
echo " Bash: $BASH_PATH"
|
|
echo " Journalctl: ${JOURNALCTL_PATH:-(not found, skipping)}"
|
|
echo " Safe plugin rm: $SAFE_RM_PATH"
|
|
|
|
# Create a temporary sudoers file
|
|
TEMP_SUDOERS="/tmp/ledmatrix_web_sudoers_$$"
|
|
|
|
{
|
|
echo "# LED Matrix Web Interface passwordless sudo configuration"
|
|
echo "# This allows the web interface user to run specific commands without a password"
|
|
echo ""
|
|
echo "# Allow $WEB_USER to run specific commands without a password for the LED Matrix web interface"
|
|
|
|
# Optional: reboot/poweroff (non-critical — skip if not found)
|
|
if [ -n "$REBOOT_PATH" ]; then
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $REBOOT_PATH"
|
|
fi
|
|
if [ -n "$POWEROFF_PATH" ]; then
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $POWEROFF_PATH"
|
|
fi
|
|
|
|
# Required: systemctl
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH start ledmatrix.service"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH stop ledmatrix.service"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH restart ledmatrix.service"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH enable ledmatrix.service"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH disable ledmatrix.service"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH status ledmatrix.service"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH is-active ledmatrix"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH is-active ledmatrix.service"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH start ledmatrix-web"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH stop ledmatrix-web"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $SYSTEMCTL_PATH restart ledmatrix-web"
|
|
|
|
# Optional: journalctl (non-critical — skip if not found)
|
|
if [ -n "$JOURNALCTL_PATH" ]; then
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $JOURNALCTL_PATH -u ledmatrix.service *"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $JOURNALCTL_PATH -u ledmatrix *"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $JOURNALCTL_PATH -t ledmatrix *"
|
|
fi
|
|
|
|
# Required: python3, bash
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $PYTHON_PATH $PROJECT_DIR/display_controller.py"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $BASH_PATH $PROJECT_DIR/start_display.sh"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $BASH_PATH $PROJECT_DIR/stop_display.sh"
|
|
echo ""
|
|
echo "# Allow web user to remove plugin directories via vetted helper script"
|
|
echo "# The helper validates that the target path resolves inside plugin-repos/ or plugins/"
|
|
echo "$WEB_USER ALL=(ALL) NOPASSWD: $BASH_PATH $SAFE_RM_PATH *"
|
|
} > "$TEMP_SUDOERS"
|
|
|
|
echo ""
|
|
echo "Generated sudoers configuration:"
|
|
echo "--------------------------------"
|
|
cat "$TEMP_SUDOERS"
|
|
echo "--------------------------------"
|
|
|
|
echo ""
|
|
echo "This configuration will allow the web interface to:"
|
|
echo "- Start/stop/restart the ledmatrix service"
|
|
echo "- Enable/disable the ledmatrix service"
|
|
echo "- Check service status"
|
|
echo "- View system logs via journalctl"
|
|
echo "- Run display_controller.py directly"
|
|
echo "- Execute start_display.sh and stop_display.sh"
|
|
echo "- Reboot and shutdown the system"
|
|
echo "- Remove plugin directories (for update/uninstall when root-owned files block deletion)"
|
|
echo ""
|
|
|
|
# Ask for confirmation
|
|
read -p "Do you want to apply this configuration? (y/N): " -n 1 -r
|
|
echo
|
|
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
|
echo "Configuration cancelled."
|
|
rm -f "$TEMP_SUDOERS"
|
|
exit 0
|
|
fi
|
|
|
|
# Apply the configuration using visudo
|
|
echo "Applying sudoers configuration..."
|
|
# Harden the helper script: root-owned, not writable by web user
|
|
echo "Hardening safe_plugin_rm.sh ownership..."
|
|
if ! sudo chown root:root "$SAFE_RM_PATH"; then
|
|
echo "Warning: Could not set ownership on $SAFE_RM_PATH"
|
|
fi
|
|
if ! sudo chmod 755 "$SAFE_RM_PATH"; then
|
|
echo "Warning: Could not set permissions on $SAFE_RM_PATH"
|
|
fi
|
|
|
|
if sudo cp "$TEMP_SUDOERS" /etc/sudoers.d/ledmatrix_web; then
|
|
echo "Configuration applied successfully!"
|
|
echo ""
|
|
echo "Testing sudo access..."
|
|
|
|
# Test a few commands
|
|
if sudo -n systemctl status ledmatrix.service > /dev/null 2>&1; then
|
|
echo "✓ systemctl status ledmatrix.service - OK"
|
|
else
|
|
echo "✗ systemctl status ledmatrix.service - Failed"
|
|
fi
|
|
|
|
if sudo -n test -f "$PROJECT_DIR/start_display.sh"; then
|
|
echo "✓ File access test - OK"
|
|
else
|
|
echo "✗ File access test - Failed"
|
|
fi
|
|
|
|
echo ""
|
|
echo "Configuration complete! The web interface should now be able to:"
|
|
echo "- Execute system commands without password prompts"
|
|
echo "- Start and stop the LED matrix display"
|
|
echo "- Restart the system if needed"
|
|
echo ""
|
|
echo "You may need to restart the web interface service for changes to take effect:"
|
|
echo " sudo systemctl restart ledmatrix-web.service"
|
|
|
|
else
|
|
echo "Error: Failed to apply sudoers configuration."
|
|
echo "You may need to run this script with sudo privileges."
|
|
rm -f "$TEMP_SUDOERS"
|
|
exit 1
|
|
fi
|
|
|
|
# Clean up
|
|
rm -f "$TEMP_SUDOERS"
|
|
|
|
echo ""
|
|
echo "Configuration script completed successfully!"
|