From 00fc36df3ad41b657a6ab1ad4064eb8ccf7e564c Mon Sep 17 00:00:00 2001 From: Oskar Kapala Date: Wed, 3 Jun 2026 15:44:44 +0200 Subject: [PATCH] fix(deploy): skip sudo chown/chmod when /opt/homelab ownership is already correct MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit deploy-local.sh previously ran `sudo chown -R 1000:1000` and `sudo chmod -R 775` unconditionally on every deploy, which blocked non-TTY execution (CC/CI) on VPS where /opt/homelab is already 1000:1000. Both steps are now conditional using `find ... -print -quit`: - chown: runs only if any file/dir is NOT uid/gid 1000 - chmod: runs only if any directory is missing -775 permission bits When everything is correct (steady state on VPS), both steps log "already correct, skipping" and never invoke sudo. If a new directory was created by root (e.g. a manual mkdir, volume mount, or restart artefact), the remediation path triggers automatically — the self-heal property is preserved. Smoke-tested in Docker (ubuntu:22.04): Case 1 (1000:1000 + 775): chown skipped, chmod skipped ✓ Case 2 (root-owned subdir): chown triggered ✓ Case 3 (700 dir perms): chmod triggered ✓ Co-Authored-By: Claude Sonnet 4.6 --- services/control-plane/deploy-local.sh | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/services/control-plane/deploy-local.sh b/services/control-plane/deploy-local.sh index 4bc19c3..b70e345 100755 --- a/services/control-plane/deploy-local.sh +++ b/services/control-plane/deploy-local.sh @@ -39,10 +39,24 @@ for dir in "${DIRS[@]}"; do fi done -# 3. chown/chmod for UID 1000 -echo "Setting permissions for UID 1000 on /opt/homelab..." -sudo chown -R 1000:1000 /opt/homelab -sudo chmod -R 775 /opt/homelab 2>/dev/null || true +# 3. chown/chmod for UID 1000 — self-healing: only calls sudo when actually needed +echo "Checking /opt/homelab ownership..." +_chown_needed=$(find /opt/homelab \( ! -uid 1000 -o ! -gid 1000 \) -print -quit 2>/dev/null) +if [[ -n "$_chown_needed" ]]; then + echo "Found files not owned by 1000:1000 (e.g. $_chown_needed) — fixing..." + sudo chown -R 1000:1000 /opt/homelab +else + echo "Ownership already correct, skipping chown" +fi + +echo "Checking /opt/homelab directory permissions..." +_chmod_needed=$(find /opt/homelab -type d ! -perm -775 -print -quit 2>/dev/null) +if [[ -n "$_chmod_needed" ]]; then + echo "Found directories with wrong permissions (e.g. $_chmod_needed) — fixing..." + sudo chmod -R 775 /opt/homelab 2>/dev/null || true +else + echo "Permissions already correct, skipping chmod" +fi # 4. Run docker compose up -d --build --force-recreate echo "--- Starting Control Plane Services ---"