oskar/homelab-codex-ws
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fix(deploy): skip sudo chown/chmod when /opt/homelab ownership is already correct

Browse source 
deploy-local.sh previously ran `sudo chown -R 1000:1000` and
`sudo chmod -R 775` unconditionally on every deploy, which blocked
non-TTY execution (CC/CI) on VPS where /opt/homelab is already 1000:1000.

Both steps are now conditional using `find ... -print -quit`:
- chown: runs only if any file/dir is NOT uid/gid 1000
- chmod: runs only if any directory is missing -775 permission bits

When everything is correct (steady state on VPS), both steps log
"already correct, skipping" and never invoke sudo.  If a new directory
was created by root (e.g. a manual mkdir, volume mount, or restart artefact),
the remediation path triggers automatically — the self-heal property is preserved.

Smoke-tested in Docker (ubuntu:22.04):
  Case 1 (1000:1000 + 775):  chown skipped, chmod skipped ✓
  Case 2 (root-owned subdir): chown triggered ✓
  Case 3 (700 dir perms):     chmod triggered ✓

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Oskar Kapala 2026-06-03 15:44:44 +02:00
parent f5dcefc752
commit 00fc36df3a
1 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
services/control-plane/deploy-local.sh
View file

@ -39,10 +39,24 @@ for dir in "${DIRS[@]}"; do
fi
done
# 3. chown/chmod for UID 1000
echo "Setting permissions for UID 1000 on /opt/homelab..."
# 3. chown/chmod for UID 1000 — self-healing: only calls sudo when actually needed
echo "Checking /opt/homelab ownership..."
_chown_needed=$(find /opt/homelab \( ! -uid 1000 -o ! -gid 1000 \) -print -quit 2>/dev/null)
if [[ -n "$_chown_needed" ]]; then
echo "Found files not owned by 1000:1000 (e.g. $_chown_needed) — fixing..."
sudo chown -R 1000:1000 /opt/homelab
else
echo "Ownership already correct, skipping chown"
fi
echo "Checking /opt/homelab directory permissions..."
_chmod_needed=$(find /opt/homelab -type d ! -perm -775 -print -quit 2>/dev/null)
if [[ -n "$_chmod_needed" ]]; then
echo "Found directories with wrong permissions (e.g. $_chmod_needed) — fixing..."
sudo chmod -R 775 /opt/homelab 2>/dev/null || true
else
echo "Permissions already correct, skipping chmod"
fi
# 4. Run docker compose up -d --build --force-recreate
echo "--- Starting Control Plane Services ---"