From 2c1ac5c9bc22ba9350e29e7e4958db8137839692 Mon Sep 17 00:00:00 2001
From: Clemens Schwaighofer <clemens.schwaighofer@egplusww.com>
Date: Fri, 4 Jul 2025 11:37:48 +0900
Subject: [PATCH] Make sure correct user runs the scripts

---
 src/bin/base_setup.sh | 14 ++++++++++----
 src/bin/init.sh       | 24 ++++++++++++++++++------
 2 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/src/bin/base_setup.sh b/src/bin/base_setup.sh
index 9809add..6bc7e42 100644
--- a/src/bin/base_setup.sh
+++ b/src/bin/base_setup.sh
@@ -33,6 +33,11 @@ elif [ "${USE_SUDO}" = "0" ] && ! id "${SUDO_USER}" &>/dev/null; then
 	echo "SUDO is off, user must exist in system";
 	error=1;
 fi;
+# this script has to be run as root
+if [ "$(whoami)" != "root" ]; then
+	echo "Script must be run as root user";
+	error=1;
+fi;
 
 if [ $error -eq 1 ]; then
 	exit;
@@ -94,7 +99,8 @@ Host UdonGitJump
 	Port 37337
 EOF
 		if [ -f "${PEM_BASE}${JUMP_PEM_FILE}" ]; then
-			cp "${PEM_BASE}${JUMP_PEM_FILE}" "${GIT_REPOSITORY_FOLDER}"/.ssh/;
+			sudo -u "${SUDO_USER}" cp "${PEM_BASE}${JUMP_PEM_FILE}" "${GIT_REPOSITORY_FOLDER}"/.ssh/;
+			sudo -u "${SUDO_USER}" chmod 600 "${GIT_REPOSITORY_FOLDER}/.ssh/${JUMP_PEM_FILE}"
 		else
 			echo "PEM FILE ${JUMP_PEM_FILE} must be added manually"
 		fi;
@@ -110,7 +116,7 @@ EOF
 		"${GIT_REPOSITORY_FOLDER}${WWW_WEBHOOK_INCOMING}" \
 		"${GIT_REPOSITORY_FOLDER}${WWW_ADMIN}";
 	# set basic folder rights, clone folder is excluded
-	chmod 700 \
+	sudo -u "${SUDO_USER}" chmod 700 \
 		"${GIT_REPOSITORY_FOLDER}${LOG_FOLDER}" \
 		"${GIT_REPOSITORY_FOLDER}${SCRIPT_FOLDER}" \
 		"${GIT_REPOSITORY_FOLDER}${CONFIG_FOLDER}" \
@@ -124,8 +130,8 @@ EOF
 	# Copy files
 	echo "+ Copy basic script and config files";
 	# git_pull.sh, init.sh, new_clone.sh, webhook.default.cfg
-	cp "${BASE_FOLDER}new_clone.sh" "${BASE_FOLDER}init.sh" "${BASE_FOLDER}git_clone.sh" "${GIT_REPOSITORY_FOLDER}${SCRIPT_FOLDER}";
-	cp "${CONFIG_BASE}/webhook.default.cfg" "${GIT_REPOSITORY_FOLDER}${CONFIG_FOLDER}";
+	sudo -u "${SUDO_USER}"cp "${BASE_FOLDER}new_clone.sh" "${BASE_FOLDER}init.sh" "${BASE_FOLDER}git_clone.sh" "${GIT_REPOSITORY_FOLDER}${SCRIPT_FOLDER}";
+	sudo -u "${SUDO_USER}"cp "${CONFIG_BASE}/webhook.default.cfg" "${GIT_REPOSITORY_FOLDER}${CONFIG_FOLDER}";
 fi;
 
 # __END__
diff --git a/src/bin/init.sh b/src/bin/init.sh
index 27101ca..eff71ea 100644
--- a/src/bin/init.sh
+++ b/src/bin/init.sh
@@ -10,19 +10,26 @@ if [ -f "${CONFIG_BASE}webhook.cfg" ]; then
 	# shellcheck disable=SC1091
 	source <(grep "=" "${CONFIG_BASE}webhook.cfg" | sed 's/ *= */=/g')
 fi;
+error=0;
 if [ "${USE_SUDO}" != "0" ] && ! id "${SUDO_USER}" &>/dev/null; then
 	echo "sudo user ${SUDO_USER} does not exist";
-	exit;
+	error=1;
 fi;
 # check that user exist
 # check that git exists
 if [ -z "$(command -v git)" ]; then
 	echo "git is not installed";
-	exit;
+	error=1;
 fi;
 GIT_COMMAND_BASE=("git");
 if [ -n "${USE_SUDO}" ]; then
-	GIT_COMMAND_BASE=("sudo" "-u" "${SUDO_USER}" "git");.
+	# if we are root -> ok, else we must be SUDO USER
+	if [ "$(whoami)" = "root" ]; then
+		GIT_COMMAND_BASE=("sudo" "-u" "${SUDO_USER}" "git");.
+	elif [ "$(whoami)" != "${SUDO_USER}" ]; then
+		echo "Script must be run as root or as the ${SUDO_USER}";
+		error=1;
+	fi;
 fi;
 
 # add trailing slash if not set
@@ -33,24 +40,29 @@ LOG_FOLDER="log/"
 # base folder does not exist
 if [ ! -d "${GIT_REPOSITORY_FOLDER}" ]; then
 	echo "Base folder: ${GIT_REPOSITORY_FOLDER} not found";
-	exit;
+	error=1;
 fi;
 
 # branch name not set
 if [ -n "${BRANCH}" ]; then
 	echo "No branch name given";
-	exit;
+	error=1;
 fi;
 
 # check that log folder exists
 if [ ! -d "${GIT_REPOSITORY_FOLDER}${LOG_FOLDER}" ]; then
 	echo "Log folder does not exist: ${GIT_REPOSITORY_FOLDER}${LOG_FOLDER}";
-	exit;
+	error=1;
 fi;
 
 # check that the base clone folder exists
 if [ ! -d "${GIT_REPOSITORY_FOLDER}${CLONE_BASE}" ]; then
 	echo "Clone base folder does not exist: ${GIT_REPOSITORY_FOLDER}${CLONE_BASE}";
+	error=1;
+fi;
+
+# exit on error
+if [ $error -eq 1 ]; then
 	exit;
 fi;