workstation: run wire-memory-hooks as root, not runuser (fix non-admin wiring)
install_memory ran the JSON-merge helper via 'runuser -u $user', but the helper lives under the admin's mode-700 home ($WORKSTATION_DIR) which non-admin users can't traverse -> wiring silently failed for emo/anca (hooks copied but never wired into settings.json). Run the helper as root (it reads both the repo helper and the user's home) and chown the result back to the user. Verified by the live all-users rollout: emo + anca now wired correctly. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin
parent
f318773cb0
commit
9aa2438e75
1 changed files with 5 additions and 2 deletions
|
|
@ -404,9 +404,12 @@ install_memory() {
|
|||
install -o "$user" -g "$user" -m 0755 "$src/$h" "$hooks_dst/$h"
|
||||
done
|
||||
|
||||
# (2) wire the hooks in settings.json (AS the user -> correct ownership), if-absent + additive;
|
||||
# (2) wire the hooks in settings.json, if-absent + additive. Run the helper as ROOT:
|
||||
# it must read $src under the admin's hardened home (mode 700), which a
|
||||
# runuser-as-$user CANNOT traverse — so chown the result back to the user and
|
||||
# enforce 0600 (it holds the per-user MEMORY_API_KEY).
|
||||
if runuser -u "$user" -- python3 "$src/wire-memory-hooks.py" "$home" >/dev/null 2>&1; then
|
||||
if python3 "$src/wire-memory-hooks.py" "$home" >/dev/null 2>&1; then
|
||||
[[ -f "$settings" ]] && chown "$user:$user" "$settings" 2>/dev/null || true
|
||||
log "memory hooks wired -> $user"
|
||||
else
|
||||
log "WARN: memory hook wiring failed for $user (retries next reconcile)"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue