From b7d50a5d215ca7dec6ea0f37b644e341ef930a2d Mon Sep 17 00:00:00 2001
From: vishesh92 <vishesh92@gmail.com>
Date: Thu, 9 Apr 2026 16:52:38 +0530
Subject: [PATCH] Use sudo only for non-root user

---
 .../main/java/org/apache/cloudstack/ca/CAManagerImpl.java    | 5 +++--
 .../java/org/apache/cloudstack/ca/CAManagerImplTest.java     | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/server/src/main/java/org/apache/cloudstack/ca/CAManagerImpl.java b/server/src/main/java/org/apache/cloudstack/ca/CAManagerImpl.java
index 4b5189eae22..9cf025b4b45 100644
--- a/server/src/main/java/org/apache/cloudstack/ca/CAManagerImpl.java
+++ b/server/src/main/java/org/apache/cloudstack/ca/CAManagerImpl.java
@@ -323,8 +323,9 @@ public class CAManagerImpl extends ManagerBase implements CAManager {
 
             provisionCertificateViaSsh(sshConnection, hostIp, host.getName(), caProvider);
 
-            SSHCmdHelper.sshExecuteCmd(sshConnection, "sudo systemctl restart libvirtd");
-            SSHCmdHelper.sshExecuteCmd(sshConnection, "sudo systemctl restart cloudstack-agent");
+            String sudoPrefix = "root".equals(username) ? "" : "sudo ";
+            SSHCmdHelper.sshExecuteCmd(sshConnection, sudoPrefix + "systemctl restart libvirtd");
+            SSHCmdHelper.sshExecuteCmd(sshConnection, sudoPrefix + "systemctl restart cloudstack-agent");
 
             return true;
         } catch (Exception e) {
diff --git a/server/src/test/java/org/apache/cloudstack/ca/CAManagerImplTest.java b/server/src/test/java/org/apache/cloudstack/ca/CAManagerImplTest.java
index 19c587a3416..2d60833d35c 100644
--- a/server/src/test/java/org/apache/cloudstack/ca/CAManagerImplTest.java
+++ b/server/src/test/java/org/apache/cloudstack/ca/CAManagerImplTest.java
@@ -290,8 +290,8 @@ public class CAManagerImplTest {
 
             Assert.assertTrue(result);
             Mockito.verify(caManager, Mockito.times(1)).provisionCertificateViaSsh(Mockito.any(Connection.class), Mockito.eq("192.168.1.1"), Mockito.eq("host1"), Mockito.eq("root"));
-            sshCmdHelperMock.verify(() -> SSHCmdHelper.sshExecuteCmd(Mockito.any(Connection.class), Mockito.eq("sudo service libvirtd restart")), Mockito.times(1));
-            sshCmdHelperMock.verify(() -> SSHCmdHelper.sshExecuteCmd(Mockito.any(Connection.class), Mockito.eq("sudo service cloudstack-agent restart")), Mockito.times(1));
+            sshCmdHelperMock.verify(() -> SSHCmdHelper.sshExecuteCmd(Mockito.any(Connection.class), Mockito.eq("systemctl restart libvirtd")), Mockito.times(1));
+            sshCmdHelperMock.verify(() -> SSHCmdHelper.sshExecuteCmd(Mockito.any(Connection.class), Mockito.eq("systemctl restart cloudstack-agent")), Mockito.times(1));
         }
     }