zitinexus-public
/
zitinexus-router-script
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix install script14

This commit is contained in:
Edmund Tan 2025-07-22 03:10:53 +08:00
parent 0dce65fdd3
commit 1c51ff02b5
3 changed files with 86 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
UI/includes/config.php
View File

@ -109,16 +109,79 @@ function logMessage($level, $message) {
} }
/** /**
* Check if running as root/admin * Check if running as root/admin or has sudo privileges
*/ */
function isRunningAsRoot() { function isRunningAsRoot() {
return posix_getuid() === 0; // If actually running as root
if (posix_getuid() === 0) {
return true;
}
// Test if we have sudo privileges by trying a simple sudo command
$output = '';
$returnCode = 0;
$testCommand = 'sudo -n whoami 2>/dev/null';
$descriptorspec = [
0 => ['pipe', 'r'],
1 => ['pipe', 'w'],
2 => ['pipe', 'w']
];
$process = proc_open($testCommand, $descriptorspec, $pipes);
if (is_resource($process)) {
fclose($pipes[0]);
$stdout = stream_get_contents($pipes[1]);
fclose($pipes[1]);
fclose($pipes[2]);
$returnCode = proc_close($process);
// If sudo command succeeded, we have sudo privileges
return $returnCode === 0;
}
return false;
} }
/** /**
* Execute system command safely * Execute system command safely with automatic sudo for privileged operations
*/ */
function executeCommand($command, &$output = null, &$returnCode = null) { function executeCommand($command, &$output = null, &$returnCode = null) {
// Commands that typically need sudo privileges
$sudoCommands = [
'apt-get', 'systemctl', 'mkdir', 'chmod', 'chown', 'curl', 'gpg',
'ziti', 'cp', 'mv', 'rm', 'ln', 'update-alternatives'
];
// Check if command needs sudo and doesn't already have it
$needsSudo = false;
$commandParts = explode(' ', trim($command));
$baseCommand = $commandParts[0];
// Skip if already has sudo
if ($baseCommand !== 'sudo') {
foreach ($sudoCommands as $sudoCmd) {
if ($baseCommand === $sudoCmd || strpos($command, $sudoCmd) !== false) {
$needsSudo = true;
break;
}
}
// Also check for file operations in system directories
if (strpos($command, '/etc/') !== false ||
strpos($command, '/var/') !== false ||
strpos($command, '/usr/') !== false ||
strpos($command, '/opt/') !== false) {
$needsSudo = true;
}
}
// Add sudo if needed and we're not already root
if ($needsSudo && posix_getuid() !== 0) {
$command = 'sudo ' . $command;
}
$descriptorspec = [ $descriptorspec = [
0 => ['pipe', 'r'], // stdin 0 => ['pipe', 'r'], // stdin
1 => ['pipe', 'w'], // stdout 1 => ['pipe', 'w'], // stdout

15
UI/includes/enrollment.php
View File

@ -194,9 +194,14 @@ class EnrollmentManager {
// Add repository to sources list // Add repository to sources list
$repoContent = 'deb [signed-by=/usr/share/keyrings/openziti.gpg] https://packages.openziti.org/zitipax-openziti-deb-stable debian main'; $repoContent = 'deb [signed-by=/usr/share/keyrings/openziti.gpg] https://packages.openziti.org/zitipax-openziti-deb-stable debian main';
if (!file_put_contents('/etc/apt/sources.list.d/openziti-release.list', $repoContent)) { $tempFile = tempnam(sys_get_temp_dir(), 'openziti-repo');
file_put_contents($tempFile, $repoContent);
if (!executeCommand("cp '$tempFile' /etc/apt/sources.list.d/openziti-release.list")) {
unlink($tempFile);
throw new Exception('Failed to add OpenZiti repository'); throw new Exception('Failed to add OpenZiti repository');
} }
unlink($tempFile);
// Update package list // Update package list
$this->reportProgress('INSTALL', 'Updating package list...'); $this->reportProgress('INSTALL', 'Updating package list...');
@ -408,9 +413,15 @@ StandardError=append:/var/log/ziti-router.log
WantedBy=multi-user.target WantedBy=multi-user.target
EOF; EOF;
if (!file_put_contents(SYSTEMD_SERVICE_FILE, $serviceContent)) { // Write service file using sudo
$tempFile = tempnam(sys_get_temp_dir(), 'ziti-service');
file_put_contents($tempFile, $serviceContent);
if (!executeCommand("cp '$tempFile' " . SYSTEMD_SERVICE_FILE)) {
unlink($tempFile);
throw new Exception('Failed to create systemd service file'); throw new Exception('Failed to create systemd service file');
} }
unlink($tempFile);
// Reload systemd and enable service // Reload systemd and enable service
if (!executeCommand('systemctl daemon-reload')) { if (!executeCommand('systemctl daemon-reload')) {

7
UI/install.sh
View File

@ -356,6 +356,13 @@ www-data ALL=(ALL) NOPASSWD: /usr/bin/which
www-data ALL=(ALL) NOPASSWD: /usr/bin/hostname www-data ALL=(ALL) NOPASSWD: /usr/bin/hostname
www-data ALL=(ALL) NOPASSWD: /usr/bin/uname www-data ALL=(ALL) NOPASSWD: /usr/bin/uname
www-data ALL=(ALL) NOPASSWD: /usr/bin/lsb_release www-data ALL=(ALL) NOPASSWD: /usr/bin/lsb_release
www-data ALL=(ALL) NOPASSWD: /usr/bin/cp
www-data ALL=(ALL) NOPASSWD: /usr/bin/mv
www-data ALL=(ALL) NOPASSWD: /usr/bin/rm
www-data ALL=(ALL) NOPASSWD: /usr/bin/ln
www-data ALL=(ALL) NOPASSWD: /usr/bin/whoami
www-data ALL=(ALL) NOPASSWD: /usr/bin/tee
www-data ALL=(ALL) NOPASSWD: /usr/bin/cat
EOF EOF
# Validate sudoers file # Validate sudoers file