cleanup: use runuser instead of sudo

In a lot of place where sudo is used, it is meant to drop privileges coming from root, instead of gaining privileges or lateral privilege moves (e.g. postgres). This is what runuser is for, so use that.
2023-11-28 14:36:07 +00:00 · 2023-11-28 14:36:07 +00:00 · 4f5b773798
commit 4f5b773798
parent 067144bf86
4 changed files with 20 additions and 20 deletions
--- a/bbb-graphql-server/install-hasura.sh
+++ b/bbb-graphql-server/install-hasura.sh
@ -10,13 +10,13 @@ cd "$(dirname "$0")"
 # Install Postgresql
 apt update
 apt install postgresql postgresql-contrib -y
-sudo -u postgres psql -c "alter user postgres password 'bbb_graphql'"
-sudo -u postgres psql -c "drop database if exists bbb_graphql with (force)"
-sudo -u postgres psql -c "create database bbb_graphql WITH TEMPLATE template0 LC_COLLATE 'C.UTF-8'"
-sudo -u postgres psql -c "alter database bbb_graphql set timezone to 'UTC'"
-sudo -u postgres psql -U postgres -d bbb_graphql -a -f bbb_schema.sql --set ON_ERROR_STOP=on
-sudo -u postgres psql -c "drop database if exists hasura_app with (force)"
-sudo -u postgres psql -c "create database hasura_app"
+runuser -u postgres -- psql -c "alter user postgres password 'bbb_graphql'"
+runuser -u postgres -- psql -c "drop database if exists bbb_graphql with (force)"
+runuser -u postgres -- psql -c "create database bbb_graphql WITH TEMPLATE template0 LC_COLLATE 'C.UTF-8'"
+runuser -u postgres -- psql -c "alter database bbb_graphql set timezone to 'UTC'"
+runuser -u postgres -- psql -U postgres -d bbb_graphql -a -f bbb_schema.sql --set ON_ERROR_STOP=on
+runuser -u postgres -- psql -c "drop database if exists hasura_app with (force)"
+runuser -u postgres -- psql -c "create database hasura_app"

 echo "Postgresql installed!"

--- a/bbb-graphql-server/update_graphql_data.sh
+++ b/bbb-graphql-server/update_graphql_data.sh
@ -16,13 +16,13 @@ if [ "$hasura_status" = "active" ]; then
 fi

 echo "Restarting database bbb_graphql"
-sudo -u postgres psql -c "SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE datname = 'bbb_graphql'"
-sudo -u postgres psql -c "drop database if exists bbb_graphql with (force)"
-sudo -u postgres psql -c "create database bbb_graphql WITH TEMPLATE template0 LC_COLLATE 'C.UTF-8'"
-sudo -u postgres psql -c "alter database bbb_graphql set timezone to 'UTC'"
+runuser -u postgres -- psql -c "SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE datname = 'bbb_graphql'"
+runuser -u postgres -- psql -c "drop database if exists bbb_graphql with (force)"
+runuser -u postgres -- psql -c "create database bbb_graphql WITH TEMPLATE template0 LC_COLLATE 'C.UTF-8'"
+runuser -u postgres -- psql -c "alter database bbb_graphql set timezone to 'UTC'"

 echo "Creating tables in bbb_graphql"
-sudo -u postgres psql -U postgres -d bbb_graphql -q -f bbb_schema.sql --set ON_ERROR_STOP=on
+runuser -u postgres -- psql -U postgres -d bbb_graphql -q -f bbb_schema.sql --set ON_ERROR_STOP=on

 if [ "$hasura_status" = "active" ]; then
  echo "Starting Hasura"
--- a/bigbluebutton-tests/gns3/gns3-bbb.py
+++ b/bigbluebutton-tests/gns3/gns3-bbb.py
@ -942,7 +942,7 @@ def BBB_server_standalone(hostname, x=100, y=300):
            install_options.append('-g')

        install_options_str = ' '.join(install_options)
-        user_data['runcmd'].append(f'sudo -u ubuntu RELEASE="{args.release}" INSTALL_OPTIONS="{install_options_str}" /testserver.sh')
+        user_data['runcmd'].append(f'runuser -u ubuntu RELEASE="{args.release}" INSTALL_OPTIONS="{install_options_str}" /testserver.sh')

    if notification_url:
        user_data['phone_home'] = {'url': notification_url, 'tries': 1}
--- a/build/packages-template/bbb-graphql-server/after-install.sh
+++ b/build/packages-template/bbb-graphql-server/after-install.sh
@ -5,19 +5,19 @@ case "$1" in

  fc-cache -f

-  sudo -u postgres psql -c "alter user postgres password 'bbb_graphql'"
-  sudo -u postgres psql -c "drop database if exists bbb_graphql with (force)"
-  sudo -u postgres psql -c "create database bbb_graphql WITH TEMPLATE template0 LC_COLLATE 'C.UTF-8'"
-  sudo -u postgres psql -c "alter database bbb_graphql set timezone to 'UTC'"
-  sudo -u postgres psql -U postgres -d bbb_graphql -q -f /usr/share/bbb-graphql-server/bbb_schema.sql --set ON_ERROR_STOP=on
+  runuser -u postgres -- psql -c "alter user postgres password 'bbb_graphql'"
+  runuser -u postgres -- psql -c "drop database if exists bbb_graphql with (force)"
+  runuser -u postgres -- psql -c "create database bbb_graphql WITH TEMPLATE template0 LC_COLLATE 'C.UTF-8'"
+  runuser -u postgres -- psql -c "alter database bbb_graphql set timezone to 'UTC'"
+  runuser -u postgres -- psql -U postgres -d bbb_graphql -q -f /usr/share/bbb-graphql-server/bbb_schema.sql --set ON_ERROR_STOP=on

  DATABASE_NAME="hasura_app"
-  DB_EXISTS=$(sudo -u postgres psql -U postgres -tAc "SELECT 1 FROM pg_database WHERE datname='$DATABASE_NAME'")
+  DB_EXISTS=$(runuser -u postgres -- psql -U postgres -tAc "SELECT 1 FROM pg_database WHERE datname='$DATABASE_NAME'")
  if [ "$DB_EXISTS" = '1' ]
  then
      echo "Database $DATABASE_NAME already exists"
  else
-      sudo -u postgres psql -c "create database hasura_app"
+      runuser -u postgres -- psql -c "create database hasura_app"
      echo "Database $DATABASE_NAME created"
  fi