Enforce UID=0 on selected platforms

2025-11-06 03:08:55 -05:00 · 2023-06-02 00:00:08 -04:00 · 2023-06-02 00:00:08 -04:00 · 507dca0af9
commit 507dca0af9
parent 40a8873ce1
2 changed files with 62 additions and 5 deletions
--- a/DBRepair.sh
+++ b/DBRepair.sh
@ -2,12 +2,12 @@
 #########################################################################
 # Plex Media Server database check and repair utility script.           #
 # Maintainer: ChuckPa                                                   #
-# Version:    v1.0.7                                                    #
-# Date:       31-May-2023                                               #
+# Version:    v1.0.8                                                    #
+# Date:       01-Jun-2023                                               #
 #########################################################################

 # Version for display purposes
-Version="v1.0.7"
+Version="v1.0.8"

 # Flag when temp files are to be retained
 Retain=0
@ -20,6 +20,9 @@ HaveStartStop=0
 StartCommand=""
 StopCommand=""

+# By default, require root privilege
+RootRequired=1
+
 # Keep track of how many times the user's hit enter with no command (implied EOF)
 NullCommands=0

@ -524,6 +527,9 @@ HostConfig() {
    STATBYTES="%z"
    STATPERMS="%A"

+    # Root not required on MacOS.  PMS runs as username.
+    RootRequired=0
+
    # make the TMP directory in advance to store plexmediaserver.pid
    mkdir -p "$DBDIR/dbtmp"

@ -921,8 +927,27 @@ DoRepair() {
      [ -e $CPPL.db-shm ]       && rm -f $CPPL.db-shm

      # Set ownership on new files
-      chown $Owner $CPPL.db $CPPL.blobs.db
      chmod $Perms $CPPL.db $CPPL.blobs.db
+      Result=$?
+      if [ $Result -ne 0 ]; then
+        Output "ERROR:  Cannot set permissions on new databases. Error $Result"
+        Output "        Please exit tool, keeping temp files, seek assistance."
+        Output "        Use files: $TMPDIR/*-BACKUP-$TimeStamp"
+        WriteLog "Repair  - Move files - FAIL"
+        Fail=1
+        return 1
+      fi
+
+      chown $Owner $CPPL.db $CPPL.blobs.db
+      Result=$?
+      if [ $Result -ne 0 ]; then
+        Output "ERROR:  Cannot set ownership on new databases. Error $Result"
+        Output "        Please exit tool, keeping temp files, seek assistance."
+        Output "        Use files: $TMPDIR/*-BACKUP-$TimeStamp"
+        WriteLog "Repair  - Move files - FAIL"
+        Fail=1
+        return 1
+      fi

      # We didn't fail, set CheckedDB status true (passed above checks)
      CheckedDB=1
@ -1378,9 +1403,19 @@ Scripted=0
 if ! HostConfig; then
  Output 'Error: Unknown host. Current supported hosts are: QNAP, Syno, Netgear, Mac, ASUSTOR, WD (OS5), Linux wkstn/svr'
  Output '                     Current supported container images:  Plexinc, LinuxServer, HotIO, & BINHEX'
+  Output ' '
+  Output 'Are you trying to run the tool from outside the container environment ?'
  exit 1
 fi

+# If root required, confirm this script is running as root
+if [ $RootRequired -eq 1 ] && [ $(id -u) -ne 0 ]; then
+  Output "ERROR:  Tool running as username '$(whoami)'.  '$HostType' requires 'root' user privilege."
+  Output "        (e.g 'sudo -su root' or 'sudo bash')"
+  Output "        Exiting."
+  exit 2
+fi
+
 # We might not be root but minimally make sure we have write access
 if [ ! -w "$DBDIR" ]; then
  echo ERROR: Cannot write to Databases directory.  Insufficient privilege.
@ -1438,7 +1473,6 @@ Perms="$(stat $STATFMT $STATPERMS $CPPL.db)"

 # Sanity check,  We are either owner of the DB or root
 if [ ! -w $CPPL.db ]; then
-
   Output "Do not have write permission to the Databases. Exiting."
   WriteLog "No write permission to databases+.  Exit."
   exit 1
--- a/23
+++ b/23
@ -9,6 +9,29 @@

 # Release Info:

+v1.0.8
+  - Require root UID (super user).
+    Requiring root UID gives the script the privilege necessary to set the database ownership
+    and permissions to what they were when the tool started.  Without this,  the resultant database
+    might not be accessible by the Plex Media Server user.
+
+    Synology:   This is achieved by typing 'sudo -su root' at the command line prompt
+                and entering your password.
+
+    QNAP:       This is achieved by typing 'sudo -su admin' at the command line prompt
+                and entering your password.
+
+    Containers: Containers run as 'root' at the command line by default.
+
+    Other platforms will be similar to the above.  Please try combinations of 'sudo'
+    and 'sudo --help' for more details.
+
+  - When successful,  you'll see a '#' in the prompt (signifies 'root' level privilege)
+
+v1.0.7
+  - Correct conditional test on Binhex container which prevented proper detection.
+    Redact v1.0.6
+
 v1.0.6
  - Correct detection conflict between Arch Linux native package and Binhex container.