fix: Use absolute paths and update sudoers for systemctl/lsscsi

2025-12-09 18:33:03 +00:00
parent 6c5ec902ca
commit 5746891b3c
6 changed files with 83 additions and 91 deletions
--- a/config/mhvtl-sudoers
+++ b/config/mhvtl-sudoers
@@ -1,37 +1,41 @@
 # Allow www-data to restart mhvtl service without password
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl restart mhvtl
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl start mhvtl
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl stop mhvtl
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl status mhvtl
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-active mhvtl
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled mhvtl
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl status apache2
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-active apache2
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled apache2
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl status tgt
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-active tgt
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled tgt
-www-data ALL=(ALL) NOPASSWD: /bin/rm -rf /opt/mhvtl/*
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl restart mhvtl, /usr/bin/systemctl restart mhvtl
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl start mhvtl, /usr/bin/systemctl start mhvtl
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl stop mhvtl, /usr/bin/systemctl stop mhvtl
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl status mhvtl, /usr/bin/systemctl status mhvtl
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-active mhvtl, /usr/bin/systemctl is-active mhvtl
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled mhvtl, /usr/bin/systemctl is-enabled mhvtl
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl status apache2, /usr/bin/systemctl status apache2
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-active apache2, /usr/bin/systemctl is-active apache2
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled apache2, /usr/bin/systemctl is-enabled apache2
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl status tgt, /usr/bin/systemctl status tgt
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-active tgt, /usr/bin/systemctl is-active tgt
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled tgt, /usr/bin/systemctl is-enabled tgt
+www-data ALL=(ALL) NOPASSWD: /bin/rm -rf /opt/mhvtl/*, /usr/bin/rm -rf /opt/mhvtl/*
 www-data ALL=(ALL) NOPASSWD: /usr/sbin/tgtadm
 www-data ALL=(ALL) NOPASSWD: /usr/bin/lsscsi
 www-data ALL=(ALL) NOPASSWD: /tmp/restart-appliance.sh
 www-data ALL=(ALL) NOPASSWD: /tmp/shutdown-appliance.sh
+www-data ALL=(ALL) NOPASSWD: /usr/bin/systemctl reboot
+www-data ALL=(ALL) NOPASSWD: /usr/bin/systemctl poweroff

 # Allow apache to restart mhvtl service without password (for RPM-based systems)
-apache ALL=(ALL) NOPASSWD: /bin/systemctl restart mhvtl
-apache ALL=(ALL) NOPASSWD: /bin/systemctl start mhvtl
-apache ALL=(ALL) NOPASSWD: /bin/systemctl stop mhvtl
-apache ALL=(ALL) NOPASSWD: /bin/systemctl status mhvtl
-apache ALL=(ALL) NOPASSWD: /bin/systemctl is-active mhvtl
-apache ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled mhvtl
-apache ALL=(ALL) NOPASSWD: /bin/systemctl status httpd
-apache ALL=(ALL) NOPASSWD: /bin/systemctl is-active httpd
-apache ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled httpd
-apache ALL=(ALL) NOPASSWD: /bin/systemctl status scsi-target-utils
-apache ALL=(ALL) NOPASSWD: /bin/systemctl is-active scsi-target-utils
-apache ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled scsi-target-utils
-apache ALL=(ALL) NOPASSWD: /bin/rm -rf /opt/mhvtl/*
+apache ALL=(ALL) NOPASSWD: /bin/systemctl restart mhvtl, /usr/bin/systemctl restart mhvtl
+apache ALL=(ALL) NOPASSWD: /bin/systemctl start mhvtl, /usr/bin/systemctl start mhvtl
+apache ALL=(ALL) NOPASSWD: /bin/systemctl stop mhvtl, /usr/bin/systemctl stop mhvtl
+apache ALL=(ALL) NOPASSWD: /bin/systemctl status mhvtl, /usr/bin/systemctl status mhvtl
+apache ALL=(ALL) NOPASSWD: /bin/systemctl is-active mhvtl, /usr/bin/systemctl is-active mhvtl
+apache ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled mhvtl, /usr/bin/systemctl is-enabled mhvtl
+apache ALL=(ALL) NOPASSWD: /bin/systemctl status httpd, /usr/bin/systemctl status httpd
+apache ALL=(ALL) NOPASSWD: /bin/systemctl is-active httpd, /usr/bin/systemctl is-active httpd
+apache ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled httpd, /usr/bin/systemctl is-enabled httpd
+apache ALL=(ALL) NOPASSWD: /bin/systemctl status scsi-target-utils, /usr/bin/systemctl status scsi-target-utils
+apache ALL=(ALL) NOPASSWD: /bin/systemctl is-active scsi-target-utils, /usr/bin/systemctl is-active scsi-target-utils
+apache ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled scsi-target-utils, /usr/bin/systemctl is-enabled scsi-target-utils
+apache ALL=(ALL) NOPASSWD: /bin/rm -rf /opt/mhvtl/*, /usr/bin/rm -rf /opt/mhvtl/*
 apache ALL=(ALL) NOPASSWD: /usr/sbin/tgtadm
 apache ALL=(ALL) NOPASSWD: /usr/bin/lsscsi
 apache ALL=(ALL) NOPASSWD: /tmp/restart-appliance.sh
 apache ALL=(ALL) NOPASSWD: /tmp/shutdown-appliance.sh
+apache ALL=(ALL) NOPASSWD: /usr/bin/systemctl reboot
+apache ALL=(ALL) NOPASSWD: /usr/bin/systemctl poweroff
--- a/dist/adastra-vtl-installer-1.0.0.tar.gz
+++ b/dist/adastra-vtl-installer-1.0.0.tar.gz
--- a/dist/adastra-vtl-installer/VERSION
+++ b/dist/adastra-vtl-installer/VERSION
@@ -1,4 +1,4 @@
 Adastra VTL Installer
 Version: 1.0.0
-Build Date: 2025-12-09 18:21:12
+Build Date: 2025-12-09 18:33:03
 Build Host: vtl-dev
--- a/dist/adastra-vtl-installer/config/mhvtl-sudoers
+++ b/dist/adastra-vtl-installer/config/mhvtl-sudoers
@@ -1,37 +1,41 @@
 # Allow www-data to restart mhvtl service without password
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl restart mhvtl
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl start mhvtl
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl stop mhvtl
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl status mhvtl
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-active mhvtl
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled mhvtl
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl status apache2
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-active apache2
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled apache2
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl status tgt
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-active tgt
-www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled tgt
-www-data ALL=(ALL) NOPASSWD: /bin/rm -rf /opt/mhvtl/*
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl restart mhvtl, /usr/bin/systemctl restart mhvtl
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl start mhvtl, /usr/bin/systemctl start mhvtl
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl stop mhvtl, /usr/bin/systemctl stop mhvtl
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl status mhvtl, /usr/bin/systemctl status mhvtl
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-active mhvtl, /usr/bin/systemctl is-active mhvtl
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled mhvtl, /usr/bin/systemctl is-enabled mhvtl
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl status apache2, /usr/bin/systemctl status apache2
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-active apache2, /usr/bin/systemctl is-active apache2
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled apache2, /usr/bin/systemctl is-enabled apache2
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl status tgt, /usr/bin/systemctl status tgt
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-active tgt, /usr/bin/systemctl is-active tgt
+www-data ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled tgt, /usr/bin/systemctl is-enabled tgt
+www-data ALL=(ALL) NOPASSWD: /bin/rm -rf /opt/mhvtl/*, /usr/bin/rm -rf /opt/mhvtl/*
 www-data ALL=(ALL) NOPASSWD: /usr/sbin/tgtadm
 www-data ALL=(ALL) NOPASSWD: /usr/bin/lsscsi
 www-data ALL=(ALL) NOPASSWD: /tmp/restart-appliance.sh
 www-data ALL=(ALL) NOPASSWD: /tmp/shutdown-appliance.sh
+www-data ALL=(ALL) NOPASSWD: /usr/bin/systemctl reboot
+www-data ALL=(ALL) NOPASSWD: /usr/bin/systemctl poweroff

 # Allow apache to restart mhvtl service without password (for RPM-based systems)
-apache ALL=(ALL) NOPASSWD: /bin/systemctl restart mhvtl
-apache ALL=(ALL) NOPASSWD: /bin/systemctl start mhvtl
-apache ALL=(ALL) NOPASSWD: /bin/systemctl stop mhvtl
-apache ALL=(ALL) NOPASSWD: /bin/systemctl status mhvtl
-apache ALL=(ALL) NOPASSWD: /bin/systemctl is-active mhvtl
-apache ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled mhvtl
-apache ALL=(ALL) NOPASSWD: /bin/systemctl status httpd
-apache ALL=(ALL) NOPASSWD: /bin/systemctl is-active httpd
-apache ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled httpd
-apache ALL=(ALL) NOPASSWD: /bin/systemctl status scsi-target-utils
-apache ALL=(ALL) NOPASSWD: /bin/systemctl is-active scsi-target-utils
-apache ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled scsi-target-utils
-apache ALL=(ALL) NOPASSWD: /bin/rm -rf /opt/mhvtl/*
+apache ALL=(ALL) NOPASSWD: /bin/systemctl restart mhvtl, /usr/bin/systemctl restart mhvtl
+apache ALL=(ALL) NOPASSWD: /bin/systemctl start mhvtl, /usr/bin/systemctl start mhvtl
+apache ALL=(ALL) NOPASSWD: /bin/systemctl stop mhvtl, /usr/bin/systemctl stop mhvtl
+apache ALL=(ALL) NOPASSWD: /bin/systemctl status mhvtl, /usr/bin/systemctl status mhvtl
+apache ALL=(ALL) NOPASSWD: /bin/systemctl is-active mhvtl, /usr/bin/systemctl is-active mhvtl
+apache ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled mhvtl, /usr/bin/systemctl is-enabled mhvtl
+apache ALL=(ALL) NOPASSWD: /bin/systemctl status httpd, /usr/bin/systemctl status httpd
+apache ALL=(ALL) NOPASSWD: /bin/systemctl is-active httpd, /usr/bin/systemctl is-active httpd
+apache ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled httpd, /usr/bin/systemctl is-enabled httpd
+apache ALL=(ALL) NOPASSWD: /bin/systemctl status scsi-target-utils, /usr/bin/systemctl status scsi-target-utils
+apache ALL=(ALL) NOPASSWD: /bin/systemctl is-active scsi-target-utils, /usr/bin/systemctl is-active scsi-target-utils
+apache ALL=(ALL) NOPASSWD: /bin/systemctl is-enabled scsi-target-utils, /usr/bin/systemctl is-enabled scsi-target-utils
+apache ALL=(ALL) NOPASSWD: /bin/rm -rf /opt/mhvtl/*, /usr/bin/rm -rf /opt/mhvtl/*
 apache ALL=(ALL) NOPASSWD: /usr/sbin/tgtadm
 apache ALL=(ALL) NOPASSWD: /usr/bin/lsscsi
 apache ALL=(ALL) NOPASSWD: /tmp/restart-appliance.sh
 apache ALL=(ALL) NOPASSWD: /tmp/shutdown-appliance.sh
+apache ALL=(ALL) NOPASSWD: /usr/bin/systemctl reboot
+apache ALL=(ALL) NOPASSWD: /usr/bin/systemctl poweroff
--- a/dist/adastra-vtl-installer/web-ui/api.php
+++ b/dist/adastra-vtl-installer/web-ui/api.php
@@ -566,23 +566,15 @@ function loadConfig() {
 }

 function restartService() {
-    // Check if user has sudo privileges
-    $output = [];
-    $returnCode = 0;
+    // Run systemctl restart in background to prevent PHP timeout/hanging
+    // We strictly redirect output to /dev/null to ensure exec returns immediately
+    
+    exec("sudo /usr/bin/systemctl restart mhvtl > /dev/null 2>&1 &");

-    exec('sudo systemctl restart mhvtl 2>&1', $output, $returnCode);
-
-    if ($returnCode === 0) {
-        echo json_encode([
-            'success' => true,
-            'message' => 'Service restarted successfully'
-        ]);
-    } else {
-        echo json_encode([
-            'success' => false,
-            'error' => 'Failed to restart service: ' . implode("\n", $output)
-        ]);
-    }
+    echo json_encode([
+        'success' => true,
+        'message' => 'Service restart initiated. Changes will take effect in a few seconds.'
+    ]);
 }

 function listTapes() {
@@ -869,7 +861,7 @@ function restartAppliance() {
    // Create a script to restart after a delay
    $script = '#!/bin/bash
 sleep 2
-systemctl reboot
+/usr/bin/systemctl reboot
 ';
    
    $scriptPath = '/tmp/restart-appliance.sh';
@@ -889,7 +881,7 @@ function shutdownAppliance() {
    // Create a script to shutdown after a delay
    $script = '#!/bin/bash
 sleep 2
-systemctl poweroff
+/usr/bin/systemctl poweroff
 ';
    
    $scriptPath = '/tmp/shutdown-appliance.sh';
@@ -908,7 +900,7 @@ systemctl poweroff
 function getDeviceMapping() {
    $output = [];
    // Get all SCSI devices with generic device names (sg)
-    exec("lsscsi -g 2>&1", $output);
+    exec("sudo /usr/bin/lsscsi -g 2>&1", $output);
    
    // Filter for interesting devices (mediumx and tape)
    $devices = [];
--- a/web-ui/api.php
+++ b/web-ui/api.php
@@ -566,23 +566,15 @@ function loadConfig() {
 }

 function restartService() {
-    // Check if user has sudo privileges
-    $output = [];
-    $returnCode = 0;
+    // Run systemctl restart in background to prevent PHP timeout/hanging
+    // We strictly redirect output to /dev/null to ensure exec returns immediately
+    
+    exec("sudo /usr/bin/systemctl restart mhvtl > /dev/null 2>&1 &");

-    exec('sudo systemctl restart mhvtl 2>&1', $output, $returnCode);
-
-    if ($returnCode === 0) {
-        echo json_encode([
-            'success' => true,
-            'message' => 'Service restarted successfully'
-        ]);
-    } else {
-        echo json_encode([
-            'success' => false,
-            'error' => 'Failed to restart service: ' . implode("\n", $output)
-        ]);
-    }
+    echo json_encode([
+        'success' => true,
+        'message' => 'Service restart initiated. Changes will take effect in a few seconds.'
+    ]);
 }

 function listTapes() {
@@ -869,7 +861,7 @@ function restartAppliance() {
    // Create a script to restart after a delay
    $script = '#!/bin/bash
 sleep 2
-systemctl reboot
+/usr/bin/systemctl reboot
 ';
    
    $scriptPath = '/tmp/restart-appliance.sh';
@@ -889,7 +881,7 @@ function shutdownAppliance() {
    // Create a script to shutdown after a delay
    $script = '#!/bin/bash
 sleep 2
-systemctl poweroff
+/usr/bin/systemctl poweroff
 ';
    
    $scriptPath = '/tmp/shutdown-appliance.sh';
@@ -908,7 +900,7 @@ systemctl poweroff
 function getDeviceMapping() {
    $output = [];
    // Get all SCSI devices with generic device names (sg)
-    exec("lsscsi -g 2>&1", $output);
+    exec("sudo /usr/bin/lsscsi -g 2>&1", $output);
    
    // Filter for interesting devices (mediumx and tape)
    $devices = [];