#!/bin/bash # Fix RedFlag Agent Permissions Script # This script fixes the systemd service permissions for the agent set -e echo "🔧 RedFlag Agent Permission Fix Script" echo "======================================" echo "" # Check if running as root or with sudo if [ "$EUID" -ne 0 ]; then echo "This script needs sudo privileges to modify systemd service files." echo "You'll be prompted for your password." echo "" exec sudo "$0" "$@" fi echo "✅ Running with sudo privileges" echo "" # Step 1: Check current systemd service echo "📋 Step 1: Checking current systemd service..." SERVICE_FILE="/etc/systemd/system/redflag-agent.service" if [ ! -f "$SERVICE_FILE" ]; then echo "❌ Service file not found: $SERVICE_FILE" exit 1 fi echo "✅ Service file found: $SERVICE_FILE" echo "" # Step 2: Check if ReadWritePaths is already configured echo "📋 Step 2: Checking current service configuration..." if grep -q "ReadWritePaths=" "$SERVICE_FILE"; then echo "✅ ReadWritePaths already configured" grep "ReadWritePaths=" "$SERVICE_FILE" else echo "⚠️ ReadWritePaths not found - needs to be added" fi echo "" # Step 3: Backup original service file echo "💾 Step 3: Creating backup of service file..." cp "$SERVICE_FILE" "${SERVICE_FILE}.backup.$(date +%Y%m%d_%H%M%S)" echo "✅ Backup created" echo "" # Step 4: Add ReadWritePaths to service file echo "🔧 Step 4: Adding ReadWritePaths to service file..." # Check if [Service] section exists if ! grep -q "^\[Service\]" "$SERVICE_FILE"; then echo "❌ [Service] section not found in service file" exit 1 fi # Add ReadWritePaths after [Service] section if not already present if ! grep -q "ReadWritePaths=/var/lib/redflag" "$SERVICE_FILE"; then # Use sed to add the line after [Service] sed -i '/^\[Service\]/a ReadWritePaths=/var/lib/redflag /etc/redflag /var/log/redflag' "$SERVICE_FILE" echo "✅ ReadWritePaths added to service file" else echo "✅ ReadWritePaths already present" fi echo "" # Step 5: Show the updated service file echo "📄 Step 5: Updated service file:" echo "--------------------------------" grep -A 20 "^\[Service\]" "$SERVICE_FILE" | head -25 echo "--------------------------------" echo "" # Step 6: Create necessary directories echo "📁 Step 6: Creating necessary directories..." mkdir -p /var/lib/redflag/migration_backups mkdir -p /var/log/redflag mkdir -p /etc/redflag echo "✅ Directories created/verified" echo "" # Step 7: Set proper permissions echo "🔐 Step 7: Setting permissions..." if id "redflag-agent" &>/dev/null; then chown -R redflag-agent:redflag-agent /var/lib/redflag chown -R redflag-agent:redflag-agent /var/log/redflag echo "✅ Permissions set for redflag-agent user" else echo "⚠️ redflag-agent user not found - skipping permission setting" fi echo "" # Step 8: Reload systemd echo "🔄 Step 8: Reloading systemd..." systemctl daemon-reload sleep 2 echo "✅ Systemd reloaded" echo "" # Step 9: Restart the agent echo "🚀 Step 9: Restarting redflag-agent service..." systemctl restart redflag-agent sleep 3 echo "✅ Service restarted" echo "" # Step 10: Check service status echo "📊 Step 10: Checking service status..." echo "--------------------------------" systemctl status redflag-agent --no-pager -n 10 echo "--------------------------------" echo "" # Step 11: Check logs echo "📝 Step 11: Recent logs..." echo "--------------------------------" journalctl -u redflag-agent -n 20 --no-pager echo "--------------------------------" echo "" echo "🎉 Script completed!" echo "" echo "Next steps:" echo "1. Wait 30 seconds for agent to stabilize" echo "2. Run: sudo journalctl -u redflag-agent -f" echo "3. Check if agent registers successfully" echo "4. Verify in UI: http://localhost:3000/agents" echo "" echo "If the agent still fails, check:" echo "- Database connection in /etc/redflag/config.json" echo "- Network connectivity to aggregator-server" echo "- Token validity in the database"