Redflag/fix_agent_permissions.sh

#!/bin/bash

# Fix RedFlag Agent Permissions Script
# This script fixes the systemd service permissions for the agent

set -e

echo "🔧 RedFlag Agent Permission Fix Script"
echo "======================================"
echo ""

# Check if running as root or with sudo
if [ "$EUID" -ne 0 ]; then
    echo "This script needs sudo privileges to modify systemd service files."
    echo "You'll be prompted for your password."
    echo ""
    exec sudo "$0" "$@"
fi

echo "✅ Running with sudo privileges"
echo ""

# Step 1: Check current systemd service
echo "📋 Step 1: Checking current systemd service..."
SERVICE_FILE="/etc/systemd/system/redflag-agent.service"

if [ ! -f "$SERVICE_FILE" ]; then
    echo "❌ Service file not found: $SERVICE_FILE"
    exit 1
fi

echo "✅ Service file found: $SERVICE_FILE"
echo ""

# Step 2: Check if ReadWritePaths is already configured
echo "📋 Step 2: Checking current service configuration..."
if grep -q "ReadWritePaths=" "$SERVICE_FILE"; then
    echo "✅ ReadWritePaths already configured"
    grep "ReadWritePaths=" "$SERVICE_FILE"
else
    echo "⚠️  ReadWritePaths not found - needs to be added"
fi
echo ""

# Step 3: Backup original service file
echo "💾 Step 3: Creating backup of service file..."
cp "$SERVICE_FILE" "${SERVICE_FILE}.backup.$(date +%Y%m%d_%H%M%S)"
echo "✅ Backup created"
echo ""

# Step 4: Add ReadWritePaths to service file
echo "🔧 Step 4: Adding ReadWritePaths to service file..."

# Check if [Service] section exists
if ! grep -q "^\[Service\]" "$SERVICE_FILE"; then
    echo "❌ [Service] section not found in service file"
    exit 1
fi

# Add ReadWritePaths after [Service] section if not already present
if ! grep -q "ReadWritePaths=/var/lib/redflag" "$SERVICE_FILE"; then
    # Use sed to add the line after [Service]
    sed -i '/^\[Service\]/a ReadWritePaths=/var/lib/redflag /etc/redflag /var/log/redflag' "$SERVICE_FILE"
    echo "✅ ReadWritePaths added to service file"
else
    echo "✅ ReadWritePaths already present"
fi
echo ""

# Step 5: Show the updated service file
echo "📄 Step 5: Updated service file:"
echo "--------------------------------"
grep -A 20 "^\[Service\]" "$SERVICE_FILE" | head -25
echo "--------------------------------"
echo ""

# Step 6: Create necessary directories
echo "📁 Step 6: Creating necessary directories..."
mkdir -p /var/lib/redflag/migration_backups
mkdir -p /var/log/redflag
mkdir -p /etc/redflag

echo "✅ Directories created/verified"
echo ""

# Step 7: Set proper permissions
echo "🔐 Step 7: Setting permissions..."
if id "redflag-agent" &>/dev/null; then
    chown -R redflag-agent:redflag-agent /var/lib/redflag
    chown -R redflag-agent:redflag-agent /var/log/redflag
    echo "✅ Permissions set for redflag-agent user"
else
    echo "⚠️  redflag-agent user not found - skipping permission setting"
fi
echo ""

# Step 8: Reload systemd
echo "🔄 Step 8: Reloading systemd..."
systemctl daemon-reload
sleep 2
echo "✅ Systemd reloaded"
echo ""

# Step 9: Restart the agent
echo "🚀 Step 9: Restarting redflag-agent service..."
systemctl restart redflag-agent
sleep 3
echo "✅ Service restarted"
echo ""

# Step 10: Check service status
echo "📊 Step 10: Checking service status..."
echo "--------------------------------"
systemctl status redflag-agent --no-pager -n 10
echo "--------------------------------"
echo ""

# Step 11: Check logs
echo "📝 Step 11: Recent logs..."
echo "--------------------------------"
journalctl -u redflag-agent -n 20 --no-pager
echo "--------------------------------"
echo ""

echo "🎉 Script completed!"
echo ""
echo "Next steps:"
echo "1. Wait 30 seconds for agent to stabilize"
echo "2. Run: sudo journalctl -u redflag-agent -f"
echo "3. Check if agent registers successfully"
echo "4. Verify in UI: http://localhost:3000/agents"
echo ""
echo "If the agent still fails, check:"
echo "- Database connection in /etc/redflag/config.json"
echo "- Network connectivity to aggregator-server"
echo "- Token validity in the database"