Merge pull request #854 from YunoHost/remove-unecessary-sudo

[mod] Remove those random sudo which are useless yet triggers LDAP warning when LDAP is in bad state

data/helpers.d/apt

@@ -13,7 +13,7 @@ ynh_wait_dpkg_free() {
     for try in `seq 1 17`
     do
         # Check if /var/lib/dpkg/lock is used by another process
-        if sudo lsof /var/lib/dpkg/lock > /dev/null
+        if lsof /var/lib/dpkg/lock > /dev/null
         then
             echo "apt is already in use..."
             # Sleep an exponential time at each round

data/helpers.d/backup

@@ -179,7 +179,7 @@ ynh_restore () {
 # usage: _get_archive_path ORIGIN_PATH
 _get_archive_path () {
     # For security reasons we use csv python library to read the CSV
-    sudo python -c "
+    python -c "
 import sys
 import csv
 with open(sys.argv[1], 'r') as backup_file:
@@ -302,7 +302,7 @@ ynh_store_file_checksum () {
     ynh_handle_getopts_args "$@"
 
     local checksum_setting_name=checksum_${file//[\/ ]/_}    # Replace all '/' and ' ' by '_'
-    ynh_app_setting_set --app=$app --key=$checksum_setting_name --value=$(sudo md5sum "$file" | cut -d' ' -f1)
+    ynh_app_setting_set --app=$app --key=$checksum_setting_name --value=$(md5sum "$file" | cut -d' ' -f1)
 
     # If backup_file_checksum isn't empty, ynh_backup_if_checksum_is_different has made a backup
     if [ -n "${backup_file_checksum-}" ]
@@ -339,11 +339,11 @@ ynh_backup_if_checksum_is_different () {
     backup_file_checksum=""
     if [ -n "$checksum_value" ]
     then    # Proceed only if a value was stored into the app settings
-        if [ -e $file ] && ! echo "$checksum_value $file" | sudo md5sum -c --status
+        if [ -e $file ] && ! echo "$checksum_value $file" | md5sum -c --status
         then    # If the checksum is now different
             backup_file_checksum="/home/yunohost.conf/backup/$file.backup.$(date '+%Y%m%d.%H%M%S')"
-            sudo mkdir -p "$(dirname "$backup_file_checksum")"
+            mkdir -p "$(dirname "$backup_file_checksum")"
-            sudo cp -a "$file" "$backup_file_checksum"    # Backup the current file
+            cp -a "$file" "$backup_file_checksum"    # Backup the current file
             ynh_print_warn "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file_checksum"
             echo "$backup_file_checksum"    # Return the name of the backup file
         fi
@@ -394,7 +394,7 @@ ynh_backup_before_upgrade () {
     if [ "$NO_BACKUP_UPGRADE" -eq 0 ]
     then
         # Check if a backup already exists with the prefix 1
-        if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1
+        if yunohost backup list | grep -q $app_bck-pre-upgrade1
         then
             # Prefix becomes 2 to preserve the previous backup
             backup_number=2
@@ -402,14 +402,14 @@ ynh_backup_before_upgrade () {
         fi
 
         # Create backup
-        sudo BACKUP_CORE_ONLY=1 yunohost backup create --apps $app --name $app_bck-pre-upgrade$backup_number --debug
+        BACKUP_CORE_ONLY=1 yunohost backup create --apps $app --name $app_bck-pre-upgrade$backup_number --debug
         if [ "$?" -eq 0 ]
         then
             # If the backup succeeded, remove the previous backup
-            if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number
+            if yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number
             then
                 # Remove the previous backup only if it exists
-                sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number > /dev/null
+                yunohost backup delete $app_bck-pre-upgrade$old_backup_number > /dev/null
             fi
         else
             ynh_die --message="Backup failed, the upgrade process was aborted."
@@ -438,12 +438,12 @@ ynh_restore_upgradebackup () {
     if [ "$NO_BACKUP_UPGRADE" -eq 0 ]
     then
         # Check if an existing backup can be found before removing and restoring the application.
-        if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number
+        if yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number
         then
             # Remove the application then restore it
-            sudo yunohost app remove $app
+            yunohost app remove $app
             # Restore the backup
-            sudo yunohost backup restore $app_bck-pre-upgrade$backup_number --apps $app --force --debug
+            yunohost backup restore $app_bck-pre-upgrade$backup_number --apps $app --force --debug
             ynh_die --message="The app was restored to the way it was before the failed upgrade."
         fi
     else

data/helpers.d/logging

@@ -46,10 +46,10 @@ ynh_print_info() {
 # Requires YunoHost version 2.6.4 or higher.
 ynh_no_log() {
   local ynh_cli_log=/var/log/yunohost/yunohost-cli.log
-  sudo cp -a ${ynh_cli_log} ${ynh_cli_log}-move
+  cp -a ${ynh_cli_log} ${ynh_cli_log}-move
   eval $@
   local exit_code=$?
-  sudo mv ${ynh_cli_log}-move ${ynh_cli_log}
+  mv ${ynh_cli_log}-move ${ynh_cli_log}
   return $?
 }
 

data/helpers.d/logrotate

@@ -90,8 +90,8 @@ $logfile {
 	$su_directive
 }
 EOF
-	sudo mkdir -p $(dirname "$logfile")	# Create the log directory, if not exist
+	mkdir -p $(dirname "$logfile")	# Create the log directory, if not exist
-	cat ${app}-logrotate | sudo $customtee /etc/logrotate.d/$app > /dev/null	# Append this config to the existing config file, or replace the whole config file (depending on $customtee)
+	cat ${app}-logrotate | $customtee /etc/logrotate.d/$app > /dev/null	# Append this config to the existing config file, or replace the whole config file (depending on $customtee)
 }
 
 # Remove the app's logrotate config.
@@ -101,6 +101,6 @@ EOF
 # Requires YunoHost version 2.6.4 or higher.
 ynh_remove_logrotate () {
 	if [ -e "/etc/logrotate.d/$app" ]; then
-		sudo rm "/etc/logrotate.d/$app"
+		rm "/etc/logrotate.d/$app"
 	fi
 }

data/helpers.d/mysql

@@ -44,7 +44,7 @@ ynh_mysql_execute_as_root() {
     ynh_handle_getopts_args "$@"
     database="${database:-}"
 
-    ynh_mysql_connect_as --user="root" --password="$(sudo cat $MYSQL_ROOT_PWD_FILE)" \
+    ynh_mysql_connect_as --user="root" --password="$(cat $MYSQL_ROOT_PWD_FILE)" \
         --database="$database" <<< "$sql"
 }
 
@@ -65,7 +65,7 @@ ynh_mysql_execute_file_as_root() {
     ynh_handle_getopts_args "$@"
     database="${database:-}"
 
-    ynh_mysql_connect_as --user="root" --password="$(sudo cat $MYSQL_ROOT_PWD_FILE)" \
+    ynh_mysql_connect_as --user="root" --password="$(cat $MYSQL_ROOT_PWD_FILE)" \
         --database="$database" < "$file"
 }
 
@@ -126,7 +126,7 @@ ynh_mysql_dump_db() {
     # Manage arguments with getopts
     ynh_handle_getopts_args "$@"
 
-    mysqldump -u "root" -p"$(sudo cat $MYSQL_ROOT_PWD_FILE)" --single-transaction --skip-dump-date "$database"
+    mysqldump -u "root" -p"$(cat $MYSQL_ROOT_PWD_FILE)" --single-transaction --skip-dump-date "$database"
 }
 
 # Create a user
@@ -223,7 +223,7 @@ ynh_mysql_remove_db () {
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 
-	local mysql_root_password=$(sudo cat $MYSQL_ROOT_PWD_FILE)
+	local mysql_root_password=$(cat $MYSQL_ROOT_PWD_FILE)
 	if mysqlshow -u root -p$mysql_root_password | grep -q "^| $db_name"; then	# Check if the database exists
 		ynh_mysql_drop_db $db_name	# Remove the database	
 	else

data/helpers.d/nginx

@@ -22,7 +22,7 @@ ynh_add_nginx_config () {
 	finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf"
 	local others_var=${1:-}
 	ynh_backup_if_checksum_is_different --file="$finalnginxconf"
-	sudo cp ../conf/nginx.conf "$finalnginxconf"
+	cp ../conf/nginx.conf "$finalnginxconf"
 
 	# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
 	# Substitute in a nginx config file only if the variable is not empty

data/helpers.d/php

@@ -28,12 +28,12 @@ ynh_add_fpm_config () {
 	ynh_app_setting_set --app=$app --key=fpm_service --value="$fpm_service"
 	finalphpconf="$fpm_config_dir/pool.d/$app.conf"
 	ynh_backup_if_checksum_is_different --file="$finalphpconf"
-	sudo cp ../conf/php-fpm.conf "$finalphpconf"
+	cp ../conf/php-fpm.conf "$finalphpconf"
 	ynh_replace_string --match_string="__NAMETOCHANGE__" --replace_string="$app" --target_file="$finalphpconf"
 	ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalphpconf"
 	ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="$finalphpconf"
 	ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$phpversion" --target_file="$finalphpconf"
-	sudo chown root: "$finalphpconf"
+	chown root: "$finalphpconf"
 	ynh_store_file_checksum --file="$finalphpconf"
 
 	if [ -e "../conf/php-fpm.ini" ]
@@ -41,8 +41,8 @@ ynh_add_fpm_config () {
 		echo "Packagers ! Please do not use a separate php ini file, merge your directives in the pool file instead." >&2
 		finalphpini="$fpm_config_dir/conf.d/20-$app.ini"
 		ynh_backup_if_checksum_is_different "$finalphpini"
-		sudo cp ../conf/php-fpm.ini "$finalphpini"
+		cp ../conf/php-fpm.ini "$finalphpini"
-		sudo chown root: "$finalphpini"
+		chown root: "$finalphpini"
 		ynh_store_file_checksum "$finalphpini"
 	fi
 	ynh_systemd_action --service_name=$fpm_service --action=reload

data/helpers.d/postgresql

@@ -45,7 +45,7 @@ ynh_psql_execute_as_root() {
 	ynh_handle_getopts_args "$@"
 	database="${database:-}"
 
-	ynh_psql_connect_as --user="postgres" --password="$(sudo cat $PSQL_ROOT_PWD_FILE)" \
+	ynh_psql_connect_as --user="postgres" --password="$(cat $PSQL_ROOT_PWD_FILE)" \
 		--database="$database" <<<"$sql"
 }
 
@@ -66,7 +66,7 @@ ynh_psql_execute_file_as_root() {
 	ynh_handle_getopts_args "$@"
 	database="${database:-}"
 
-	ynh_psql_connect_as --user="postgres" --password="$(sudo cat $PSQL_ROOT_PWD_FILE)" \
+	ynh_psql_connect_as --user="postgres" --password="$(cat $PSQL_ROOT_PWD_FILE)" \
 		--database="$database" <"$file"
 }
 
@@ -160,7 +160,7 @@ ynh_psql_user_exists() {
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 
-	if ! sudo --login --user=postgres PGUSER="postgres" PGPASSWORD="$(sudo cat $PSQL_ROOT_PWD_FILE)" psql -tAc "SELECT rolname FROM pg_roles WHERE rolname='$user';" | grep --quiet "$user" ; then
+	if ! sudo --login --user=postgres PGUSER="postgres" PGPASSWORD="$(cat $PSQL_ROOT_PWD_FILE)" psql -tAc "SELECT rolname FROM pg_roles WHERE rolname='$user';" | grep --quiet "$user" ; then
 		return 1
 	else
 		return 0
@@ -179,7 +179,7 @@ ynh_psql_database_exists() {
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 
-	if ! sudo --login --user=postgres PGUSER="postgres" PGPASSWORD="$(sudo cat $PSQL_ROOT_PWD_FILE)" psql -tAc "SELECT datname FROM pg_database WHERE datname='$database';" | grep --quiet "$database"; then
+	if ! sudo --login --user=postgres PGUSER="postgres" PGPASSWORD="$(cat $PSQL_ROOT_PWD_FILE)" psql -tAc "SELECT datname FROM pg_database WHERE datname='$database';" | grep --quiet "$database"; then
 		return 1
 	else
 		return 0
@@ -243,7 +243,7 @@ ynh_psql_remove_db() {
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 
-	local psql_root_password=$(sudo cat $PSQL_ROOT_PWD_FILE)
+	local psql_root_password=$(cat $PSQL_ROOT_PWD_FILE)
 	if ynh_psql_database_exists --database=$db_name; then # Check if the database exists
 		ynh_psql_drop_db $db_name # Remove the database
 	else

data/helpers.d/setting

@@ -211,7 +211,7 @@ ynh_webpath_available () {
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 
-	sudo yunohost domain url-available $domain $path_url
+	yunohost domain url-available $domain $path_url
 }
 
 # Register/book a web path for an app
@@ -234,7 +234,7 @@ ynh_webpath_register () {
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 
-	sudo yunohost app register-url $app $domain $path_url
+	yunohost app register-url $app $domain $path_url
 }
 
 # Create a new permission for the app

data/helpers.d/string

@@ -49,7 +49,7 @@ ynh_replace_string () {
 	match_string=${match_string//${delimit}/"\\${delimit}"}
 	replace_string=${replace_string//${delimit}/"\\${delimit}"}
 
-	sudo sed --in-place "s${delimit}${match_string}${delimit}${replace_string}${delimit}g" "$target_file"
+	sed --in-place "s${delimit}${match_string}${delimit}${replace_string}${delimit}g" "$target_file"
 }
 
 # Substitute/replace a special string by another in a file

data/helpers.d/systemd

@@ -28,7 +28,7 @@ ynh_add_systemd_config () {
 
 	finalsystemdconf="/etc/systemd/system/$service.service"
 	ynh_backup_if_checksum_is_different --file="$finalsystemdconf"
-	sudo cp ../conf/$template "$finalsystemdconf"
+	cp ../conf/$template "$finalsystemdconf"
 
 	# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
 	# Substitute in a nginx config file only if the variable is not empty
@@ -40,9 +40,9 @@ ynh_add_systemd_config () {
 	fi
 	ynh_store_file_checksum --file="$finalsystemdconf"
 
-	sudo chown root: "$finalsystemdconf"
+	chown root: "$finalsystemdconf"
-	sudo systemctl enable $service
+	systemctl enable $service
-	sudo systemctl daemon-reload
+	systemctl daemon-reload
 }
 
 # Remove the dedicated systemd config

data/helpers.d/user

@@ -16,7 +16,7 @@ ynh_user_exists() {
     # Manage arguments with getopts
     ynh_handle_getopts_args "$@"
 
-    sudo yunohost user list --output-as json | grep -q "\"username\": \"${username}\""
+    yunohost user list --output-as json | grep -q "\"username\": \"${username}\""
 }
 
 # Retrieve a YunoHost user information
@@ -38,7 +38,7 @@ ynh_user_get_info() {
     # Manage arguments with getopts
     ynh_handle_getopts_args "$@"
 
-    sudo yunohost user info "$username" --output-as plain | ynh_get_plain_key "$key"
+    yunohost user info "$username" --output-as plain | ynh_get_plain_key "$key"
 }
 
 # Get the list of YunoHost users
@@ -50,7 +50,7 @@ ynh_user_get_info() {
 #
 # Requires YunoHost version 2.4.0 or higher.
 ynh_user_list() {
-    sudo yunohost user list --output-as plain --quiet \
+    yunohost user list --output-as plain --quiet \
       | awk '/^##username$/{getline; print}'
 }
 

data/hooks/backup/05-conf_ldap

@@ -11,7 +11,7 @@ backup_dir="${1}/conf/ldap"
 
 # Backup the configuration
 ynh_backup "/etc/ldap/slapd.conf" "${backup_dir}/slapd.conf"
-sudo slapcat -b cn=config -l "${backup_dir}/cn=config.master.ldif"
+slapcat -b cn=config -l "${backup_dir}/cn=config.master.ldif"
 
 # Backup the database
-sudo slapcat -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"
+slapcat -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"

data/hooks/conf_regen/01-yunohost

@@ -38,20 +38,20 @@ do_pre_regen() {
   if [[ -f $services_path ]]; then
       tmp_services_path="${services_path}-tmp"
       new_services_path="${services_path}-new"
-      sudo cp "$services_path" "$tmp_services_path"
+      cp "$services_path" "$tmp_services_path"
       _update_services "$new_services_path" || {
-        sudo mv "$tmp_services_path" "$services_path"
+        mv "$tmp_services_path" "$services_path"
         exit 1
       }
       if [[ -f $new_services_path ]]; then
           # replace services.yml with new one
-          sudo mv "$new_services_path" "$services_path"
+          mv "$new_services_path" "$services_path"
-          sudo mv "$tmp_services_path" "${services_path}-old"
+          mv "$tmp_services_path" "${services_path}-old"
       else
-          sudo rm -f "$tmp_services_path"
+          rm -f "$tmp_services_path"
       fi
   else
-      sudo cp services.yml /etc/yunohost/services.yml
+      cp services.yml /etc/yunohost/services.yml
   fi
 
   # add cron job for diagnosis to be ran at 7h and 19h + a random delay between
@@ -66,7 +66,7 @@ EOF
 }
 
 _update_services() {
-  sudo python2 - << EOF
+  python2 - << EOF
 import yaml
 
 

data/hooks/conf_regen/02-ssl

@@ -99,13 +99,13 @@ do_post_regen() {
   [[ -f "${index_txt}" ]] || {
     if [[ -f "${index_txt}.saved" ]]; then
       # use saved database from 2.2
-      sudo cp "${index_txt}.saved" "${index_txt}"
+      cp "${index_txt}.saved" "${index_txt}"
     elif [[ -f "${index_txt}.old" ]]; then
       # ... or use the state-1 database
-      sudo cp "${index_txt}.old" "${index_txt}"
+      cp "${index_txt}.old" "${index_txt}"
     else
       # ... or create an empty one
-      sudo touch "${index_txt}"
+      touch "${index_txt}"
     fi
   }
 

data/hooks/conf_regen/06-slapd

@@ -126,7 +126,7 @@ do_post_regen() {
   # wait a maximum time of 5 minutes
   # yes, force-reload behave like a restart
   number_of_wait=0
-  while ! sudo su admin -c '' && ((number_of_wait < 60))
+  while ! su admin -c '' && ((number_of_wait < 60))
   do
       sleep 5
       ((number_of_wait += 1))

data/hooks/conf_regen/09-nslcd

@@ -14,7 +14,7 @@ do_post_regen() {
   regen_conf_files=$1
 
   [[ -z "$regen_conf_files" ]] \
-    || sudo service nslcd restart
+    || service nslcd restart
 }
 
 FORCE=${2:-0}

data/hooks/conf_regen/12-metronome

@@ -14,7 +14,7 @@ do_pre_regen() {
 
   # retrieve variables
   main_domain=$(cat /etc/yunohost/current_host)
-  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
+  domain_list=$(yunohost domain list --output-as plain --quiet)
 
   # install main conf file
   cat metronome.cfg.lua \
@@ -42,19 +42,19 @@ do_post_regen() {
   regen_conf_files=$1
 
   # retrieve variables
-  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
+  domain_list=$(yunohost domain list --output-as plain --quiet)
 
   # create metronome directories for domains
   for domain in $domain_list; do
-    sudo mkdir -p "/var/lib/metronome/${domain//./%2e}/pep"
+    mkdir -p "/var/lib/metronome/${domain//./%2e}/pep"
   done
 
   # fix some permissions
-  sudo chown -R metronome: /var/lib/metronome/
+  chown -R metronome: /var/lib/metronome/
-  sudo chown -R metronome: /etc/metronome/conf.d/
+  chown -R metronome: /etc/metronome/conf.d/
 
   [[ -z "$regen_conf_files" ]] \
-    || sudo service metronome restart
+    || service metronome restart
 }
 
 FORCE=${2:-0}

data/hooks/conf_regen/15-nginx

@@ -45,7 +45,7 @@ do_pre_regen() {
 
   # retrieve variables
   main_domain=$(cat /etc/yunohost/current_host)
-  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
+  domain_list=$(yunohost domain list --output-as plain --quiet)
 
   # Support different strategy for security configurations
   export compatibility="$(yunohost settings get 'security.nginx.compatibility')"
@@ -102,15 +102,15 @@ do_post_regen() {
   [ -z "$regen_conf_files" ] && exit 0
 
   # retrieve variables
-  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
+  domain_list=$(yunohost domain list --output-as plain --quiet)
 
   # create NGINX conf directories for domains
   for domain in $domain_list; do
-    sudo mkdir -p "/etc/nginx/conf.d/${domain}.d"
+    mkdir -p "/etc/nginx/conf.d/${domain}.d"
   done
 
   # Reload nginx configuration
-  pgrep nginx && sudo service nginx reload
+  pgrep nginx && service nginx reload
 }
 
 FORCE=${2:-0}

data/hooks/conf_regen/19-postfix

@@ -20,7 +20,7 @@ do_pre_regen() {
 
   # prepare main.cf conf file
   main_domain=$(cat /etc/yunohost/current_host)
-  domain_list=$(sudo yunohost domain list --output-as plain --quiet | tr '\n' ' ')
+  domain_list=$(yunohost domain list --output-as plain --quiet | tr '\n' ' ')
 
   # Support different strategy for security configurations
   export compatibility="$(yunohost settings get 'security.postfix.compatibility')"
@@ -49,7 +49,7 @@ do_post_regen() {
   regen_conf_files=$1
 
   [[ -z "$regen_conf_files" ]] \
-    || { sudo service postfix restart && sudo service postsrsd restart; }
+    || { service postfix restart && service postsrsd restart; }
 
 }
 

data/hooks/conf_regen/25-dovecot

@@ -36,28 +36,28 @@ do_pre_regen() {
 do_post_regen() {
   regen_conf_files=$1
 
-  sudo mkdir -p "/etc/dovecot/yunohost.d/pre-ext.d"
+  mkdir -p "/etc/dovecot/yunohost.d/pre-ext.d"
-  sudo mkdir -p "/etc/dovecot/yunohost.d/post-ext.d"
+  mkdir -p "/etc/dovecot/yunohost.d/post-ext.d"
 
   # create vmail user
   id vmail > /dev/null 2>&1 \
-    || sudo adduser --system --ingroup mail --uid 500 vmail
+    || adduser --system --ingroup mail --uid 500 vmail
 
   # fix permissions
-  sudo chown -R vmail:mail /etc/dovecot/global_script
+  chown -R vmail:mail /etc/dovecot/global_script
-  sudo chmod 770 /etc/dovecot/global_script
+  chmod 770 /etc/dovecot/global_script
-  sudo chown root:mail /var/mail
+  chown root:mail /var/mail
-  sudo chmod 1775 /var/mail
+  chmod 1775 /var/mail
 
   [ -z "$regen_conf_files" ] && exit 0
 
   # compile sieve script
   [[ "$regen_conf_files" =~ dovecot\.sieve ]] && {
-    sudo sievec /etc/dovecot/global_script/dovecot.sieve
+    sievec /etc/dovecot/global_script/dovecot.sieve
-    sudo chown -R vmail:mail /etc/dovecot/global_script
+    chown -R vmail:mail /etc/dovecot/global_script
   }
 
-  sudo service dovecot restart
+  service dovecot restart
 }
 
 FORCE=${2:-0}

data/hooks/conf_regen/31-rspamd

@@ -22,11 +22,11 @@ do_post_regen() {
   ##
 
   # create DKIM directory with proper permission
-  sudo mkdir -p /etc/dkim
+  mkdir -p /etc/dkim
-  sudo chown _rspamd /etc/dkim
+  chown _rspamd /etc/dkim
 
   # retrieve domain list
-  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
+  domain_list=$(yunohost domain list --output-as plain --quiet)
 
   # create DKIM key for domains
   for domain in $domain_list; do
@@ -34,30 +34,30 @@ do_post_regen() {
     [ ! -f "$domain_key" ] && {
       # We use a 1024 bit size because nsupdate doesn't seem to be able to
       # handle 2048...
-      sudo opendkim-genkey --domain="$domain" \
+      opendkim-genkey --domain="$domain" \
           --selector=mail --directory=/etc/dkim -b 1024
-      sudo mv /etc/dkim/mail.private "$domain_key"
+      mv /etc/dkim/mail.private "$domain_key"
-      sudo mv /etc/dkim/mail.txt "/etc/dkim/${domain}.mail.txt"
+      mv /etc/dkim/mail.txt "/etc/dkim/${domain}.mail.txt"
     }
   done
 
   # fix DKIM keys permissions
-  sudo chown _rspamd /etc/dkim/*.mail.key
+  chown _rspamd /etc/dkim/*.mail.key
-  sudo chmod 400 /etc/dkim/*.mail.key
+  chmod 400 /etc/dkim/*.mail.key
 
   regen_conf_files=$1
   [ -z "$regen_conf_files" ] && exit 0
 
   # compile sieve script
   [[ "$regen_conf_files" =~ rspamd\.sieve ]] && {
-    sudo sievec /etc/dovecot/global_script/rspamd.sieve
+    sievec /etc/dovecot/global_script/rspamd.sieve
-    sudo chown -R vmail:mail /etc/dovecot/global_script
+    chown -R vmail:mail /etc/dovecot/global_script
-    sudo systemctl restart dovecot
+    systemctl restart dovecot
   }
 
   # Restart rspamd due to the upgrade
   # https://rspamd.com/announce/2016/08/01/rspamd-1.3.1.html 
-  sudo systemctl -q restart rspamd.service 
+  systemctl -q restart rspamd.service 
 }
 
 FORCE=${2:-0}

data/hooks/conf_regen/34-mysql

@@ -18,12 +18,12 @@ do_post_regen() {
   if [ ! -f /etc/yunohost/mysql ]; then
 
       # ensure that mysql is running
-      sudo systemctl -q is-active mysql.service \
+      systemctl -q is-active mysql.service \
-        || sudo service mysql start
+        || service mysql start
 
       # generate and set new root password
       mysql_password=$(ynh_string_random 10)
-      sudo mysqladmin -s -u root -pyunohost password "$mysql_password" || {
+      mysqladmin -s -u root -pyunohost password "$mysql_password" || {
         if [ $FORCE -eq 1 ]; then
             echo "It seems that you have already configured MySQL." \
               "YunoHost needs to have a root access to MySQL to runs its" \
@@ -31,13 +31,13 @@ do_post_regen() {
               "You can find this new password in /etc/yunohost/mysql." >&2
 
             # set new password with debconf
-            sudo debconf-set-selections << EOF
+            debconf-set-selections << EOF
 $MYSQL_PKG mysql-server/root_password password $mysql_password
 $MYSQL_PKG mysql-server/root_password_again password $mysql_password
 EOF
 
             # reconfigure Debian package
-            sudo dpkg-reconfigure -freadline -u "$MYSQL_PKG" 2>&1
+            dpkg-reconfigure -freadline -u "$MYSQL_PKG" 2>&1
         else
             echo "It seems that you have already configured MySQL." \
               "YunoHost needs to have a root access to MySQL to runs its" \
@@ -49,12 +49,12 @@ EOF
       }
 
       # store new root password
-      echo "$mysql_password" | sudo tee /etc/yunohost/mysql
+      echo "$mysql_password" | tee /etc/yunohost/mysql
-      sudo chmod 400 /etc/yunohost/mysql
+      chmod 400 /etc/yunohost/mysql
   fi
 
   [[ -z "$regen_conf_files" ]] \
-    || sudo service mysql restart
+    || service mysql restart
 }
 
 FORCE=${2:-0}

data/hooks/conf_regen/37-avahi-daemon

@@ -15,7 +15,7 @@ do_post_regen() {
   regen_conf_files=$1
 
   [[ -z "$regen_conf_files" ]] \
-    || sudo service avahi-daemon restart
+    || service avahi-daemon restart
 }
 
 FORCE=${2:-0}

data/hooks/conf_regen/40-glances

@@ -14,7 +14,7 @@ do_post_regen() {
   regen_conf_files=$1
 
   [[ -z "$regen_conf_files" ]] \
-    || sudo service glances restart
+    || service glances restart
 }
 
 FORCE=${2:-0}

data/hooks/conf_regen/43-dnsmasq

@@ -26,7 +26,7 @@ do_pre_regen() {
   ynh_validate_ip4 "$ipv4" || ipv4='127.0.0.1'
   ipv6=$(curl -s -6 https://ip6.yunohost.org 2>/dev/null || true)
   ynh_validate_ip6 "$ipv6" || ipv6=''
-  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
+  domain_list=$(yunohost domain list --output-as plain --quiet)
 
   # add domain conf files
   for domain in $domain_list; do
@@ -51,7 +51,7 @@ do_post_regen() {
   regen_conf_files=$1
 
   [[ -z "$regen_conf_files" ]] \
-    || sudo service dnsmasq restart
+    || service dnsmasq restart
 }
 
 FORCE=${2:-0}

data/hooks/conf_regen/46-nsswitch

@@ -14,7 +14,7 @@ do_post_regen() {
   regen_conf_files=$1
 
   [[ -z "$regen_conf_files" ]] \
-    || sudo service unscd restart
+    || service unscd restart
 }
 
 FORCE=${2:-0}

data/hooks/conf_regen/52-fail2ban

@@ -20,7 +20,7 @@ do_post_regen() {
   regen_conf_files=$1
 
   [[ -z "$regen_conf_files" ]] \
-    || sudo service fail2ban restart
+    || service fail2ban restart
 }
 
 FORCE=${2:-0}

data/hooks/restore/05-conf_ldap

@@ -5,7 +5,7 @@ if [[ $EUID -ne 0 ]]; then
     # We need to execute this script as root, since the ldap
     # service will be shut down during the operation (and sudo
     # won't be available)
-    sudo /bin/bash $(readlink -f $0) $1
+    /bin/bash $(readlink -f $0) $1
 
 else
 

data/hooks/restore/08-conf_ssh

@@ -1,8 +1,8 @@
 backup_dir="$1/conf/ssh"
 
 if [ -d /etc/ssh/ ]; then
-    sudo cp -a $backup_dir/. /etc/ssh
+    cp -a $backup_dir/. /etc/ssh
-    sudo service ssh restart
+    service ssh restart
 else
     echo "SSH is not installed"
 fi

data/hooks/restore/11-conf_ynh_mysql

@@ -9,15 +9,15 @@ service mysql status >/dev/null 2>&1 \
 
 # retrieve current and new password
 [ -f /etc/yunohost/mysql ] \
-  && curr_pwd=$(sudo cat /etc/yunohost/mysql)
+  && curr_pwd=$(cat /etc/yunohost/mysql)
-new_pwd=$(sudo cat "${backup_dir}/root_pwd" || sudo cat "${backup_dir}/mysql")
+new_pwd=$(cat "${backup_dir}/root_pwd" || cat "${backup_dir}/mysql")
 [ -z "$curr_pwd" ] && curr_pwd="yunohost"
 [ -z "$new_pwd" ] && {
     new_pwd=$(ynh_string_random 10)
 }
 
 # attempt to change it
-sudo mysqladmin -s -u root -p"$curr_pwd" password "$new_pwd" || {
+mysqladmin -s -u root -p"$curr_pwd" password "$new_pwd" || {
 
   echo "It seems that you have already configured MySQL." \
     "YunoHost needs to have a root access to MySQL to runs its" \
@@ -25,18 +25,18 @@ sudo mysqladmin -s -u root -p"$curr_pwd" password "$new_pwd" || {
     "You can find this new password in /etc/yunohost/mysql." >&2
 
   # set new password with debconf
-  sudo debconf-set-selections << EOF
+  debconf-set-selections << EOF
 $MYSQL_PKG mysql-server/root_password password $new_pwd
 $MYSQL_PKG mysql-server/root_password_again password $new_pwd
 EOF
 
   # reconfigure Debian package
-  sudo dpkg-reconfigure -freadline -u "$MYSQL_PKG" 2>&1
+  dpkg-reconfigure -freadline -u "$MYSQL_PKG" 2>&1
 }
 
 # store new root password
-echo "$new_pwd" | sudo tee /etc/yunohost/mysql
+echo "$new_pwd" | tee /etc/yunohost/mysql
-sudo chmod 400 /etc/yunohost/mysql
+chmod 400 /etc/yunohost/mysql
 
 # reload the grant tables
-sudo mysqladmin -s -u root -p"$new_pwd" reload
+mysqladmin -s -u root -p"$new_pwd" reload

data/hooks/restore/14-conf_ssowat

@@ -1,3 +1,3 @@
 backup_dir="$1/conf/ssowat"
 
-sudo cp -a $backup_dir/. /etc/ssowat
+cp -a $backup_dir/. /etc/ssowat

data/hooks/restore/17-data_home

@@ -1,3 +1,3 @@
 backup_dir="$1/data/home"
 
-sudo cp -a $backup_dir/. /home
+cp -a $backup_dir/. /home

data/hooks/restore/20-conf_ynh_firewall

@@ -1,4 +1,4 @@
 backup_dir="$1/conf/ynh/firewall"
 
-sudo cp -a $backup_dir/. /etc/yunohost
+cp -a $backup_dir/. /etc/yunohost
-sudo yunohost firewall reload
+yunohost firewall reload

data/hooks/restore/21-conf_ynh_certs

@@ -1,7 +1,7 @@
 backup_dir="$1/conf/ynh/certs"
 
-sudo mkdir -p /etc/yunohost/certs/
+mkdir -p /etc/yunohost/certs/
 
-sudo cp -a $backup_dir/. /etc/yunohost/certs/
+cp -a $backup_dir/. /etc/yunohost/certs/
-sudo service nginx reload
+service nginx reload
-sudo service metronome reload
+service metronome reload

data/hooks/restore/23-data_mail

@@ -1,8 +1,8 @@
 backup_dir="$1/data/mail"
 
-sudo cp -a $backup_dir/. /var/mail/ || echo 'No mail found'
+cp -a $backup_dir/. /var/mail/ || echo 'No mail found'
-sudo chown -R vmail:mail /var/mail/
+chown -R vmail:mail /var/mail/
 
 # Restart services to use migrated certs
-sudo service postfix restart
+service postfix restart
-sudo service dovecot restart
+service dovecot restart

data/hooks/restore/26-conf_xmpp

@@ -1,7 +1,7 @@
 backup_dir="$1/conf/xmpp"
 
-sudo cp -a $backup_dir/etc/. /etc/metronome
+cp -a $backup_dir/etc/. /etc/metronome
-sudo cp -a $backup_dir/var/. /var/lib/metronome
+cp -a $backup_dir/var/. /var/lib/metronome
 
 # Restart to apply new conf and certs
-sudo service metronome restart
+service metronome restart

data/hooks/restore/29-conf_nginx

@@ -1,7 +1,7 @@
 backup_dir="$1/conf/nginx"
 
 # Copy all conf except apps specific conf located in DOMAIN.d
-sudo find $backup_dir/ -mindepth 1 -maxdepth 1 -name '*.d' -or -exec sudo cp -a {} /etc/nginx/conf.d/ \;
+find $backup_dir/ -mindepth 1 -maxdepth 1 -name '*.d' -or -exec cp -a {} /etc/nginx/conf.d/ \;
 
 # Restart to use new conf and certs
-sudo service nginx restart
+service nginx restart

data/hooks/restore/32-conf_cron

@@ -1,6 +1,6 @@
 backup_dir="$1/conf/cron"
 
-sudo cp -a $backup_dir/. /etc/cron.d
+cp -a $backup_dir/. /etc/cron.d
 
 # Restart just in case
-sudo service cron restart
+service cron restart

data/hooks/restore/40-conf_ynh_currenthost

@@ -1,3 +1,3 @@
 backup_dir="$1/conf/ynh"
 
-sudo cp -a "${backup_dir}/current_host" /etc/yunohost/current_host
+cp -a "${backup_dir}/current_host" /etc/yunohost/current_host

src/yunohost/tools.py

@@ -180,9 +180,9 @@ def _set_hostname(hostname, pretty_hostname=None):
 
     # Then call hostnamectl
     commands = [
-        "sudo hostnamectl --static    set-hostname".split() + [hostname],
+        "hostnamectl --static    set-hostname".split() + [hostname],
-        "sudo hostnamectl --transient set-hostname".split() + [hostname],
+        "hostnamectl --transient set-hostname".split() + [hostname],
-        "sudo hostnamectl --pretty    set-hostname".split() + [pretty_hostname]
+        "hostnamectl --pretty    set-hostname".split() + [pretty_hostname]
     ]
 
     for command in commands: