From cdeb4d8953d2b847991d02889de4747a2998bebd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <github@yubiuser.dev>
Date: Sat, 5 Apr 2025 22:33:30 +0200
Subject: [PATCH] Offer to add local user to pihole group on fresh
 installations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <github@yubiuser.dev>
---
 automated install/basic-install.sh | 59 ++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh
index 9e0246f0..d47bba38 100755
--- a/automated install/basic-install.sh	
+++ b/automated install/basic-install.sh	
@@ -1617,6 +1617,60 @@ create_pihole_user() {
     fi
 }
 
+# offer to add the first local user (UID 1000) to the pihole group
+local_user_to_pihole_group(){
+    local username
+    local str="Checking for user with UID 1000"
+    printf "  %b %s..." "${INFO}" "${str}"
+
+    username=$(getent passwd 1000 | cut -d: -f1)
+
+    # No user with UID 1000 found
+    if [[ -z "${username}" ]]; then
+        str="No user with UID 1000 found"
+        printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
+        return
+    fi
+    # User with UID 1000 already in pihole group
+    if id -nG "${username}" | grep -q pihole; then
+        str="User ${username} already in pihole group"
+        printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
+        return
+    fi
+
+    # User with UID 1000 not in pihole group
+    # Offer dialog to add user to pihole group
+    dialog --no-shadow --keep-tite \
+        --backtitle "Pi-hole Installation" \
+        --title "Add user to pihole group" \
+        --yesno "\\nFor privacy reasons certain Pi-hole CLI functions are only allowed to members of the newly created the local group 'pihole'.\
+\\n\\nYour first local user is '${username}' \
+\\n\\nWould you like to add '${username}' to the pihole group? \
+\\n\\n\\nP.S. Any user can be added to the group later manually. "\
+        "${r}" "${c}" && result=0 || result=$?
+
+    case ${result} in
+    "${DIALOG_OK}")
+        # If they chose yes,
+        printf "  %b Adding user ${username} to pihole group\\n" "${INFO}"
+        if usermod -aG pihole "${username}"; then
+            printf "  %b User ${username} added to pihole group\\n" "${TICK}"
+        else
+            printf "  %b Error adding user ${username} to pihole group\\n" "${CROSS}"
+        fi
+        ;;
+    "${DIALOG_CANCEL}")
+        # If they chose no,
+        printf "  %b Not adding user ${username} to pihole group\\n" "${INFO}"
+        ;;
+    "${DIALOG_ESC}")
+        # User pressed <ESC>
+        printf "  %b Escape pressed, exiting installer at user group choice.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+        exit 1
+        ;;
+    esac
+}
+
 # Install the logrotate script
 installLogrotate() {
     local str="Installing latest logrotate script"
@@ -2375,6 +2429,7 @@ main() {
         setLogging
         # Let the user decide the FTL privacy level
         setPrivacyLevel
+
     else
         # Setup adlist file if not exists
         installDefaultBlocklists
@@ -2384,6 +2439,10 @@ main() {
 
     # Create the pihole user
     create_pihole_user
+    if [[ "${fresh_install}" == true ]]; then
+        # Let the user decide if they want to put their local user into the pihole group
+        local_user_to_pihole_group
+    fi
 
     # Download and install FTL
     local binary