From c2fe329b5e683dd025429b45daef0f849d05c844 Mon Sep 17 00:00:00 2001
From: Matthew Saunders Brown <msb@stackaas.com>
Date: Wed, 20 Apr 2022 12:08:00 -0700
Subject: [PATCH] remove --shell option from sudo, not needed

---
 bin/letsencrypt-certonly.sh              | 2 +-
 bin/letsencrypt-del.sh                   | 2 +-
 bin/letsencrypt-sync-certs-to-etc-ssl.sh | 5 +++++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/bin/letsencrypt-certonly.sh b/bin/letsencrypt-certonly.sh
index bd29eca..784286f 100644
--- a/bin/letsencrypt-certonly.sh
+++ b/bin/letsencrypt-certonly.sh
@@ -2,7 +2,7 @@
 
 # must be root
 if [ "$USER" != "root" ]; then
-  exec sudo -u root --shell /bin/bash $0 $@
+  exec sudo -u root $0 $@
 fi
 
 help()
diff --git a/bin/letsencrypt-del.sh b/bin/letsencrypt-del.sh
index 3dd6171..5215319 100644
--- a/bin/letsencrypt-del.sh
+++ b/bin/letsencrypt-del.sh
@@ -2,7 +2,7 @@
 
 # must be root
 if [ "$USER" != "root" ]; then
-  exec sudo -u root --shell /bin/bash $0 $@
+  exec sudo -u root $0 $@
 fi
 
 help()
diff --git a/bin/letsencrypt-sync-certs-to-etc-ssl.sh b/bin/letsencrypt-sync-certs-to-etc-ssl.sh
index c4fd8c0..4362291 100644
--- a/bin/letsencrypt-sync-certs-to-etc-ssl.sh
+++ b/bin/letsencrypt-sync-certs-to-etc-ssl.sh
@@ -13,6 +13,11 @@
 # or specificy the path to the script with the --post-hook cerbot command option
 # to have it automatically run when attempting to obtain/renew certificates.
 
+# must be root
+if [ "$USER" != "root" ]; then
+  exec sudo -u root $0 $@
+fi
+
 # make dir if it doesn't already exist
 if [[ ! -e /etc/ssl/letsencrypt/ ]]; then
     install --owner=root --group=ssl-cert --mode=750 --directory /etc/ssl/letsencrypt