Toughen up iiab-apps-to-be-installed, iiab-summary, iiab-diagnostics

scripts/iiab-apps-to-be-installed

@@ -8,6 +8,11 @@ iiab_var_value() {
     [[ $v2 != "" ]] && echo $v2 || echo $v1    # [ "$v2" ] ALSO WORKS
 }
 
+# https://askubuntu.com/questions/1250974/user-root-cant-write-to-file-in-tmp-owned-by-someone-else-in-20-04-but-can-in
+# https://unix.stackexchange.com/questions/503111/group-permissions-for-root-not-working-in-tmp
+[[ $(id -un) == "root" ]] &&
+    rm -f /tmp/iiab-apps-list /tmp/iiab-apps-to-be-installed
+
 # 2022-06-18: 40 apps (list not quite complete)
 #grep -l _installed: /opt/iiab/iiab/roles/*/tasks/install.yml | cut -d/ -f6 > /tmp/iiab-apps-list
 
@@ -17,6 +22,13 @@ iiab_var_value() {
 # 2022-06-18: 50 apps (list long but ok!) -- adds these 10: dansguardian, dhcpd, iiab_admin, minetest, named, pylibs, squid, wondershaper, www_base, www_options
 grep -hro '[A-Za-z_][A-Za-z_]*_installed: True' --exclude-dir=0-DEPRECATED-ROLES /opt/iiab/iiab/roles | sed 's/_installed: True$//' | sort | uniq > /tmp/iiab-apps-list
 
+# Non-root CANNOT rm files from /tmp, but CAN write to them (unlike root!!)
+# This ALSO creates the file (useful when "Apps2B" == 0, for iiab-summary etc)
+truncate -s 0 /tmp/iiab-apps-to-be-installed
+
+# So other (non-root) users CAN later write to these, even if they CAN'T chmod!
+chmod 777 /tmp/iiab-apps-list /tmp/iiab-apps-to-be-installed 2>/dev/null
+
 while read app; do
     if [[ $app == "calibre-web" ]]; then
         app=calibreweb
@@ -27,8 +39,6 @@ while read app; do
     # echo ${app}_install: $(iiab_var_value ${app}_install)
 
     if [[ $(iiab_var_value ${app}_install) =~ ^[Tt]rue$ ]] && ! grep -q "${app}_installed: True" /etc/iiab/iiab_state.yml; then
-        echo $app
+        echo $app | tee -a /tmp/iiab-apps-to-be-installed
     fi
 done < /tmp/iiab-apps-list
-
-rm /tmp/iiab-apps-list    # So a non-root user can later run this cleanly!