Apply ownership sanity check even for root

User could accidently run 'confluent' in a way that makes no sense, block it the most accessible way. The pid file should have blocked it, but systemd purges the directory even on failure.
2024-11-22 09:32:21 +00:00 · 2024-07-24 15:20:02 -04:00 · 2024-07-24 15:20:02 -04:00 · a92edc7924
commit a92edc7924
parent 714fefe31b
1 changed files with 8 additions and 4 deletions
--- a/confluent_server/confluent/main.py
+++ b/confluent_server/confluent/main.py
@ -220,16 +220,20 @@ def setlimits():
 def assure_ownership(path):
    try:
        if os.getuid() != os.stat(path).st_uid:
-            sys.stderr.write('{} is not owned by confluent user, change ownership\n'.format(path))
+            if os.getuid() == 0:
+                sys.stderr.write('Attempting to run as root, when non-root usage is detected\n')
+            else:
+                sys.stderr.write('{} is not owned by confluent user, change ownership\n'.format(path))
            sys.exit(1)
    except OSError as e:
        if e.errno == 13:
-            sys.stderr.write('{} is not owned by confluent user, change ownership\n'.format(path))
+             if os.getuid() == 0:
+                sys.stderr.write('Attempting to run as root, when non-root usage is detected\n')
+            else:
+                sys.stderr.write('{} is not owned by confluent user, change ownership\n'.format(path))
            sys.exit(1)

 def sanity_check():
-    if os.getuid() == 0:
-        return True
    assure_ownership('/etc/confluent')
    assure_ownership('/etc/confluent/cfg')
    for filename in glob.glob('/etc/confluent/cfg/*'):