From a92edc7924fbc6f593bf05e07cb7d8d38d155050 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 24 Jul 2024 15:20:02 -0400
Subject: [PATCH] Apply ownership sanity check even for root

User could accidently run 'confluent' in a way that makes no sense,
block it the most accessible way.

The pid file should have blocked it, but systemd purges the directory
even on failure.
---
 confluent_server/confluent/main.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/confluent_server/confluent/main.py b/confluent_server/confluent/main.py
index b49d8f56..9fb27972 100644
--- a/confluent_server/confluent/main.py
+++ b/confluent_server/confluent/main.py
@@ -220,16 +220,20 @@ def setlimits():
 def assure_ownership(path):
     try:
         if os.getuid() != os.stat(path).st_uid:
-            sys.stderr.write('{} is not owned by confluent user, change ownership\n'.format(path))
+            if os.getuid() == 0:
+                sys.stderr.write('Attempting to run as root, when non-root usage is detected\n')
+            else:
+                sys.stderr.write('{} is not owned by confluent user, change ownership\n'.format(path))
             sys.exit(1)
     except OSError as e:
         if e.errno == 13:
-            sys.stderr.write('{} is not owned by confluent user, change ownership\n'.format(path))
+             if os.getuid() == 0:
+                sys.stderr.write('Attempting to run as root, when non-root usage is detected\n')
+            else:
+                sys.stderr.write('{} is not owned by confluent user, change ownership\n'.format(path))
             sys.exit(1)
 
 def sanity_check():
-    if os.getuid() == 0:
-        return True
     assure_ownership('/etc/confluent')
     assure_ownership('/etc/confluent/cfg')
     for filename in glob.glob('/etc/confluent/cfg/*'):