Fix incorrect CurrentUser check for docker rootless (#24441)

The IsRunUserMatchCurrentUser logic is fragile, the "SSH" config is not
ready when it executes.
This commit is contained in:
wxiaoguang 2023-05-01 02:14:57 +08:00 committed by GitHub
parent f7cf7e6848
commit 2a56666fd2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 8 deletions

View File

@ -250,6 +250,9 @@ func loadCommonSettingsFrom(cfg ConfigProvider) {
loadLogFrom(cfg) loadLogFrom(cfg)
loadServerFrom(cfg) loadServerFrom(cfg)
loadSSHFrom(cfg) loadSSHFrom(cfg)
mustCurrentRunUserMatch(cfg) // it depends on the SSH config, only non-builtin SSH server requires this check
loadOAuth2From(cfg) loadOAuth2From(cfg)
loadSecurityFrom(cfg) loadSecurityFrom(cfg)
loadAttachmentFrom(cfg) loadAttachmentFrom(cfg)
@ -282,14 +285,6 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
RunMode = rootSec.Key("RUN_MODE").MustString("prod") RunMode = rootSec.Key("RUN_MODE").MustString("prod")
} }
IsProd = strings.EqualFold(RunMode, "prod") IsProd = strings.EqualFold(RunMode, "prod")
// Does not check run user when the install lock is off.
installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
if installLock {
currentUser, match := IsRunUserMatchCurrentUser(RunUser)
if !match {
log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
}
}
// check if we run as root // check if we run as root
if os.Getuid() == 0 { if os.Getuid() == 0 {
@ -301,6 +296,17 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
} }
} }
func mustCurrentRunUserMatch(rootCfg ConfigProvider) {
// Does not check run user when the "InstallLock" is off.
installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
if installLock {
currentUser, match := IsRunUserMatchCurrentUser(RunUser)
if !match {
log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
}
}
}
// LoadSettings initializes the settings for normal start up // LoadSettings initializes the settings for normal start up
func LoadSettings() { func LoadSettings() {
loadDBSetting(CfgProvider) loadDBSetting(CfgProvider)