Fix incorrect CurrentUser check for docker rootless (#24441)
The IsRunUserMatchCurrentUser logic is fragile, the "SSH" config is not ready when it executes.
This commit is contained in:
parent
f7cf7e6848
commit
2a56666fd2
|
@ -250,6 +250,9 @@ func loadCommonSettingsFrom(cfg ConfigProvider) {
|
||||||
loadLogFrom(cfg)
|
loadLogFrom(cfg)
|
||||||
loadServerFrom(cfg)
|
loadServerFrom(cfg)
|
||||||
loadSSHFrom(cfg)
|
loadSSHFrom(cfg)
|
||||||
|
|
||||||
|
mustCurrentRunUserMatch(cfg) // it depends on the SSH config, only non-builtin SSH server requires this check
|
||||||
|
|
||||||
loadOAuth2From(cfg)
|
loadOAuth2From(cfg)
|
||||||
loadSecurityFrom(cfg)
|
loadSecurityFrom(cfg)
|
||||||
loadAttachmentFrom(cfg)
|
loadAttachmentFrom(cfg)
|
||||||
|
@ -282,14 +285,6 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
|
||||||
RunMode = rootSec.Key("RUN_MODE").MustString("prod")
|
RunMode = rootSec.Key("RUN_MODE").MustString("prod")
|
||||||
}
|
}
|
||||||
IsProd = strings.EqualFold(RunMode, "prod")
|
IsProd = strings.EqualFold(RunMode, "prod")
|
||||||
// Does not check run user when the install lock is off.
|
|
||||||
installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
|
|
||||||
if installLock {
|
|
||||||
currentUser, match := IsRunUserMatchCurrentUser(RunUser)
|
|
||||||
if !match {
|
|
||||||
log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// check if we run as root
|
// check if we run as root
|
||||||
if os.Getuid() == 0 {
|
if os.Getuid() == 0 {
|
||||||
|
@ -301,6 +296,17 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func mustCurrentRunUserMatch(rootCfg ConfigProvider) {
|
||||||
|
// Does not check run user when the "InstallLock" is off.
|
||||||
|
installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
|
||||||
|
if installLock {
|
||||||
|
currentUser, match := IsRunUserMatchCurrentUser(RunUser)
|
||||||
|
if !match {
|
||||||
|
log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// LoadSettings initializes the settings for normal start up
|
// LoadSettings initializes the settings for normal start up
|
||||||
func LoadSettings() {
|
func LoadSettings() {
|
||||||
loadDBSetting(CfgProvider)
|
loadDBSetting(CfgProvider)
|
||||||
|
|
Loading…
Reference in a new issue