diff options
Diffstat (limited to 'net-mgmt/librenms/files/patch-18372')
| -rw-r--r-- | net-mgmt/librenms/files/patch-18372 | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/net-mgmt/librenms/files/patch-18372 b/net-mgmt/librenms/files/patch-18372 new file mode 100644 index 000000000000..4062191d420c --- /dev/null +++ b/net-mgmt/librenms/files/patch-18372 @@ -0,0 +1,128 @@ +From 4f5320469a927e9dcf7c46948026824a91b4838c Mon Sep 17 00:00:00 2001 +From: Tony Murray <murraytony@gmail.com> +Date: Wed, 15 Oct 2025 12:31:34 -0500 +Subject: [PATCH] More accurate running user check Previously we did not have + access to config, so we had to infer the librenms user from the owner of the + executable. Because we are running later in the boot now, we can just use + config. Improve feedback text a bit. + +--- + app/Checks.php | 44 ------------------- + .../RunningAsIncorrectUserException.php | 10 +++++ + app/Listeners/CommandStartingListener.php | 20 ++++++++- + 3 files changed, 29 insertions(+), 45 deletions(-) + create mode 100644 app/Exceptions/RunningAsIncorrectUserException.php + +diff --git a/app/Checks.php b/app/Checks.php +index 5aa22f67cdbd..6f5caba39404 100644 +--- app/Checks.php ++++ app/Checks.php +@@ -84,48 +84,4 @@ public static function postAuth() + } + } + } +- +- /** +- * Check the script is running as the right user (works before config is available) +- */ +- public static function runningUser() +- { +- if (function_exists('posix_getpwuid') && posix_getpwuid(posix_geteuid())['name'] !== get_current_user()) { +- if (get_current_user() == 'root') { +- self::printMessage( +- 'Error: lnms file is owned by root, it should be owned and ran by a non-privileged user.', +- null, +- true +- ); +- } +- +- self::printMessage( +- 'Error: You must run lnms as the user ' . get_current_user(), +- null, +- true +- ); +- } +- } +- +- private static function printMessage($title, $content, $exit = false) +- { +- $content = (array) $content; +- +- if (PHP_SAPI == 'cli') { +- $format = "%s\n\n%s\n\n"; +- $message = implode(PHP_EOL, $content); +- } else { +- $format = "<h3 style='color: firebrick;'>%s</h3><p>%s</p>"; +- $message = ''; +- foreach ($content as $line) { +- $message .= "<p style='margin:0.5em'>$line</p>\n"; +- } +- } +- +- printf($format, $title, $message); +- +- if ($exit) { +- exit(1); +- } +- } + } +diff --git a/app/Exceptions/RunningAsIncorrectUserException.php b/app/Exceptions/RunningAsIncorrectUserException.php +new file mode 100644 +index 000000000000..6d1aca825d72 +--- /dev/null ++++ app/Exceptions/RunningAsIncorrectUserException.php +@@ -0,0 +1,10 @@ ++<?php ++ ++namespace App\Exceptions; ++ ++use Symfony\Component\Console\Exception\ExceptionInterface; ++ ++class RunningAsIncorrectUserException extends \Exception implements ExceptionInterface ++{ ++ // ++} +diff --git a/app/Listeners/CommandStartingListener.php b/app/Listeners/CommandStartingListener.php +index bb435fa52ab2..8432b25d4bab 100644 +--- app/Listeners/CommandStartingListener.php ++++ app/Listeners/CommandStartingListener.php +@@ -26,6 +26,7 @@ + + namespace App\Listeners; + ++use App\Exceptions\RunningAsIncorrectUserException; + use Illuminate\Console\Events\CommandStarting; + + class CommandStartingListener +@@ -34,6 +35,9 @@ class CommandStartingListener + 'list:bash-completion', + ]; + ++ /** ++ * @throws RunningAsIncorrectUserException ++ */ + public function handle(CommandStarting $event): void + { + // Check that we don't run this as the wrong user and break the install +@@ -41,6 +45,20 @@ public function handle(CommandStarting $event): void + return; + } + +- \App\Checks::runningUser(); ++ if (! function_exists('posix_getpwuid') || ! function_exists('posix_geteuid')) { ++ return; ++ } ++ ++ $current_user = posix_getpwuid(posix_geteuid())['name']; ++ $executable = basename($_SERVER['argv'][0] ?? $_SERVER['SCRIPT_FILENAME'] ?? 'this'); ++ ++ if ($current_user == 'root') { ++ throw new RunningAsIncorrectUserException("Error: $executable must not run as root."); ++ } ++ ++ $librenms_user = config('librenms.user'); ++ if ($librenms_user !== $current_user) { ++ throw new RunningAsIncorrectUserException("Error: $executable must be run as the user $librenms_user."); ++ } + } + } |