Fix incorrect CurrentUser check for docker rootless (#24441)
The IsRunUserMatchCurrentUser logic is fragile, the "SSH" config is not ready when it executes.
This commit is contained in:
parent
f7cf7e6848
commit
2a56666fd2
@ -250,6 +250,9 @@ func loadCommonSettingsFrom(cfg ConfigProvider) {
|
||||
loadLogFrom(cfg)
|
||||
loadServerFrom(cfg)
|
||||
loadSSHFrom(cfg)
|
||||
|
||||
mustCurrentRunUserMatch(cfg) // it depends on the SSH config, only non-builtin SSH server requires this check
|
||||
|
||||
loadOAuth2From(cfg)
|
||||
loadSecurityFrom(cfg)
|
||||
loadAttachmentFrom(cfg)
|
||||
@ -282,14 +285,6 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
|
||||
RunMode = rootSec.Key("RUN_MODE").MustString("prod")
|
||||
}
|
||||
IsProd = strings.EqualFold(RunMode, "prod")
|
||||
// Does not check run user when the install lock is off.
|
||||
installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
|
||||
if installLock {
|
||||
currentUser, match := IsRunUserMatchCurrentUser(RunUser)
|
||||
if !match {
|
||||
log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
|
||||
}
|
||||
}
|
||||
|
||||
// check if we run as root
|
||||
if os.Getuid() == 0 {
|
||||
@ -301,6 +296,17 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
|
||||
}
|
||||
}
|
||||
|
||||
func mustCurrentRunUserMatch(rootCfg ConfigProvider) {
|
||||
// Does not check run user when the "InstallLock" is off.
|
||||
installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
|
||||
if installLock {
|
||||
currentUser, match := IsRunUserMatchCurrentUser(RunUser)
|
||||
if !match {
|
||||
log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// LoadSettings initializes the settings for normal start up
|
||||
func LoadSettings() {
|
||||
loadDBSetting(CfgProvider)
|
||||
|
Loading…
x
Reference in New Issue
Block a user