[rancid] Checking for root

Alan McKinnon alan.mckinnon at gmail.com
Thu Jun 6 14:57:10 UTC 2013


On 06/06/2013 16:45, Matthew Walster wrote:
> More often than not, people are coming to me with RANCID issues that
> have arisen because someone has been impatient and decided to run
> rancid-run manually rather than letting the next run initiate manually.
> 
> The only problem with that is that they tend to run it as "root" rather
> than the rancid user.
> 
> Would it be worth putting a check in so that rancid-run script won't run
> unless it's as a non-privileged user (or even better, build it into the
> automake run to discover the intended final user).
> 
> Simple code sample:
> 
> if [[ $EUID -eq 0 && $force -ne 1 ]]
> then
>         echo "Run this as the RANCID user!"
>         exit 1
> fi
> 
> There's a "force" option there, just in case you really did run it as
> root, which seems like bad practice to me...
> 
> Just a thought!


+1

I'm all in favour of scripts not letting themselves be run as root. The
automake idea is better still, as permissions and ownerships issues from
running scripts as the wrong user can be very annoying to track down,
and that problem never resolves.

Personally, I also always apply this rule forcefully with no recourse:

Anyone who abuses the root account loses the root account.

Naturally, this is not a technical solution :-)

-- 
Alan McKinnon
alan.mckinnon at gmail.com



More information about the Rancid-discuss mailing list