[rancid] Checking for root

heasley heas at shrubbery.net
Thu Jun 6 15:34:42 UTC 2013


Thu, Jun 06, 2013 at 04:57:10PM +0200, Alan McKinnon:
> On 06/06/2013 16:45, Matthew Walster wrote:
> > More often than not, people are coming to me with RANCID issues that
> > have arisen because someone has been impatient and decided to run
> > rancid-run manually rather than letting the next run initiate manually.
> > 
> > The only problem with that is that they tend to run it as "root" rather
> > than the rancid user.
> > 
> > Would it be worth putting a check in so that rancid-run script won't run
> > unless it's as a non-privileged user (or even better, build it into the
> > automake run to discover the intended final user).
> > 
> > Simple code sample:
> > 
> > if [[ $EUID -eq 0 && $force -ne 1 ]]
> > then
> >         echo "Run this as the RANCID user!"
> >         exit 1
> > fi
> > 
> > There's a "force" option there, just in case you really did run it as
> > root, which seems like bad practice to me...
> > 
> > Just a thought!
> 
> 
> +1
> 
> I'm all in favour of scripts not letting themselves be run as root. The
> automake idea is better still, as permissions and ownerships issues from
> running scripts as the wrong user can be very annoying to track down,
> and that problem never resolves.
> 
> Personally, I also always apply this rule forcefully with no recourse:
> 
> Anyone who abuses the root account loses the root account.

s/abuses/doesnt know what theyre doing with/

anyway, i dont care for such checks, i know what my UID is and things that
think they must protect me from myself are just annoying and its not the
Unix manner.  but, if folks would like this, i'd be willing to add a check
that is enabled by a rancid.conf option, which i believe would be sufficient,
right?


More information about the Rancid-discuss mailing list