[rancid] Checking for root

heasley heas at shrubbery.net
Fri Jun 28 15:14:21 UTC 2013

Sat, Jun 08, 2013 at 09:20:23PM +0100, Matthew Walster:
> > how about just adding the check to rancid.conf?  that affects everything
> > that
> > reads it, the check can be customized (like adding a timer), or completely
> > disabled w/o an arg/etc.
> It'd be great if it was default-on though. Just my opinion though, like you
> say, it's only people unfamiliar with how RANCID works and think they're
> being helpful by running rancid-run immediately after altering a router.db

Like I said, only new installations would get this by default, but how about
this patch:

Index: etc/rancid.conf.sample.in
--- etc/rancid.conf.sample.in	(revision 2704)
+++ etc/rancid.conf.sample.in	(working copy)
@@ -8,6 +8,11 @@
 # Collating locale
+# Check that the effective UID is not root, which could lead to permissions
+# problems for user who is supposed to be running rancid.
+eval `id | sed -e 's/(.*//'`
+test "$uid" -eq 0 && echo "Do not run $0 as root!" && exit 1
 # Create files w/o world read/write/exec permissions, but read/exec permissions
 # for group.
 umask 027

More information about the Rancid-discuss mailing list