[rancid] Checking for root
heasley
heas at shrubbery.net
Fri Jun 28 15:14:21 UTC 2013
Sat, Jun 08, 2013 at 09:20:23PM +0100, Matthew Walster:
> > how about just adding the check to rancid.conf? that affects everything
> > that
> > reads it, the check can be customized (like adding a timer), or completely
> > disabled w/o an arg/etc.
>
>
> It'd be great if it was default-on though. Just my opinion though, like you
> say, it's only people unfamiliar with how RANCID works and think they're
> being helpful by running rancid-run immediately after altering a router.db
Like I said, only new installations would get this by default, but how about
this patch:
Index: etc/rancid.conf.sample.in
===================================================================
--- etc/rancid.conf.sample.in (revision 2704)
+++ etc/rancid.conf.sample.in (working copy)
@@ -8,6 +8,11 @@
# Collating locale
LC_COLLATE="POSIX"; export LC_COLLATE
#
+# Check that the effective UID is not root, which could lead to permissions
+# problems for user who is supposed to be running rancid.
+eval `id | sed -e 's/(.*//'`
+test "$uid" -eq 0 && echo "Do not run $0 as root!" && exit 1
+#
# Create files w/o world read/write/exec permissions, but read/exec permissions
# for group.
umask 027
More information about the Rancid-discuss
mailing list