karaf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbono...@apache.org
Subject karaf git commit: [KARAF-4853] Option to prevent execution as root in karaf script
Date Wed, 07 Dec 2016 13:27:39 GMT
Repository: karaf
Updated Branches:
  refs/heads/karaf-4.0.x 8dbc85955 -> f6d9c8bde


[KARAF-4853] Option to prevent execution as root in karaf script

Usually, it is not a good idea to run Karaf as root. In some cases, it
might even be harmful. This patch introduces the option `KARAF_NOROOT`
which, if set, will prevent Karaf from being executed as root.

Signed-off-by: Lars Kiesow <lkiesow@uos.de>


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/f6d9c8bd
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/f6d9c8bd
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/f6d9c8bd

Branch: refs/heads/karaf-4.0.x
Commit: f6d9c8bded23d30890aeff77d8c1a8c56d227a5d
Parents: 8dbc859
Author: Lars Kiesow <lkiesow@uos.de>
Authored: Sat Nov 26 01:06:39 2016 +0100
Committer: Jean-Baptiste Onofré <jbonofre@apache.org>
Committed: Wed Dec 7 14:27:32 2016 +0100

----------------------------------------------------------------------
 .../src/main/filtered-resources/resources/bin/setenv     |  2 +-
 .../features/base/src/main/resources/resources/bin/karaf | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/f6d9c8bd/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv
----------------------------------------------------------------------
diff --git a/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv b/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv
index c68c868..edacd0b 100755
--- a/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv
+++ b/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv
@@ -48,4 +48,4 @@
 # export KARAF_OPTS # Additional available Karaf options
 # export KARAF_DEBUG # Enable debug mode
 # export KARAF_REDIRECT # Enable/set the std/err redirection when using bin/start
-
+# export KARAF_NOROOT # Prevent execution as root if set to true

http://git-wip-us.apache.org/repos/asf/karaf/blob/f6d9c8bd/assemblies/features/base/src/main/resources/resources/bin/karaf
----------------------------------------------------------------------
diff --git a/assemblies/features/base/src/main/resources/resources/bin/karaf b/assemblies/features/base/src/main/resources/resources/bin/karaf
index 7c46dc5..ea55187 100755
--- a/assemblies/features/base/src/main/resources/resources/bin/karaf
+++ b/assemblies/features/base/src/main/resources/resources/bin/karaf
@@ -70,6 +70,14 @@ die() {
     exit 1
 }
 
+forceNoRoot() {
+    # If configured, prevent execution as root
+	 if [ "${KARAF_NOROOT}" ] && [ "$(id -u)" -eq 0 ]; then
+        echo "Do not run as root!"
+        exit 2
+    fi
+}
+
 detectOS() {
     # OS specific support (must be 'true' or 'false').
     cygwin=false;
@@ -354,6 +362,9 @@ checkRootInstance() {
 }
 
 init() {
+    # Prevent root execution if configured
+	 forceNoRoot
+
     # Determine if there is special OS handling we must perform
     detectOS
 


Mime
View raw message