From: Aleš Mrázek Date: Tue, 24 Sep 2024 08:08:37 +0000 (+0200) Subject: python: manager: check the current user against the default constant when the server... X-Git-Tag: v6.0.9~8^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7f38aa6e937714561aed9c82531fdc2a3665a7a;p=thirdparty%2Fknot-resolver.git python: manager: check the current user against the default constant when the server starts --- diff --git a/python/knot_resolver/manager/server.py b/python/knot_resolver/manager/server.py index 972b167fb..059e45de0 100644 --- a/python/knot_resolver/manager/server.py +++ b/python/knot_resolver/manager/server.py @@ -8,6 +8,7 @@ import sys from functools import partial from http import HTTPStatus from pathlib import Path +from pwd import getpwuid from time import time from typing import Any, Dict, List, Literal, Optional, Set, Union, cast @@ -17,7 +18,7 @@ from aiohttp.web_app import Application from aiohttp.web_response import json_response from aiohttp.web_runner import AppRunner, TCPSite, UnixSite -from knot_resolver.constants import CONFIG_FILE +from knot_resolver.constants import CONFIG_FILE, USER from knot_resolver.controller import get_best_controller_implementation from knot_resolver.controller.exceptions import SubprocessControllerExecException from knot_resolver.controller.registered_workers import command_single_registered_worker @@ -517,6 +518,14 @@ async def start_server(config: Path = CONFIG_FILE) -> int: # Block signals during initialization to force their processing once everything is ready signal.pthread_sigmask(signal.SIG_BLOCK, Server.all_handled_signals()) + # Check if we are running under the intended user, if not, log a warning message + pw_username = getpwuid(os.getuid()).pw_name + if pw_username != USER: + logger.warning( + f"Knot Resolver does not run as the default '{USER}' user, but as '{pw_username}' instead." + " This may or may not affect the configuration validation and the proper functioning of the resolver." + ) + # before starting server, initialize the subprocess controller, config store, etc. Any errors during inicialization # are fatal try: