Repository: cassandra Updated Branches: refs/heads/trunk 2f6a9f0be -> 425dc5f7d
prevent the command "cassandra start" from starting a cluster patch by Robert Stupp; reviewed by Michael Shuler for CASSANDRA-8142 Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/425dc5f7 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/425dc5f7 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/425dc5f7 Branch: refs/heads/trunk Commit: 425dc5f7dc9802b25f933d762d42ea99a215617c Parents: 2f6a9f0 Author: Robert Stupp <[email protected]> Authored: Sat Dec 5 08:25:27 2015 +0100 Committer: Robert Stupp <[email protected]> Committed: Sat Dec 5 08:25:27 2015 +0100 ---------------------------------------------------------------------- CHANGES.txt | 1 + NEWS.txt | 1 + bin/cassandra | 20 ++++++++++++++++++-- 3 files changed, 20 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/425dc5f7/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index 0511ed4..6ce9aa9 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 3.2 + * Prevent running Cassandra as root (CASSANDRA-8142) * bound maximum in-flight commit log replay mutation bytes to 64 megabytes (CASSANDRA-8639) * Normalize all scripts (CASSANDRA-10679) * Make compression ratio much more accurate (CASSANDRA-10225) http://git-wip-us.apache.org/repos/asf/cassandra/blob/425dc5f7/NEWS.txt ---------------------------------------------------------------------- diff --git a/NEWS.txt b/NEWS.txt index ec39f27..3ae1031 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -25,6 +25,7 @@ New features Upgrading --------- - The compression ratio metrics computation has been modified to be more accurate. + - Running Cassandra as root is prevented by default. 3.1 http://git-wip-us.apache.org/repos/asf/cassandra/blob/425dc5f7/bin/cassandra ---------------------------------------------------------------------- diff --git a/bin/cassandra b/bin/cassandra index 0bbd9fb..810bc4b 100755 --- a/bin/cassandra +++ b/bin/cassandra @@ -211,7 +211,7 @@ launch_service() } # Parse any command line options. -args=`getopt vfhp:bD:H:E: "$@"` +args=`getopt vRfhp:bD:H:E: "$@"` eval set -- "$args" classname="org.apache.cassandra.service.CassandraDaemon" @@ -234,6 +234,10 @@ while true; do "$JAVA" -cp "$CLASSPATH" org.apache.cassandra.tools.GetVersion exit 0 ;; + -R) + allow_root="yes" + shift + ;; -D) properties="$properties -D$2" shift 2 @@ -248,15 +252,27 @@ while true; do ;; --) shift + if [ "x$*" != "x" ] ; then + echo "Error parsing arguments! Unknown argument \"$*\"" >&2 + exit 1 + fi break ;; *) - echo "Error parsing arguments!" >&2 + echo "Error parsing arguments! Unknown argument \"$1\"" >&2 exit 1 ;; esac done +if [ "x$allow_root" != "xyes" ] ; then + if [ "`id -u`" = "1" ] || [ "`id -g`" = "0" ] ; then + echo "Running Cassandra as root user or group is not recommended - please start Cassandra using a different system user." + echo "If you really want to force running Cassandra as root, use -R command line option." + exit 1 + fi +fi + # see CASSANDRA-7254 "$JAVA" -cp "$CLASSPATH" $JVM_OPTS 2>&1 | grep -q 'Error: Exception thrown by the agent : java.lang.NullPointerException' if [ $? -ne "1" ]; then
