Repository: karaf Updated Branches: refs/heads/master 333feab0e -> 5fab953da
[KARAF-4853] Option to prevent execution as root in karaf script Usually, it is not a good idea to run Karaf as root. In some cases, it might even be harmful. This patch introduces the option `KARAF_NOROOT` which, if set, will prevent Karaf from being executed as root. Signed-off-by: Lars Kiesow <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/b6a6ae5e Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/b6a6ae5e Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/b6a6ae5e Branch: refs/heads/master Commit: b6a6ae5e1c7130c52d21dfdad65dd2ffa7107204 Parents: 333feab Author: Lars Kiesow <[email protected]> Authored: Sat Nov 26 01:06:39 2016 +0100 Committer: Jean-Baptiste Onofré <[email protected]> Committed: Wed Dec 7 11:13:28 2016 +0100 ---------------------------------------------------------------------- .../src/main/filtered-resources/resources/bin/setenv | 2 +- .../features/base/src/main/resources/resources/bin/karaf | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/b6a6ae5e/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv b/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv index c68c868..edacd0b 100755 --- a/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv +++ b/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv @@ -48,4 +48,4 @@ # export KARAF_OPTS # Additional available Karaf options # export KARAF_DEBUG # Enable debug mode # export KARAF_REDIRECT # Enable/set the std/err redirection when using bin/start - +# export KARAF_NOROOT # Prevent execution as root if set to true http://git-wip-us.apache.org/repos/asf/karaf/blob/b6a6ae5e/assemblies/features/base/src/main/resources/resources/bin/karaf ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/bin/karaf b/assemblies/features/base/src/main/resources/resources/bin/karaf index ee8a45a..62c5e28 100755 --- a/assemblies/features/base/src/main/resources/resources/bin/karaf +++ b/assemblies/features/base/src/main/resources/resources/bin/karaf @@ -71,6 +71,14 @@ die() { exit 1 } +forceNoRoot() { + # If configured, prevent execution as root + if [ "${KARAF_NOROOT}" ] && [ "$(id -u)" -eq 0 ]; then + echo "Do not run as root!" + exit 2 + fi +} + detectOS() { # OS specific support (must be 'true' or 'false'). cygwin=false; @@ -359,6 +367,9 @@ checkRootInstance() { } init() { + # Prevent root execution if configured + forceNoRoot + # Determine if there is special OS handling we must perform detectOS
