Repository: karaf Updated Branches: refs/heads/karaf-4.0.x 8dbc85955 -> f6d9c8bde
[KARAF-4853] Option to prevent execution as root in karaf script Usually, it is not a good idea to run Karaf as root. In some cases, it might even be harmful. This patch introduces the option `KARAF_NOROOT` which, if set, will prevent Karaf from being executed as root. Signed-off-by: Lars Kiesow <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/f6d9c8bd Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/f6d9c8bd Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/f6d9c8bd Branch: refs/heads/karaf-4.0.x Commit: f6d9c8bded23d30890aeff77d8c1a8c56d227a5d Parents: 8dbc859 Author: Lars Kiesow <[email protected]> Authored: Sat Nov 26 01:06:39 2016 +0100 Committer: Jean-Baptiste Onofré <[email protected]> Committed: Wed Dec 7 14:27:32 2016 +0100 ---------------------------------------------------------------------- .../src/main/filtered-resources/resources/bin/setenv | 2 +- .../features/base/src/main/resources/resources/bin/karaf | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/f6d9c8bd/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv b/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv index c68c868..edacd0b 100755 --- a/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv +++ b/assemblies/features/base/src/main/filtered-resources/resources/bin/setenv @@ -48,4 +48,4 @@ # export KARAF_OPTS # Additional available Karaf options # export KARAF_DEBUG # Enable debug mode # export KARAF_REDIRECT # Enable/set the std/err redirection when using bin/start - +# export KARAF_NOROOT # Prevent execution as root if set to true http://git-wip-us.apache.org/repos/asf/karaf/blob/f6d9c8bd/assemblies/features/base/src/main/resources/resources/bin/karaf ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/bin/karaf b/assemblies/features/base/src/main/resources/resources/bin/karaf index 7c46dc5..ea55187 100755 --- a/assemblies/features/base/src/main/resources/resources/bin/karaf +++ b/assemblies/features/base/src/main/resources/resources/bin/karaf @@ -70,6 +70,14 @@ die() { exit 1 } +forceNoRoot() { + # If configured, prevent execution as root + if [ "${KARAF_NOROOT}" ] && [ "$(id -u)" -eq 0 ]; then + echo "Do not run as root!" + exit 2 + fi +} + detectOS() { # OS specific support (must be 'true' or 'false'). cygwin=false; @@ -354,6 +362,9 @@ checkRootInstance() { } init() { + # Prevent root execution if configured + forceNoRoot + # Determine if there is special OS handling we must perform detectOS
