Add root/admin user detection #2432
Conversation
|
The method used is a little unconventional, so I'm open to feedback on that. I tested on a Windows 10 machine and Ubuntu 18.04 machine and it works on both. |
|
I feel this should be bypassable in some cases (docker container, local dev server). Maybe we can skip it when using the same flag that skips the build date check. |
|
even in a docker container you should create a user, but I agree that a flag should be added. I highly disagree with reusing flags tho, that make them ambiguous. |
|
Not sure why you'd want to bypass this in any instance, if you're on some weird temporary setup you can just acknowledge and ignore the warning knowing it won't affect you. |
This patch detects whether or not the server is currently executing as a privileged user and spits out a warning. The warning serves as a sort-of PSA for newer server admins who don't understand the risks of running as root. We've seen plenty of bad/malicious plugins hit markets, and there's been a few close-calls with exploits in the past. Hopefully this helps mitigate some potential damage to servers, even if it is just a warning.
zachbr
force-pushed
the
feature/root-check
branch
from
eb56cf0 to
2e69afa
Compare
This reverts commit 555ca59. Unknown issue on CentOS/RHEL(?) requires further examination.
Followed by spamming this: CentOS |
|
https://stackoverflow.com/questions/23960451/java-system-preferences-under-different-users-in-linux Hmm... Is this on every CentOS box? Seems like a possible broken Java install. |
5 participants
This patch detects whether or not the server is currently executing as a privileged user and spits out a warning. The warning serves as a sort-of PSA for newer server admins who don't understand the risks of running as root.
We've seen plenty of bad/malicious plugins hit markets, and there's been a few close-calls with exploits in the past. Hopefully this helps mitigate some potential damage to servers, even if it is just a warning.