bail if ES is run as root

This commit is contained in:
Robert Muir 2015-05-05 01:29:57 -04:00
parent d62771ac5d
commit 6ec6567bad
3 changed files with 23 additions and 1 deletions

View File

@ -91,6 +91,15 @@ public class Bootstrap {
Natives.tryMlockall();
}
// check if the user is running as root, and bail
if (Natives.definitelyRunningAsRoot()) {
if (Boolean.parseBoolean(System.getProperty("es.insecure.allow.root"))) {
Loggers.getLogger(Bootstrap.class).warn("running as ROOT user. this is a bad idea!");
} else {
throw new RuntimeException("don't run elasticsearch as root.");
}
}
// listener for windows close event
if (ctrlHandler) {
Natives.addConsoleCtrlHandler(new ConsoleCtrlHandler() {

View File

@ -48,7 +48,7 @@ public class CLibrary {
public static native int mlockall(int flags);
public static native int munlockall();
public static native int geteuid();
private CLibrary() {
}

View File

@ -62,6 +62,19 @@ public class Natives {
}
}
/** Returns true if user is root, false if not, or if we don't know */
public static boolean definitelyRunningAsRoot() {
if (Constants.WINDOWS) {
return false; // don't know
}
try {
return CLibrary.geteuid() == 0;
} catch (Throwable error) {
logger.warn("unable to determine euid", error);
return false; // don't know
}
}
public static void addConsoleCtrlHandler(ConsoleCtrlHandler handler) {
// The console Ctrl handler is necessary on Windows platforms only.
if (Constants.WINDOWS) {