bail if ES is run as root
This commit is contained in:
parent
d62771ac5d
commit
6ec6567bad
|
@ -91,6 +91,15 @@ public class Bootstrap {
|
|||
Natives.tryMlockall();
|
||||
}
|
||||
|
||||
// check if the user is running as root, and bail
|
||||
if (Natives.definitelyRunningAsRoot()) {
|
||||
if (Boolean.parseBoolean(System.getProperty("es.insecure.allow.root"))) {
|
||||
Loggers.getLogger(Bootstrap.class).warn("running as ROOT user. this is a bad idea!");
|
||||
} else {
|
||||
throw new RuntimeException("don't run elasticsearch as root.");
|
||||
}
|
||||
}
|
||||
|
||||
// listener for windows close event
|
||||
if (ctrlHandler) {
|
||||
Natives.addConsoleCtrlHandler(new ConsoleCtrlHandler() {
|
||||
|
|
|
@ -48,7 +48,7 @@ public class CLibrary {
|
|||
|
||||
public static native int mlockall(int flags);
|
||||
|
||||
public static native int munlockall();
|
||||
public static native int geteuid();
|
||||
|
||||
private CLibrary() {
|
||||
}
|
||||
|
|
|
@ -62,6 +62,19 @@ public class Natives {
|
|||
}
|
||||
}
|
||||
|
||||
/** Returns true if user is root, false if not, or if we don't know */
|
||||
public static boolean definitelyRunningAsRoot() {
|
||||
if (Constants.WINDOWS) {
|
||||
return false; // don't know
|
||||
}
|
||||
try {
|
||||
return CLibrary.geteuid() == 0;
|
||||
} catch (Throwable error) {
|
||||
logger.warn("unable to determine euid", error);
|
||||
return false; // don't know
|
||||
}
|
||||
}
|
||||
|
||||
public static void addConsoleCtrlHandler(ConsoleCtrlHandler handler) {
|
||||
// The console Ctrl handler is necessary on Windows platforms only.
|
||||
if (Constants.WINDOWS) {
|
||||
|
|
Loading…
Reference in New Issue