1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
From 4f5320469a927e9dcf7c46948026824a91b4838c Mon Sep 17 00:00:00 2001
From: Tony Murray <murraytony@gmail.com>
Date: Wed, 15 Oct 2025 12:31:34 -0500
Subject: [PATCH] More accurate running user check Previously we did not have
access to config, so we had to infer the librenms user from the owner of the
executable. Because we are running later in the boot now, we can just use
config. Improve feedback text a bit.
---
app/Checks.php | 44 -------------------
.../RunningAsIncorrectUserException.php | 10 +++++
app/Listeners/CommandStartingListener.php | 20 ++++++++-
3 files changed, 29 insertions(+), 45 deletions(-)
create mode 100644 app/Exceptions/RunningAsIncorrectUserException.php
diff --git a/app/Checks.php b/app/Checks.php
index 5aa22f67cdbd..6f5caba39404 100644
--- app/Checks.php
+++ app/Checks.php
@@ -84,48 +84,4 @@ public static function postAuth()
}
}
}
-
- /**
- * Check the script is running as the right user (works before config is available)
- */
- public static function runningUser()
- {
- if (function_exists('posix_getpwuid') && posix_getpwuid(posix_geteuid())['name'] !== get_current_user()) {
- if (get_current_user() == 'root') {
- self::printMessage(
- 'Error: lnms file is owned by root, it should be owned and ran by a non-privileged user.',
- null,
- true
- );
- }
-
- self::printMessage(
- 'Error: You must run lnms as the user ' . get_current_user(),
- null,
- true
- );
- }
- }
-
- private static function printMessage($title, $content, $exit = false)
- {
- $content = (array) $content;
-
- if (PHP_SAPI == 'cli') {
- $format = "%s\n\n%s\n\n";
- $message = implode(PHP_EOL, $content);
- } else {
- $format = "<h3 style='color: firebrick;'>%s</h3><p>%s</p>";
- $message = '';
- foreach ($content as $line) {
- $message .= "<p style='margin:0.5em'>$line</p>\n";
- }
- }
-
- printf($format, $title, $message);
-
- if ($exit) {
- exit(1);
- }
- }
}
diff --git a/app/Exceptions/RunningAsIncorrectUserException.php b/app/Exceptions/RunningAsIncorrectUserException.php
new file mode 100644
index 000000000000..6d1aca825d72
--- /dev/null
+++ app/Exceptions/RunningAsIncorrectUserException.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace App\Exceptions;
+
+use Symfony\Component\Console\Exception\ExceptionInterface;
+
+class RunningAsIncorrectUserException extends \Exception implements ExceptionInterface
+{
+ //
+}
diff --git a/app/Listeners/CommandStartingListener.php b/app/Listeners/CommandStartingListener.php
index bb435fa52ab2..8432b25d4bab 100644
--- app/Listeners/CommandStartingListener.php
+++ app/Listeners/CommandStartingListener.php
@@ -26,6 +26,7 @@
namespace App\Listeners;
+use App\Exceptions\RunningAsIncorrectUserException;
use Illuminate\Console\Events\CommandStarting;
class CommandStartingListener
@@ -34,6 +35,9 @@ class CommandStartingListener
'list:bash-completion',
];
+ /**
+ * @throws RunningAsIncorrectUserException
+ */
public function handle(CommandStarting $event): void
{
// Check that we don't run this as the wrong user and break the install
@@ -41,6 +45,20 @@ public function handle(CommandStarting $event): void
return;
}
- \App\Checks::runningUser();
+ if (! function_exists('posix_getpwuid') || ! function_exists('posix_geteuid')) {
+ return;
+ }
+
+ $current_user = posix_getpwuid(posix_geteuid())['name'];
+ $executable = basename($_SERVER['argv'][0] ?? $_SERVER['SCRIPT_FILENAME'] ?? 'this');
+
+ if ($current_user == 'root') {
+ throw new RunningAsIncorrectUserException("Error: $executable must not run as root.");
+ }
+
+ $librenms_user = config('librenms.user');
+ if ($librenms_user !== $current_user) {
+ throw new RunningAsIncorrectUserException("Error: $executable must be run as the user $librenms_user.");
+ }
}
}
|
