Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add protection to disable Gitea when run as root #17168

Merged
merged 17 commits into from
Oct 7, 2021
Merged

Add protection to disable Gitea when run as root #17168

Changes from 3 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
9137b0c
Add protection to disable Gitea when run as root
techknowlogick Sep 28, 2021
9834049
placate lint
techknowlogick Sep 28, 2021
4c6e567
woops, this isn't an exsting var
techknowlogick Sep 28, 2021
4e601f2
Merge branch 'main' into please-dont-run-as-root-i-beg-of-you
techknowlogick Sep 28, 2021
45db44c
Update modules/setting/setting.go
techknowlogick Sep 28, 2021
8c3c6d6
Update modules/setting/setting.go
techknowlogick Sep 28, 2021
cbe7f2e
update drone to use non-root user
techknowlogick Sep 28, 2021
79dc6b9
Merge branch 'main' into please-dont-run-as-root-i-beg-of-you
techknowlogick Sep 28, 2021
717f54c
not all steps have custom image
techknowlogick Sep 29, 2021
e7a4c38
Merge branch 'please-dont-run-as-root-i-beg-of-you' of github.com:tec…
techknowlogick Sep 29, 2021
ad3c03e
not all steps have custom image
techknowlogick Sep 29, 2021
c06e58a
Merge branch 'main' into please-dont-run-as-root-i-beg-of-you
6543 Oct 5, 2021
3b8dbf6
Merge branch 'main' into please-dont-run-as-root-i-beg-of-you
6543 Oct 5, 2021
4fd6aa3
Critical
6543 Oct 5, 2021
5868169
use uid
6543 Oct 5, 2021
eb17ed1
Merge branch 'main' into please-dont-run-as-root-i-beg-of-you
techknowlogick Oct 7, 2021
9584001
add "fix-permissions"
6543 Oct 7, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions modules/setting/setting.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -898,6 +898,9 @@ func NewContext() {
}

RunUser = Cfg.Section("").Key("RUN_USER").MustString(user.CurrentUsername())
// The following an unsafe option, purposely left out of documentation. Please do not run Gitea as root. It will only cause future headaches.
techknowlogick marked this conversation as resolved.
Show resolved Hide resolved
// Please don't use root as a bandaid to "fix" something that is brokenn, instead the broken thing should instead be fixed properly.
techknowlogick marked this conversation as resolved.
Show resolved Hide resolved
unsafeAllowRunAsRoot := Cfg.Section("").Key("I_AM_BEING_UNSAFE_RUNNING_AS_ROOT").MustBool(false)
RunMode = Cfg.Section("").Key("RUN_MODE").MustString("prod")
// Does not check run user when the install lock is off.
if InstallLock {
Expand All @@ -907,6 +910,14 @@ func NewContext() {
}
}

if RunUser == "root" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we guarantee for every supported OS that the root account will be called "root"?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't entirely (Windows is the case where it is certain to not be "root"), however windows is out of scope of this PR. This purpose of this PR wasn't to be exhaustive of all the possibilities, just to prevent me from being lazy and running things as root where I could mess up file permissions 😆

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd stick a GOOS check here and exclude dozers from this check.
Then just use os.GetUID() == 0 instead of checking username.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we dont need to check goos on windows we will get a -1

if !unsafeAllowRunAsRoot {
// Special thanks to VLC which inspired the wording of this messaging.
6543 marked this conversation as resolved.
Show resolved Hide resolved
log.Fatal("Gitea is not supposed to be run as root. Sorry. If you need to use privileged TCP ports please instead use setcap and the `cap_net_bind_service` permission")
techknowlogick marked this conversation as resolved.
Show resolved Hide resolved
}
log.Warn("You are running Gitea using the root user, and have purposely chosen to skip built-in protections around this. You have been warned against this.")
6543 marked this conversation as resolved.
Show resolved Hide resolved
6543 marked this conversation as resolved.
Show resolved Hide resolved
}

SSH.BuiltinServerUser = Cfg.Section("server").Key("BUILTIN_SSH_SERVER_USER").MustString(RunUser)

newRepository()
Expand Down