node: refuse to run as root
While it works, it's not good operational practice, particularly when running guardiand alongside other services like a Solana node. Even inside a container, it's best to run as non-root. Change-Id: I331533ef37eaab6e73f6759d7eb779bbda849384
This commit is contained in:
parent
3af233e3eb
commit
855be15ab8
|
@ -186,6 +186,12 @@ func runBridge(cmd *cobra.Command, args []string) {
|
|||
lockMemory()
|
||||
setRestrictiveUmask()
|
||||
|
||||
// Refuse to run as root in production mode.
|
||||
if !*unsafeDevMode && os.Geteuid() == 0 {
|
||||
fmt.Println("can't run as uid 0")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// Set up logging. The go-log zap wrapper that libp2p uses is compatible with our
|
||||
// usage of zap in supervisor, which is nice.
|
||||
lvl, err := ipfslog.LevelFromString(*logLevel)
|
||||
|
|
Loading…
Reference in New Issue