node: refuse to run as root
While it works, it's not good operational practice, particularly when running guardiand alongside other services like a Solana node. Even inside a container, it's best to run as non-root. Change-Id: I331533ef37eaab6e73f6759d7eb779bbda849384
This commit is contained in:
parent
3af233e3eb
commit
855be15ab8
|
@ -186,6 +186,12 @@ func runBridge(cmd *cobra.Command, args []string) {
|
||||||
lockMemory()
|
lockMemory()
|
||||||
setRestrictiveUmask()
|
setRestrictiveUmask()
|
||||||
|
|
||||||
|
// Refuse to run as root in production mode.
|
||||||
|
if !*unsafeDevMode && os.Geteuid() == 0 {
|
||||||
|
fmt.Println("can't run as uid 0")
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
|
||||||
// Set up logging. The go-log zap wrapper that libp2p uses is compatible with our
|
// Set up logging. The go-log zap wrapper that libp2p uses is compatible with our
|
||||||
// usage of zap in supervisor, which is nice.
|
// usage of zap in supervisor, which is nice.
|
||||||
lvl, err := ipfslog.LevelFromString(*logLevel)
|
lvl, err := ipfslog.LevelFromString(*logLevel)
|
||||||
|
|
Loading…
Reference in New Issue