Improve behaviour when running as root.

- Only give the annoying message about root if --runasroot is not
  specified.
- If --runasroot is specified then assume the user knows what they
  are doing.
- Move CheckRoot to a static function in inspircd.cpp.

diff --git a/include/exitcodes.h b/include/exitcodes.h
index b1090d1414c438ed91c1a7e11841246d0d0b0dfe..737433def77b4cd9bd1b9ed3a29d77d08705abb3 100644 (file)
--- a/include/exitcodes.h
+++ b/include/exitcodes.h
@@ -33,7 +33,7 @@ enum ExitStatus
        EXIT_STATUS_ARGV = 5,                   /* Invalid program arguments */
        EXIT_STATUS_PID = 6,                    /* Couldn't write PID file */
        EXIT_STATUS_SOCKETENGINE = 7,   /* Couldn't start socket engine */
-       EXIT_STATUS_ROOT = 8,                   /* Refusing to start as root */
+       EXIT_STATUS_ROOT = 8,                   /* DEPRECATED */
        EXIT_STATUS_MODULE = 9,                 /* Couldn't load a required module */
        EXIT_STATUS_SIGTERM = 10                /* Received SIGTERM */
 };

diff --git a/include/inspircd.h b/include/inspircd.h
index 56ad556d7e0d367ca604fd3708e50c6222069bf1..f3e718dcc5d3f5711a620bcbb39fd7c0496fa06a 100644 (file)
--- a/include/inspircd.h
+++ b/include/inspircd.h
@@ -192,11 +192,6 @@ class CoreExport InspIRCd
 
        ClientProtocol::RFCEvents rfcevents;
 
-       /** Check we aren't running as root, and exit if we are
-        * with exit code EXIT_STATUS_ROOT.
-        */
-       void CheckRoot();
-
  public:
 
        UIDGenerator UIDGen;

diff --git a/src/helperfuncs.cpp b/src/helperfuncs.cpp
index 70ac2f0e6a9e7c281d23acbbf33b493d9452f3a1..94938ef12cfcf9c3594f181a9c2342f482c3cadd 100644 (file)
--- a/src/helperfuncs.cpp
+++ b/src/helperfuncs.cpp
@@ -338,18 +338,6 @@ bool InspIRCd::IsSID(const std::string &str)
                         ((str[2] >= 'A' && str[2] <= 'Z') || isdigit(str[2])));
 }
 
-void InspIRCd::CheckRoot()
-{
-#ifndef _WIN32
-       if (geteuid() == 0)
-       {
-               std::cout << "ERROR: You are running an irc server as root! DO NOT DO THIS!" << std::endl << std::endl;
-               this->Logs->Log("STARTUP", LOG_DEFAULT, "Can't start as root");
-               Exit(EXIT_STATUS_ROOT);
-       }
-#endif
-}
-
 /** A lookup table of values for multiplier characters used by
  * InspIRCd::Duration(). In this lookup table, the indexes for
  * the ascii values 'm' and 'M' have the value '60', the indexes

diff --git a/src/inspircd.cpp b/src/inspircd.cpp
index f35da105d6174a8c14731de5cab289bb8dd808e8..94894557b8a9c3282437cd39ea2a44f758f614d3 100644 (file)
--- a/src/inspircd.cpp
+++ b/src/inspircd.cpp
@@ -71,7 +71,7 @@ const char* ExitCodes[] =
                "Bad commandline parameters",                   // 5
                "Can't write PID file",                                 // 6
                "SocketEngine could not initialize",    // 7
-               "Refusing to start up as root",                 // 8
+               "UNUSED",                                                               // 8
                "Couldn't load module on startup",              // 9
                "Received SIGTERM"                                              // 10
 };
@@ -80,6 +80,23 @@ namespace
 {
        void VoidSignalHandler(int);
 
+       // Warns a user running as root that they probably shouldn't.
+       void CheckRoot()
+       {
+#ifndef _WIN32
+       if (getegid() != 0 && geteuid() != 0)
+               return;
+
+       std::cout << con_red << "Warning!" << con_reset << " You have started as root. Running as root is generally not required" << std::endl
+               << "and may allow an attacker to gain access to your system if they find a way to" << std::endl
+               << "exploit your IRC server." << std::endl
+               << std::endl
+               << "InspIRCd will start in 30 seconds. If you are sure that you need to run as root" << std::endl
+               << "then you can pass the " << con_bright << "--runasroot" << con_reset << " option to disable this wait." << std::endl;
+       sleep(30);
+#endif
+       }
+
        // Collects performance statistics for the STATS command.
        void CollectStats()
        {
@@ -465,24 +482,9 @@ InspIRCd::InspIRCd(int argc, char** argv)
                Exit(EXIT_STATUS_CONFIG);
        }
 
-#ifndef _WIN32
-       if (!do_root)
-               this->CheckRoot();
-       else
-       {
-               std::cout << "* WARNING * WARNING * WARNING * WARNING * WARNING *" << std::endl
-               << "YOU ARE RUNNING INSPIRCD AS ROOT. THIS IS UNSUPPORTED" << std::endl
-               << "AND IF YOU ARE HACKED, CRACKED, SPINDLED OR MUTILATED" << std::endl
-               << "OR ANYTHING ELSE UNEXPECTED HAPPENS TO YOU OR YOUR" << std::endl
-               << "SERVER, THEN IT IS YOUR OWN FAULT. IF YOU DID NOT MEAN" << std::endl
-               << "TO START INSPIRCD AS ROOT, HIT CTRL+C NOW AND RESTART" << std::endl
-               << "THE PROGRAM AS A NORMAL USER. YOU HAVE BEEN WARNED!" << std::endl << std::endl
-               << "InspIRCd starting in 20 seconds, ctrl+c to abort..." << std::endl;
-               sleep(20);
-       }
-#endif
-
        SetSignals();
+       if (!do_root)
+               CheckRoot();
 
        if (!Config->cmdline.nofork && !ForkIntoBackground())
        {