Mirrors/dokku
1
0
Fork 0
mirror of https://github.com/dokku/dokku.git synced 2025-12-28 16:06:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1797 from dokku/1768_mh-plugin-root-only

Browse Source 
ensure we run plugin commands as root
This commit is contained in:
Jose Diaz-Gonzalez
2015-12-22 15:06:09 -05:00
parent 32f1bc5396 d7b1e38cb7
commit 8775a2de1a
4 changed files with 36 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@@ -72,10 +72,10 @@ version:
git describe --tags > ~dokku/VERSION 2> /dev/null || echo '~${DOKKU_VERSION} ($(shell date -uIminutes))' > ~dokku/VERSION
plugin-dependencies: plugn
dokku plugin:install-dependencies --core
sudo -E dokku plugin:install-dependencies --core
plugins: plugn docker
dokku plugin:install --core
sudo -E dokku plugin:install --core
dependencies: apt-update sshcommand plugn docker help2man man-db
$(MAKE) -e stack

4
bootstrap.sh
View File

@@ -90,14 +90,14 @@ elif [[ -n $DOKKU_TAG ]]; then
elif [[ "$major" -eq "0" ]] && [[ "$minor" -ge "4" ]] && [[ "$patch" -ge "0" ]]; then
export DOKKU_CHECKOUT="$DOKKU_SEMVER"
dokku_install_package
dokku plugin:install-dependencies --core
sudo -E dokku plugin:install-dependencies --core
else
export DOKKU_CHECKOUT="$DOKKU_TAG"
dokku_install_source
fi
else
dokku_install_package
dokku plugin:install-dependencies --core
sudo -E dokku plugin:install-dependencies --core
fi
}

6
dokku
View File

@@ -49,12 +49,16 @@ if [[ "${args[0]}" =~ ^--.* ]]; then
fi
! has_tty && DOKKU_QUIET_OUTPUT=1
if [[ $(id -un) != "dokku" && $1 != plugin:*install* && $1 != "plugin:update" ]]; then
if [[ $(id -un) != "dokku" ]] && [[ ! $1 =~ plugin:* ]]; then
export SSH_USER=$(id -un)
sudo -u dokku -E -H $0 "$@"
exit $?
fi
if [[ $(id -un) != "root" && $1 =~ plugin:.* ]]; then
dokku_log_fail "plugin:* commands must be run as root"
fi
if [[ -n "$SSH_ORIGINAL_COMMAND" ]]; then
export -n SSH_ORIGINAL_COMMAND
if [[ $1 =~ config-* ]] || [[ $1 =~ docker-options* ]]; then

27
tests/unit/40_plugin.bats
View File

@@ -23,6 +23,11 @@ teardown() {
echo "status: "$status
assert_success
run bash -c "sudo -E -u nobody dokku plugin:uninstall $TEST_PLUGIN_NAME"
echo "output: "$output
echo "status: "$status
assert_failure
run bash -c "dokku plugin:disable $TEST_PLUGIN_NAME"
echo "output: "$output
echo "status: "$status
@@ -43,3 +48,25 @@ teardown() {
echo "status: "$status
assert_failure
}
@test "(plugin) plugin:install, plugin:disable, plugin:uninstall as non-root user failure" {
run bash -c "sudo -E -u nobody dokku plugin:install $TEST_PLUGIN_GIT_REPO"
echo "output: "$output
echo "status: "$status
assert_failure
run bash -c "dokku plugin:install $TEST_PLUGIN_GIT_REPO"
echo "output: "$output
echo "status: "$status
assert_success
run bash -c "dokku plugin | grep enabled | grep $TEST_PLUGIN_NAME"
echo "output: "$output
echo "status: "$status
assert_success
run bash -c "sudo -E -u nobody dokku plugin:disable $TEST_PLUGIN_NAME"
echo "output: "$output
echo "status: "$status
assert_failure
}