Skip to content

Commit

Permalink
Use softer failure when unable to deetermine current user (#44645)
Browse files Browse the repository at this point in the history
  • Loading branch information
strideynet authored Jul 26, 2024
1 parent 72bd6ae commit ce39391
Showing 1 changed file with 23 additions and 5 deletions.
28 changes: 23 additions & 5 deletions lib/tbot/config/destination_directory.go
Original file line number Diff line number Diff line change
Expand Up @@ -161,9 +161,27 @@ func (dd *DestinationDirectory) Init(_ context.Context, subdirs []string) error
}

func (dd *DestinationDirectory) Verify(keys []string) error {
// If ACLs are disabled or unsupported, just bail as there's nothing to
// check.
if dd.ACLs == botfs.ACLOff || !botfs.HasACLSupport() {
return nil
}

currentUser, err := user.Current()
if err != nil {
return trace.Wrap(err)
// user.Current will fail if the user id does not exist in /etc/passwd
// as is the case with some containerized environments.
// TODO(noah): Switch to os.Getuid / handling UIDs directly.
if dd.ACLs == botfs.ACLRequired {
return trace.Wrap(err, "determining current user")
}
log.WarnContext(
context.TODO(),
"Unable to determine current user, ACLs will not be checked. To silence this warning, set ACL mode to `off`.",
"path", dd.Path,
"error", err,
)
return nil
}

stat, err := os.Stat(dd.Path)
Expand All @@ -180,10 +198,10 @@ func (dd *DestinationDirectory) Verify(keys []string) error {
return trace.Wrap(err)
}

// Make sure it's worth warning about ACLs for this Destination. If ACLs
// are disabled, unsupported, or the Destination is owned by the bot
// (implying the user is not trying to use ACLs), just bail.
if dd.ACLs == botfs.ACLOff || !botfs.HasACLSupport() || ownedByBot {
// Make sure it's worth warning about ACLs for this Destination. If the
// destination is owned by the bot (implying the user is not trying to use
//ACLs), just bail.
if ownedByBot {
return nil
}

Expand Down

0 comments on commit ce39391

Please sign in to comment.