From 46b344d833b20411fa10d979b5e2e7760e87c52f Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Sun, 18 Aug 2024 04:00:20 -0400 Subject: [PATCH 01/18] no root --- src/Tgstation.Server.Host/Program.cs | 30 ++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/src/Tgstation.Server.Host/Program.cs b/src/Tgstation.Server.Host/Program.cs index b23633b7dff..9e1beb96245 100644 --- a/src/Tgstation.Server.Host/Program.cs +++ b/src/Tgstation.Server.Host/Program.cs @@ -2,11 +2,13 @@ using System.Collections.Generic; using System.Diagnostics; using System.Linq; +using System.Runtime.InteropServices; using System.Text; using System.Threading; using System.Threading.Tasks; using Tgstation.Server.Host.Common; +using Tgstation.Server.Host.Components.Interop.Bridge; using Tgstation.Server.Host.Core; using Tgstation.Server.Host.Properties; using Tgstation.Server.Host.System; @@ -67,6 +69,34 @@ public static async Task Main(string[] args) args = listArgs.ToArray(); } + if(RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) + { + var proc = new Process + { + StartInfo = new ProcessStartInfo + { + FileName = "id", + Arguments = "-u", + UseShellExecute = false, + RedirectStandardOutput = true, + CreateNoWindow = true + } + }; + proc.Start(); + await proc.WaitForExitAsync(); + if(proc.ExitCode is not 0 || !int.TryParse(await proc.StandardOutput.ReadToEndAsync(), out var uid)) { + Console.Error.WriteLine("Failed to obtain user id."); + Environment.Exit(1); + return; + } + if(uid is 0) + { + Console.Error.WriteLine("TGS is being run as root. This is not recommended and will prevent launching in a future version!"); + // Environment.Exit(1); + // return; + } + } + var program = new Program(); return (int)await program.Main(args, updatePath); } From fc6369ac2fc4e8cd19e3111124ad58668f0c8196 Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Sun, 18 Aug 2024 04:03:26 -0400 Subject: [PATCH 02/18] how did you even get there --- src/Tgstation.Server.Host/Program.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Tgstation.Server.Host/Program.cs b/src/Tgstation.Server.Host/Program.cs index 9e1beb96245..66bef9974ff 100644 --- a/src/Tgstation.Server.Host/Program.cs +++ b/src/Tgstation.Server.Host/Program.cs @@ -8,7 +8,6 @@ using System.Threading.Tasks; using Tgstation.Server.Host.Common; -using Tgstation.Server.Host.Components.Interop.Bridge; using Tgstation.Server.Host.Core; using Tgstation.Server.Host.Properties; using Tgstation.Server.Host.System; From 8fd017faa4c91c098a9a5cf5bde63840ca191c48 Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Sun, 18 Aug 2024 04:07:37 -0400 Subject: [PATCH 03/18] ambiguity --- src/Tgstation.Server.Host/Program.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Tgstation.Server.Host/Program.cs b/src/Tgstation.Server.Host/Program.cs index 66bef9974ff..740427e37d6 100644 --- a/src/Tgstation.Server.Host/Program.cs +++ b/src/Tgstation.Server.Host/Program.cs @@ -68,7 +68,7 @@ public static async Task Main(string[] args) args = listArgs.ToArray(); } - if(RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) + if(System.Runtime.InteropServices.RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) { var proc = new Process { From e070306b09d16833d716b8a14d0dba66aded0f7b Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Sun, 18 Aug 2024 04:17:19 -0400 Subject: [PATCH 04/18] ugh --- src/Tgstation.Server.Host/Program.cs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/Tgstation.Server.Host/Program.cs b/src/Tgstation.Server.Host/Program.cs index 740427e37d6..85d0f8b8f48 100644 --- a/src/Tgstation.Server.Host/Program.cs +++ b/src/Tgstation.Server.Host/Program.cs @@ -2,11 +2,13 @@ using System.Collections.Generic; using System.Diagnostics; using System.Linq; -using System.Runtime.InteropServices; using System.Text; using System.Threading; using System.Threading.Tasks; +using InteropServices = System.Runtime.InteropServices; +using Process = System.Diagnostics.Process; + using Tgstation.Server.Host.Common; using Tgstation.Server.Host.Core; using Tgstation.Server.Host.Properties; @@ -68,7 +70,7 @@ public static async Task Main(string[] args) args = listArgs.ToArray(); } - if(System.Runtime.InteropServices.RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) + if(InteropServices.RuntimeInformation.IsOSPlatform(InteropServices.OSPlatform.Linux)) { var proc = new Process { @@ -78,7 +80,7 @@ public static async Task Main(string[] args) Arguments = "-u", UseShellExecute = false, RedirectStandardOutput = true, - CreateNoWindow = true + CreateNoWindow = true, } }; proc.Start(); From bc3cff815143af5faae24f7426ffd3512202d7ad Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Sun, 18 Aug 2024 04:20:48 -0400 Subject: [PATCH 05/18] :( --- src/Tgstation.Server.Host/Program.cs | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/Tgstation.Server.Host/Program.cs b/src/Tgstation.Server.Host/Program.cs index 85d0f8b8f48..6c9b8c2b74f 100644 --- a/src/Tgstation.Server.Host/Program.cs +++ b/src/Tgstation.Server.Host/Program.cs @@ -87,14 +87,12 @@ public static async Task Main(string[] args) await proc.WaitForExitAsync(); if(proc.ExitCode is not 0 || !int.TryParse(await proc.StandardOutput.ReadToEndAsync(), out var uid)) { Console.Error.WriteLine("Failed to obtain user id."); - Environment.Exit(1); - return; + return 1; } if(uid is 0) { Console.Error.WriteLine("TGS is being run as root. This is not recommended and will prevent launching in a future version!"); - // Environment.Exit(1); - // return; + // return 1; } } From 43a9f1d8bcd8e327c50913767bb2caa4f48a70fc Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Sun, 18 Aug 2024 04:31:08 -0400 Subject: [PATCH 06/18] z --- src/Tgstation.Server.Host/Program.cs | 33 ++++++++++++++-------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/src/Tgstation.Server.Host/Program.cs b/src/Tgstation.Server.Host/Program.cs index 6c9b8c2b74f..db37fc3359d 100644 --- a/src/Tgstation.Server.Host/Program.cs +++ b/src/Tgstation.Server.Host/Program.cs @@ -6,14 +6,14 @@ using System.Threading; using System.Threading.Tasks; -using InteropServices = System.Runtime.InteropServices; -using Process = System.Diagnostics.Process; - using Tgstation.Server.Host.Common; using Tgstation.Server.Host.Core; using Tgstation.Server.Host.Properties; using Tgstation.Server.Host.System; +using InteropServices = System.Runtime.InteropServices; +using Process = System.Diagnostics.Process; + namespace Tgstation.Server.Host { /// @@ -70,29 +70,30 @@ public static async Task Main(string[] args) args = listArgs.ToArray(); } - if(InteropServices.RuntimeInformation.IsOSPlatform(InteropServices.OSPlatform.Linux)) + if (InteropServices.RuntimeInformation.IsOSPlatform(InteropServices.OSPlatform.Linux)) { - var proc = new Process + using var proc = new Process { - StartInfo = new ProcessStartInfo - { - FileName = "id", - Arguments = "-u", - UseShellExecute = false, - RedirectStandardOutput = true, - CreateNoWindow = true, - } + StartInfo = new ProcessStartInfo + { + FileName = "id", + Arguments = "-u", + UseShellExecute = false, + RedirectStandardOutput = true, + CreateNoWindow = true, + } }; + proc.Start(); await proc.WaitForExitAsync(); - if(proc.ExitCode is not 0 || !int.TryParse(await proc.StandardOutput.ReadToEndAsync(), out var uid)) { + if (proc.ExitCode is not 0 || !int.TryParse(await proc.StandardOutput.ReadToEndAsync(), out var uid)) { Console.Error.WriteLine("Failed to obtain user id."); return 1; } - if(uid is 0) + + if (uid is 0) { Console.Error.WriteLine("TGS is being run as root. This is not recommended and will prevent launching in a future version!"); - // return 1; } } From 3bcda563a0569895b2654c04383f54ce2978f30f Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Sun, 18 Aug 2024 04:32:18 -0400 Subject: [PATCH 07/18] x --- src/Tgstation.Server.Host/Program.cs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Tgstation.Server.Host/Program.cs b/src/Tgstation.Server.Host/Program.cs index db37fc3359d..c9d99aa1bc1 100644 --- a/src/Tgstation.Server.Host/Program.cs +++ b/src/Tgstation.Server.Host/Program.cs @@ -43,7 +43,7 @@ public Program() /// Entrypoint for the . /// /// The command line arguments. - /// A resulting in the . + /// A resulting in the . public static async Task Main(string[] args) { // first arg is 100% always the update path, starting it otherwise is solely for debugging purposes @@ -81,12 +81,13 @@ public static async Task Main(string[] args) UseShellExecute = false, RedirectStandardOutput = true, CreateNoWindow = true, - } + }, }; proc.Start(); await proc.WaitForExitAsync(); - if (proc.ExitCode is not 0 || !int.TryParse(await proc.StandardOutput.ReadToEndAsync(), out var uid)) { + if (proc.ExitCode is not 0 || !int.TryParse(await proc.StandardOutput.ReadToEndAsync(), out var uid)) + { Console.Error.WriteLine("Failed to obtain user id."); return 1; } From dfc6dca572bd0c5c801bae59c26f136bca207d14 Mon Sep 17 00:00:00 2001 From: Zephyr <12817816+ZephyrTFA@users.noreply.github.com> Date: Sun, 18 Aug 2024 04:43:01 -0400 Subject: [PATCH 08/18] Update src/Tgstation.Server.Host/Program.cs --- src/Tgstation.Server.Host/Program.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Tgstation.Server.Host/Program.cs b/src/Tgstation.Server.Host/Program.cs index c9d99aa1bc1..2ef1fb4847c 100644 --- a/src/Tgstation.Server.Host/Program.cs +++ b/src/Tgstation.Server.Host/Program.cs @@ -94,7 +94,7 @@ public static async Task Main(string[] args) if (uid is 0) { - Console.Error.WriteLine("TGS is being run as root. This is not recommended and will prevent launching in a future version!"); + Console.Error.WriteLine("TGS is being run as root. This is not recommended and may prevent launch in a future version."); } } From 8da2424909a34701b55cfde3e5d4faee37b543e2 Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Sun, 18 Aug 2024 13:26:09 -0400 Subject: [PATCH 09/18] move IsRoot to posix identity move checking root to CheckSystemCompatibility use Syscall internal getuid --- .../Components/InstanceManager.cs | 5 ++++ src/Tgstation.Server.Host/Program.cs | 29 ------------------- .../Security/PosixSystemIdentity.cs | 28 ++++++++++++++++++ 3 files changed, 33 insertions(+), 29 deletions(-) diff --git a/src/Tgstation.Server.Host/Components/InstanceManager.cs b/src/Tgstation.Server.Host/Components/InstanceManager.cs index c86f5c8eded..b56f9c0dd35 100644 --- a/src/Tgstation.Server.Host/Components/InstanceManager.cs +++ b/src/Tgstation.Server.Host/Components/InstanceManager.cs @@ -675,6 +675,11 @@ void CheckSystemCompatibility() { if (!systemIdentity.CanCreateSymlinks) throw new InvalidOperationException($"The user running {Constants.CanonicalPackageName} cannot create symlinks! Please try running as an administrative user!"); + + if (systemIdentity is PosixSystemIdentity posixIdentity && posixIdentity.IsRoot()) + { + logger.LogWarning("TGS is being run as the root account. This is not recommended and may prevent launch in a future version."); + } } // This runs before the real socket is opened, ensures we don't perform reattaches unless we're fairly certain the bind won't fail diff --git a/src/Tgstation.Server.Host/Program.cs b/src/Tgstation.Server.Host/Program.cs index c9d99aa1bc1..47988e4d1ca 100644 --- a/src/Tgstation.Server.Host/Program.cs +++ b/src/Tgstation.Server.Host/Program.cs @@ -11,7 +11,6 @@ using Tgstation.Server.Host.Properties; using Tgstation.Server.Host.System; -using InteropServices = System.Runtime.InteropServices; using Process = System.Diagnostics.Process; namespace Tgstation.Server.Host @@ -70,34 +69,6 @@ public static async Task Main(string[] args) args = listArgs.ToArray(); } - if (InteropServices.RuntimeInformation.IsOSPlatform(InteropServices.OSPlatform.Linux)) - { - using var proc = new Process - { - StartInfo = new ProcessStartInfo - { - FileName = "id", - Arguments = "-u", - UseShellExecute = false, - RedirectStandardOutput = true, - CreateNoWindow = true, - }, - }; - - proc.Start(); - await proc.WaitForExitAsync(); - if (proc.ExitCode is not 0 || !int.TryParse(await proc.StandardOutput.ReadToEndAsync(), out var uid)) - { - Console.Error.WriteLine("Failed to obtain user id."); - return 1; - } - - if (uid is 0) - { - Console.Error.WriteLine("TGS is being run as root. This is not recommended and will prevent launching in a future version!"); - } - } - var program = new Program(); return (int)await program.Main(args, updatePath); } diff --git a/src/Tgstation.Server.Host/Security/PosixSystemIdentity.cs b/src/Tgstation.Server.Host/Security/PosixSystemIdentity.cs index 67f0e3ac838..73a0d366786 100644 --- a/src/Tgstation.Server.Host/Security/PosixSystemIdentity.cs +++ b/src/Tgstation.Server.Host/Security/PosixSystemIdentity.cs @@ -2,6 +2,8 @@ using System.Threading; using System.Threading.Tasks; +using Mono.Unix.Native; + namespace Tgstation.Server.Host.Security { /// @@ -9,6 +11,32 @@ namespace Tgstation.Server.Host.Security /// sealed class PosixSystemIdentity : ISystemIdentity { + /// + /// True if TGS is running under root. + /// + bool isRoot = false; + + /// + /// True if is populated. + /// + bool isRootChecked = false; + + /// + /// Checks whether TGS is running under the root user. + /// + /// True if running under root. False otherwise. + public bool IsRoot() + { + if (isRootChecked) + { + return isRoot; + } + + isRoot = Syscall.getuid() == 0; + isRootChecked = true; + return isRoot; + } + /// public string Uid => throw new NotImplementedException(); From 259fd60ddfaae5629d6e4e1661745821e9ce3612 Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Sun, 18 Aug 2024 13:41:06 -0400 Subject: [PATCH 10/18] move to IsSuperUser --- .../Security/ISystemIdentity.cs | 6 +++++ .../Security/PosixSystemIdentity.cs | 27 ++----------------- .../Security/WindowsSystemIdentity.cs | 3 +++ 3 files changed, 11 insertions(+), 25 deletions(-) diff --git a/src/Tgstation.Server.Host/Security/ISystemIdentity.cs b/src/Tgstation.Server.Host/Security/ISystemIdentity.cs index bd63d784dea..af3b2a01712 100644 --- a/src/Tgstation.Server.Host/Security/ISystemIdentity.cs +++ b/src/Tgstation.Server.Host/Security/ISystemIdentity.cs @@ -24,6 +24,12 @@ public interface ISystemIdentity : IDisposable /// bool CanCreateSymlinks { get; } + /// + /// Is this identity a SuperUser for the OS. + /// See Administrator on Windows or root on Linux. + /// + bool? IsSuperUser { get; } + /// /// Clone the creating another copy that must have called on it. /// diff --git a/src/Tgstation.Server.Host/Security/PosixSystemIdentity.cs b/src/Tgstation.Server.Host/Security/PosixSystemIdentity.cs index 73a0d366786..ed661f90de6 100644 --- a/src/Tgstation.Server.Host/Security/PosixSystemIdentity.cs +++ b/src/Tgstation.Server.Host/Security/PosixSystemIdentity.cs @@ -11,31 +11,8 @@ namespace Tgstation.Server.Host.Security /// sealed class PosixSystemIdentity : ISystemIdentity { - /// - /// True if TGS is running under root. - /// - bool isRoot = false; - - /// - /// True if is populated. - /// - bool isRootChecked = false; - - /// - /// Checks whether TGS is running under the root user. - /// - /// True if running under root. False otherwise. - public bool IsRoot() - { - if (isRootChecked) - { - return isRoot; - } - - isRoot = Syscall.getuid() == 0; - isRootChecked = true; - return isRoot; - } + /// + public bool? IsSuperUser => Syscall.getuid() == 0; /// public string Uid => throw new NotImplementedException(); diff --git a/src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs b/src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs index 136c3c24e7e..f1c3588b882 100644 --- a/src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs +++ b/src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs @@ -24,6 +24,9 @@ sealed class WindowsSystemIdentity : ISystemIdentity /// public bool CanCreateSymlinks => canCreateSymlinks ?? throw new NotSupportedException(); + /// + public bool? IsSuperUser => identity?.IsSystem; + /// /// The for the . /// From d2c9ab62fe42e19ff1f8ae90870fff85b4528f7a Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Sun, 18 Aug 2024 13:45:24 -0400 Subject: [PATCH 11/18] change usage --- .../Components/InstanceManager.cs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/Tgstation.Server.Host/Components/InstanceManager.cs b/src/Tgstation.Server.Host/Components/InstanceManager.cs index b56f9c0dd35..c984de9ad2b 100644 --- a/src/Tgstation.Server.Host/Components/InstanceManager.cs +++ b/src/Tgstation.Server.Host/Components/InstanceManager.cs @@ -676,9 +676,15 @@ void CheckSystemCompatibility() if (!systemIdentity.CanCreateSymlinks) throw new InvalidOperationException($"The user running {Constants.CanonicalPackageName} cannot create symlinks! Please try running as an administrative user!"); - if (systemIdentity is PosixSystemIdentity posixIdentity && posixIdentity.IsRoot()) + if (!platformIdentifier.IsWindows && systemIdentity.IsSuperUser!.Value) { - logger.LogWarning("TGS is being run as the root account. This is not recommended and may prevent launch in a future version."); + if (systemIdentity.IsSuperUser is not { } superUser) + { + throw new InvalidOperationException("Failed to determine if running as root."); + } + + if (superUser) + logger.LogWarning("TGS is being run as the root account. This is not recommended and may prevent launch in a future version."); } } From 3d231cfcef4a83a8e42a5df0c9b9a85c96cfd1e5 Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Sun, 18 Aug 2024 13:48:25 -0400 Subject: [PATCH 12/18] remove nullable --- .../Components/InstanceManager.cs | 10 ++-------- src/Tgstation.Server.Host/Security/ISystemIdentity.cs | 2 +- .../Security/PosixSystemIdentity.cs | 2 +- .../Security/WindowsSystemIdentity.cs | 10 +++++----- 4 files changed, 9 insertions(+), 15 deletions(-) diff --git a/src/Tgstation.Server.Host/Components/InstanceManager.cs b/src/Tgstation.Server.Host/Components/InstanceManager.cs index c984de9ad2b..73fdf2b857a 100644 --- a/src/Tgstation.Server.Host/Components/InstanceManager.cs +++ b/src/Tgstation.Server.Host/Components/InstanceManager.cs @@ -676,15 +676,9 @@ void CheckSystemCompatibility() if (!systemIdentity.CanCreateSymlinks) throw new InvalidOperationException($"The user running {Constants.CanonicalPackageName} cannot create symlinks! Please try running as an administrative user!"); - if (!platformIdentifier.IsWindows && systemIdentity.IsSuperUser!.Value) + if (!platformIdentifier.IsWindows && systemIdentity.IsSuperUser) { - if (systemIdentity.IsSuperUser is not { } superUser) - { - throw new InvalidOperationException("Failed to determine if running as root."); - } - - if (superUser) - logger.LogWarning("TGS is being run as the root account. This is not recommended and may prevent launch in a future version."); + logger.LogWarning("TGS is being run as the root account. This is not recommended and may prevent launch in a future version."); } } diff --git a/src/Tgstation.Server.Host/Security/ISystemIdentity.cs b/src/Tgstation.Server.Host/Security/ISystemIdentity.cs index af3b2a01712..f976066e50a 100644 --- a/src/Tgstation.Server.Host/Security/ISystemIdentity.cs +++ b/src/Tgstation.Server.Host/Security/ISystemIdentity.cs @@ -28,7 +28,7 @@ public interface ISystemIdentity : IDisposable /// Is this identity a SuperUser for the OS. /// See Administrator on Windows or root on Linux. /// - bool? IsSuperUser { get; } + bool IsSuperUser { get; } /// /// Clone the creating another copy that must have called on it. diff --git a/src/Tgstation.Server.Host/Security/PosixSystemIdentity.cs b/src/Tgstation.Server.Host/Security/PosixSystemIdentity.cs index ed661f90de6..ea8e23d3e84 100644 --- a/src/Tgstation.Server.Host/Security/PosixSystemIdentity.cs +++ b/src/Tgstation.Server.Host/Security/PosixSystemIdentity.cs @@ -12,7 +12,7 @@ namespace Tgstation.Server.Host.Security sealed class PosixSystemIdentity : ISystemIdentity { /// - public bool? IsSuperUser => Syscall.getuid() == 0; + public bool IsSuperUser => Syscall.getuid() == 0; /// public string Uid => throw new NotImplementedException(); diff --git a/src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs b/src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs index f1c3588b882..486d8d795cb 100644 --- a/src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs +++ b/src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs @@ -22,10 +22,10 @@ sealed class WindowsSystemIdentity : ISystemIdentity public string Username => userPrincipal?.Name ?? identity!.Name; /// - public bool CanCreateSymlinks => canCreateSymlinks ?? throw new NotSupportedException(); + public bool CanCreateSymlinks => IsSuperUser; /// - public bool? IsSuperUser => identity?.IsSystem; + public bool IsSuperUser => IsSuperUser; /// /// The for the . @@ -38,9 +38,9 @@ sealed class WindowsSystemIdentity : ISystemIdentity readonly UserPrincipal? userPrincipal; /// - /// Backing field for . + /// Backing field for . /// - readonly bool? canCreateSymlinks; + readonly bool? isAdmin; /// /// Initializes a new instance of the class. @@ -52,7 +52,7 @@ public WindowsSystemIdentity(WindowsIdentity identity) if (identity.IsAnonymous) throw new ArgumentException($"Cannot use anonymous {nameof(WindowsIdentity)} as a {nameof(WindowsSystemIdentity)}!", nameof(identity)); - canCreateSymlinks = new WindowsPrincipal(identity).IsInRole(WindowsBuiltInRole.Administrator); + isAdmin = new WindowsPrincipal(identity).IsInRole(WindowsBuiltInRole.Administrator); } /// From a15d5f27c81f14b804ccdd5f4eb7602368b8a681 Mon Sep 17 00:00:00 2001 From: Zephyr <12817816+ZephyrTFA@users.noreply.github.com> Date: Sun, 18 Aug 2024 23:50:05 -0400 Subject: [PATCH 13/18] Update src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs Co-authored-by: Jordan Dominion --- src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs b/src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs index 486d8d795cb..609f33d2a28 100644 --- a/src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs +++ b/src/Tgstation.Server.Host/Security/WindowsSystemIdentity.cs @@ -25,7 +25,7 @@ sealed class WindowsSystemIdentity : ISystemIdentity public bool CanCreateSymlinks => IsSuperUser; /// - public bool IsSuperUser => IsSuperUser; + public bool IsSuperUser => isAdmin ?? throw new NotSupportedException(); /// /// The for the . From a9545ecc51f7cf8546ffab8c0abf6ad254d04f8a Mon Sep 17 00:00:00 2001 From: Zephyr <12817816+ZephyrTFA@users.noreply.github.com> Date: Sun, 18 Aug 2024 23:50:11 -0400 Subject: [PATCH 14/18] Update src/Tgstation.Server.Host/Components/InstanceManager.cs Co-authored-by: Jordan Dominion --- src/Tgstation.Server.Host/Components/InstanceManager.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Tgstation.Server.Host/Components/InstanceManager.cs b/src/Tgstation.Server.Host/Components/InstanceManager.cs index 73fdf2b857a..1adf02d2501 100644 --- a/src/Tgstation.Server.Host/Components/InstanceManager.cs +++ b/src/Tgstation.Server.Host/Components/InstanceManager.cs @@ -678,7 +678,7 @@ void CheckSystemCompatibility() if (!platformIdentifier.IsWindows && systemIdentity.IsSuperUser) { - logger.LogWarning("TGS is being run as the root account. This is not recommended and may prevent launch in a future version."); + logger.LogWarning("TGS is being run as the root account. This is not recommended."); } } From 56bccd6f70e20495395e1d0cb910750e90ed0359 Mon Sep 17 00:00:00 2001 From: Zephyr <12817816+ZephyrTFA@users.noreply.github.com> Date: Sun, 18 Aug 2024 23:51:49 -0400 Subject: [PATCH 15/18] Apply suggestions from code review --- src/Tgstation.Server.Host/Program.cs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/Tgstation.Server.Host/Program.cs b/src/Tgstation.Server.Host/Program.cs index 47988e4d1ca..b23633b7dff 100644 --- a/src/Tgstation.Server.Host/Program.cs +++ b/src/Tgstation.Server.Host/Program.cs @@ -11,8 +11,6 @@ using Tgstation.Server.Host.Properties; using Tgstation.Server.Host.System; -using Process = System.Diagnostics.Process; - namespace Tgstation.Server.Host { /// @@ -42,7 +40,7 @@ public Program() /// Entrypoint for the . /// /// The command line arguments. - /// A resulting in the . + /// A resulting in the . public static async Task Main(string[] args) { // first arg is 100% always the update path, starting it otherwise is solely for debugging purposes From f4ab1a74e5afb2788ef4dee45eddac8345765211 Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Mon, 19 Aug 2024 13:23:44 -0400 Subject: [PATCH 16/18] allow on docker --- build/Dockerfile | 1 + .../Components/InstanceManager.cs | 10 +++++++++- .../Configuration/InternalConfiguration.cs | 9 ++++++++- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index b301591833e..c281147ddd5 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -69,6 +69,7 @@ EXPOSE 5000 ENV General__ValidInstancePaths__0 /tgs_instances ENV FileLogging__Directory /tgs_logs +ENV Internal__UsingDocker true WORKDIR /app diff --git a/src/Tgstation.Server.Host/Components/InstanceManager.cs b/src/Tgstation.Server.Host/Components/InstanceManager.cs index 73fdf2b857a..756d4b726c9 100644 --- a/src/Tgstation.Server.Host/Components/InstanceManager.cs +++ b/src/Tgstation.Server.Host/Components/InstanceManager.cs @@ -130,6 +130,11 @@ sealed class InstanceManager : /// readonly SwarmConfiguration swarmConfiguration; + /// + /// The for the . + /// + readonly InternalConfiguration internalConfiguration; + /// /// The for . /// @@ -177,6 +182,7 @@ sealed class InstanceManager : /// The value of . /// The containing the value of . /// The containing the value of . + /// The containing the value of . /// The value of . public InstanceManager( IInstanceFactory instanceFactory, @@ -193,6 +199,7 @@ public InstanceManager( IPlatformIdentifier platformIdentifier, IOptions generalConfigurationOptions, IOptions swarmConfigurationOptions, + IOptions internalConfigurationOptions, ILogger logger) { this.instanceFactory = instanceFactory ?? throw new ArgumentNullException(nameof(instanceFactory)); @@ -209,6 +216,7 @@ public InstanceManager( this.platformIdentifier = platformIdentifier ?? throw new ArgumentNullException(nameof(platformIdentifier)); generalConfiguration = generalConfigurationOptions?.Value ?? throw new ArgumentNullException(nameof(generalConfigurationOptions)); swarmConfiguration = swarmConfigurationOptions?.Value ?? throw new ArgumentNullException(nameof(swarmConfigurationOptions)); + internalConfiguration = internalConfigurationOptions?.Value ?? throw new ArgumentNullException(nameof(internalConfigurationOptions)); this.logger = logger ?? throw new ArgumentNullException(nameof(logger)); originalConsoleTitle = console.Title; @@ -676,7 +684,7 @@ void CheckSystemCompatibility() if (!systemIdentity.CanCreateSymlinks) throw new InvalidOperationException($"The user running {Constants.CanonicalPackageName} cannot create symlinks! Please try running as an administrative user!"); - if (!platformIdentifier.IsWindows && systemIdentity.IsSuperUser) + if (!platformIdentifier.IsWindows && systemIdentity.IsSuperUser && !internalConfiguration.UsingDocker) { logger.LogWarning("TGS is being run as the root account. This is not recommended and may prevent launch in a future version."); } diff --git a/src/Tgstation.Server.Host/Configuration/InternalConfiguration.cs b/src/Tgstation.Server.Host/Configuration/InternalConfiguration.cs index 58f2ad4720b..b060a3bd93f 100644 --- a/src/Tgstation.Server.Host/Configuration/InternalConfiguration.cs +++ b/src/Tgstation.Server.Host/Configuration/InternalConfiguration.cs @@ -1,4 +1,6 @@ -namespace Tgstation.Server.Host.Configuration +using System; + +namespace Tgstation.Server.Host.Configuration { /// /// Unstable configuration options used internally by TGS. @@ -25,6 +27,11 @@ public sealed class InternalConfiguration /// public bool UsingSystemD { get; set; } + /// + /// If the server is running inside of a Docker container. + /// + public bool UsingDocker => Environment.GetEnvironmentVariable("Internal__UsingDocker")?.Equals("true", StringComparison.OrdinalIgnoreCase) ?? false; + /// /// The base path for the app settings configuration files. /// From f8de3af93196d2ddf44bf34cca8cce07e5389e02 Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Mon, 19 Aug 2024 13:43:45 -0400 Subject: [PATCH 17/18] if it work it work --- .../Configuration/InternalConfiguration.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Tgstation.Server.Host/Configuration/InternalConfiguration.cs b/src/Tgstation.Server.Host/Configuration/InternalConfiguration.cs index b060a3bd93f..945e80bb5a6 100644 --- a/src/Tgstation.Server.Host/Configuration/InternalConfiguration.cs +++ b/src/Tgstation.Server.Host/Configuration/InternalConfiguration.cs @@ -30,7 +30,7 @@ public sealed class InternalConfiguration /// /// If the server is running inside of a Docker container. /// - public bool UsingDocker => Environment.GetEnvironmentVariable("Internal__UsingDocker")?.Equals("true", StringComparison.OrdinalIgnoreCase) ?? false; + public bool UsingDocker { get; set; } /// /// The base path for the app settings configuration files. From 531d8705d04c66317401c3a5fb0f46611d459e1c Mon Sep 17 00:00:00 2001 From: ZephyrTFA Date: Mon, 19 Aug 2024 14:12:34 -0400 Subject: [PATCH 18/18] using dir --- .../Configuration/InternalConfiguration.cs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/Tgstation.Server.Host/Configuration/InternalConfiguration.cs b/src/Tgstation.Server.Host/Configuration/InternalConfiguration.cs index 945e80bb5a6..1d2723e26db 100644 --- a/src/Tgstation.Server.Host/Configuration/InternalConfiguration.cs +++ b/src/Tgstation.Server.Host/Configuration/InternalConfiguration.cs @@ -1,6 +1,4 @@ -using System; - -namespace Tgstation.Server.Host.Configuration +namespace Tgstation.Server.Host.Configuration { /// /// Unstable configuration options used internally by TGS.