From 6ec6567badf6d2d369f84297aae2fe0657202a4c Mon Sep 17 00:00:00 2001
From: Robert Muir <rmuir@apache.org>
Date: Tue, 5 May 2015 01:29:57 -0400
Subject: [PATCH] bail if ES is run as root

---
 .../java/org/elasticsearch/bootstrap/Bootstrap.java |  9 +++++++++
 .../java/org/elasticsearch/common/jna/CLibrary.java |  2 +-
 .../java/org/elasticsearch/common/jna/Natives.java  | 13 +++++++++++++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/elasticsearch/bootstrap/Bootstrap.java b/src/main/java/org/elasticsearch/bootstrap/Bootstrap.java
index 74e8ec62cbc25..8da00e68183a3 100644
--- a/src/main/java/org/elasticsearch/bootstrap/Bootstrap.java
+++ b/src/main/java/org/elasticsearch/bootstrap/Bootstrap.java
@@ -90,6 +90,15 @@ public static void initializeNatives(boolean mlockAll, boolean ctrlHandler) {
         if (mlockAll) {
             Natives.tryMlockall();
         }
+        
+        // check if the user is running as root, and bail
+        if (Natives.definitelyRunningAsRoot()) {
+            if (Boolean.parseBoolean(System.getProperty("es.insecure.allow.root"))) {
+                Loggers.getLogger(Bootstrap.class).warn("running as ROOT user. this is a bad idea!");
+            } else {
+                throw new RuntimeException("don't run elasticsearch as root.");
+            }
+        }
 
         // listener for windows close event
         if (ctrlHandler) {
diff --git a/src/main/java/org/elasticsearch/common/jna/CLibrary.java b/src/main/java/org/elasticsearch/common/jna/CLibrary.java
index eda896040f7c0..d3e2c19188de9 100644
--- a/src/main/java/org/elasticsearch/common/jna/CLibrary.java
+++ b/src/main/java/org/elasticsearch/common/jna/CLibrary.java
@@ -48,7 +48,7 @@ public class CLibrary {
 
     public static native int mlockall(int flags);
 
-    public static native int munlockall();
+    public static native int geteuid();
 
     private CLibrary() {
     }
diff --git a/src/main/java/org/elasticsearch/common/jna/Natives.java b/src/main/java/org/elasticsearch/common/jna/Natives.java
index d6c6838842a47..b1cea21a954f5 100644
--- a/src/main/java/org/elasticsearch/common/jna/Natives.java
+++ b/src/main/java/org/elasticsearch/common/jna/Natives.java
@@ -61,6 +61,19 @@ public static void tryMlockall() {
             }
         }
     }
+    
+    /** Returns true if user is root, false if not, or if we don't know */
+    public static boolean definitelyRunningAsRoot() {
+        if (Constants.WINDOWS) {
+            return false; // don't know
+        }
+        try {
+            return CLibrary.geteuid() == 0;
+        } catch (Throwable error) {
+            logger.warn("unable to determine euid", error);
+            return false; // don't know
+        }
+    }
 
     public static void addConsoleCtrlHandler(ConsoleCtrlHandler handler) {
         // The console Ctrl handler is necessary on Windows platforms only.