Require root to run ipa-healthcheck

The vast majority of checks require root access so enforce it at run time. This won't affect other runtimes that use healthcheck-core. Fixes: freeipa#148 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten · Jun 16, 2022 · 5a729c0 · 5a729c0
1 parent c9feb33
commit 5a729c0
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/src/ipahealthcheck/core/main.py b/src/ipahealthcheck/core/main.py
@@ -2,7 +2,7 @@
 # Copyright (C) 2019 FreeIPA Contributors see COPYING for license
 #
 
-from os import environ
+import os
 import sys
 
 from ipahealthcheck.core import constants
@@ -43,8 +43,10 @@ def add_options(self):
 
 
 def main():
-    environ["KRB5_CLIENT_KTNAME"] = "/etc/krb5.keytab"
-    environ["KRB5CCNAME"] = "MEMORY:"
+    if not os.getegid() == 0:
+        sys.exit("\nYou must be root to run this script.\n")
+    os.environ["KRB5_CLIENT_KTNAME"] = "/etc/krb5.keytab"
+    os.environ["KRB5CCNAME"] = "MEMORY:"
 
     ipachecks = IPAChecks(['ipahealthcheck.registry',
                            'pkihealthcheck.registry'],