feat: detect and warn if running as root

2025-09-26 14:49:12 +02:00
parent 7c7e7c3ce4
commit 47b51a8be0
7 changed files with 83 additions and 3 deletions
--- a/src/config.rs
+++ b/src/config.rs
@@ -295,6 +295,8 @@ pub struct Vim {
 #[derive(Deserialize, Default, Debug, Merge)]
 #[serde(deny_unknown_fields)]
 pub struct Misc {
+    allow_root: Option<bool>,
+
    pre_sudo: Option<bool>,

    sudo_command: Option<SudoKind>,
@@ -767,6 +769,10 @@ pub struct CommandLineArgs {
    #[arg(long = "show-skipped")]
    show_skipped: bool,

+    /// Suppress warning and confirmation prompt if running as root
+    #[arg(long = "allow-root")]
+    allow_root: bool,
+
    /// Tracing filter directives.
    ///
    /// See: https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives
@@ -1535,6 +1541,16 @@ impl Config {
            .unwrap_or(true)
    }

+    pub fn allow_root(&self) -> bool {
+        self.opt.allow_root
+            || self
+                .config_file
+                .misc
+                .as_ref()
+                .and_then(|misc| misc.allow_root)
+                .unwrap_or(false)
+    }
+
    pub fn sudo_command(&self) -> Option<SudoKind> {
        self.config_file.misc.as_ref().and_then(|misc| misc.sudo_command)
    }
--- a/src/main.rs
+++ b/src/main.rs
@@ -29,7 +29,7 @@ use self::error::Upgraded;
 use self::steps::{remote::*, *};
 #[allow(clippy::wildcard_imports)]
 use self::terminal::*;
-use self::utils::{install_color_eyre, install_tracing, update_tracing};
+use self::utils::{install_color_eyre, install_tracing, is_elevated, update_tracing};

 mod breaking_changes;
 mod command;
@@ -134,6 +134,18 @@ fn run() -> Result<()> {
        }
    }

+    let elevated = is_elevated();
+
+    #[cfg(unix)]
+    if !config.allow_root() && elevated {
+        print_warning(t!(
+            "Topgrade should not be run as root, it will run commands with sudo or equivalent where needed."
+        ));
+        if !prompt_yesno(&t!("Continue?"))? {
+            exit(1)
+        }
+    }
+
    #[cfg(target_os = "linux")]
    let distribution = linux::Distribution::detect();

@@ -157,7 +169,7 @@ fn run() -> Result<()> {
    if !should_skip() && first_run_of_major_release()? {
        print_breaking_changes();

-        if prompt_yesno("Confirmed?")? {
+        if prompt_yesno(&t!("Continue?"))? {
            write_keep_file()?;
        } else {
            exit(1);
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -169,6 +169,22 @@ pub fn hostname() -> Result<String> {
        .map(|output| output.stdout.trim().to_owned())
 }

+#[cfg(unix)]
+pub fn is_elevated() -> bool {
+    let euid = nix::unistd::Uid::effective();
+    debug!("Running with euid: {euid}");
+    euid.is_root()
+}
+
+#[cfg(windows)]
+pub fn is_elevated() -> bool {
+    let elevated = is_elevated::is_elevated();
+    if elevated {
+        debug!("Detected elevated process");
+    }
+    elevated
+}
+
 pub mod merge_strategies {
    use merge::Merge;