su_to_zulip: Fix detection of zulip user ID.

Apparently, while upgrade-zulip-from-git always ensures that zulip deployment directories are owned by the Zulip user, unpack-zulip (aka the tarball code path) has them owned by root. The user ID detection logic in su_to_zulip's helper get_zulip_uid was intended to support both development environments (where the user ID might vary) and production environments. For development environments, the existing code is fine, but given this unpack-zulip permissions issue, we need to have code to fallback to 'zulip' if the detection logic detects the "zulip" user has having UID 0.
2019-03-04 14:21:44 -08:00 · 2019-03-04 14:21:44 -08:00 · b3444354aa
parent 73655a6176
commit b3444354aa
1 changed files with 11 additions and 4 deletions
--- a/scripts/lib/zulip_tools.py
+++ b/scripts/lib/zulip_tools.py
@ -110,8 +110,15 @@ def subprocess_text_output(args):
    # type: (Sequence[str]) -> str
    return subprocess.check_output(args, universal_newlines=True).strip()

-def get_zulip_uid() -> int:
-    return os.stat(get_deploy_root()).st_uid
+def get_zulip_pwent() -> pwd.struct_passwd:
+    deploy_root_uid = os.stat(get_deploy_root()).st_uid
+    if deploy_root_uid != 0:
+        return pwd.getpwuid(deploy_root_uid)
+
+    # In the case that permissions got messed up and the deployment
+    # directory is unexpectedly owned by root, we fallback to the
+    # `zulip` user as that's the correct value in production.
+    return pwd.getpwnam("zulip")

 def su_to_zulip(save_suid=False):
    # type: (bool) -> None
@ -120,7 +127,7 @@ def su_to_zulip(save_suid=False):
    installation).  It should never be run from the installer or other
    production contexts before /home/zulip/deployments/current is
    created."""
-    pwent = pwd.getpwuid(get_zulip_uid())
+    pwent = get_zulip_pwent()
    os.setgid(pwent.pw_gid)
    if save_suid:
        os.setresuid(pwent.pw_uid, pwent.pw_uid, os.getuid())
@ -429,7 +436,7 @@ def run_as_root(args, **kwargs):
 def assert_not_running_as_root() -> None:
    script_name = os.path.abspath(sys.argv[0])
    if is_root():
-        pwent = pwd.getpwuid(get_zulip_uid())
+        pwent = get_zulip_pwent()
        msg = ("{shortname} should not be run as root. Use `su {user}` to switch to the 'zulip'\n"
               "user before rerunning this, or use \n  su {user} -c '{name} ...'\n"
               "to switch users and run this as a single command.").format(