mirror of
https://github.com/tailscale/tailscale.git
synced 2024-12-04 23:45:34 +00:00
c98652c333
Since users can run tailscaled in a variety of ways (root, non-root, non-root with process capabilities on Linux), this check will print the current process permissions to the log to aid in debugging. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ida93a206123f98271a0c664775d0baba98b330c7
57 lines
1.2 KiB
Go
57 lines
1.2 KiB
Go
// Copyright (c) Tailscale Inc & AUTHORS
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
// Package permissions provides a doctor.Check that prints the process
|
|
// permissions for the running process.
|
|
package permissions
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"os/user"
|
|
"strings"
|
|
|
|
"golang.org/x/exp/constraints"
|
|
"tailscale.com/types/logger"
|
|
)
|
|
|
|
// Check implements the doctor.Check interface.
|
|
type Check struct{}
|
|
|
|
func (Check) Name() string {
|
|
return "permissions"
|
|
}
|
|
|
|
func (Check) Run(_ context.Context, logf logger.Logf) error {
|
|
return permissionsImpl(logf)
|
|
}
|
|
|
|
func formatUserID[T constraints.Integer](id T) string {
|
|
idStr := fmt.Sprint(id)
|
|
if uu, err := user.LookupId(idStr); err != nil {
|
|
return idStr + "(<unknown>)"
|
|
} else {
|
|
return fmt.Sprintf("%s(%q)", idStr, uu.Username)
|
|
}
|
|
}
|
|
|
|
func formatGroupID[T constraints.Integer](id T) string {
|
|
idStr := fmt.Sprint(id)
|
|
if g, err := user.LookupGroupId(idStr); err != nil {
|
|
return idStr + "(<unknown>)"
|
|
} else {
|
|
return fmt.Sprintf("%s(%q)", idStr, g.Name)
|
|
}
|
|
}
|
|
|
|
func formatGroups[T constraints.Integer](groups []T) string {
|
|
var buf strings.Builder
|
|
for i, group := range groups {
|
|
if i > 0 {
|
|
buf.WriteByte(',')
|
|
}
|
|
buf.WriteString(formatGroupID(group))
|
|
}
|
|
return buf.String()
|
|
}
|