farhoodlabs/trebuchet
8
0
Fork 0
Code Issues Pull Requests 5 Actions Packages Projects Releases Wiki Activity

feat(cli): block running with sudo or as root
CI / Type-check & lint (pull_request) Successful in 16s
Details
CI / Build & push API image (pull_request) Has been skipped
Details
CI / Build & push worker image (pull_request) Has been skipped
Details

Browse Source 
Backport upstream Shannon PR #323. Adds privilege check at CLI startup
that prevents execution via sudo or as the root user.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Chris Farhood
2026-05-20 00:30:58 +00:00
committed by Hugh Commit [agent]
parent 085624b287
commit 800afbfefb
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/cli/src/index.ts
+21
View File
@@ -26,6 +26,25 @@ import { displaySplash } from './splash.js';
const __dirname = path.dirname(fileURLToPath(import.meta.url));
function blockSudo(): void {
const isSudo = !!process.env.SUDO_USER;
const isRoot = process.geteuid?.() === 0;
if (!isSudo && !isRoot) return;
if (isSudo) {
console.error('ERROR: Shannon must not be run with sudo.');
console.error('Re-run this command as your normal user.');
} else {
console.error('ERROR: Shannon must not be run as the root user.');
console.error('Switch to a regular user account and re-run this command.');
}
if (process.platform === 'linux') {
console.error('Configure Docker to run without sudo first:');
console.error('https://docs.docker.com/engine/install/linux-postinstall');
}
process.exit(1);
}
function getVersion(): string {
try {
const pkgPath = path.join(__dirname, '..', 'package.json');
@@ -179,6 +198,8 @@ function parseStartArgs(argv: string[]): ParsedStartArgs {
// === Main Dispatch ===
blockSudo();
const args = process.argv.slice(2);
// Parse --backend flag before command dispatch