enable-tor: No longer needs to be run as root.

When run by not root, su's to root automatically.

This commit was sponsored by Brock Spratlen on Patreon.

1 files changed, 29 insertions, 3 deletions

diff --git a/Command/EnableTor.hs b/Command/EnableTor.hs
index c6d477b4e..91d5af701 100644
--- a/Command/EnableTor.hs
+++ b/Command/EnableTor.hs
@@ -5,12 +5,20 @@
  - Licensed under the GNU GPL version 3 or higher.
  -}
 
+{-# LANGUAGE CPP #-}
+
 module Command.EnableTor where
 
 import Command
 import P2P.Address
 import Utility.Tor
 import Annex.UUID
+import Config.Files
+
+#ifndef mingw32_HOST_OS
+import Utility.Su
+import System.Posix.User
+#endif
 
 -- This runs as root, so avoid making any commits or initializing
 -- git-annex, or doing other things that create root-owned files.
@@ -23,9 +31,27 @@ seek :: CmdParams -> CommandSeek
 seek = withWords start
 
 start :: [String] -> CommandStart
-start ps = case readish =<< headMaybe ps of
-	Nothing -> giveup "Bad params"
-	Just userid -> do
+start os = do
+#ifndef mingw32_HOST_OS
+	curruserid <- liftIO getEffectiveUserID
+	if curruserid == 0
+		then case readish =<< headMaybe os of
+			Nothing -> giveup "Need user-id parameter."
+			Just userid -> go userid
+		else do
+			liftIO $ putStrLn "Need root access to enable tor..."
+			gitannex <- liftIO readProgramFile
+			let ps = [Param (cmdname cmd), Param (show curruserid)]
+			ifM (liftIO $ runAsRoot gitannex ps)
+				( stop
+				, giveup $ unwords $
+					[ "Failed to run as root:" , gitannex ] ++ toCommand ps
+				)
+#else
+	go 0
+#endif
+  where
+	go userid = do
 		uuid <- getUUID
 		when (uuid == NoUUID) $
 			giveup "This can only be run in a git-annex repository."