From 467f31abe58514540000a9c0ade2833692c2fdb4 Mon Sep 17 00:00:00 2001 From: Ramil Valitov Date: Mon, 14 Sep 2020 18:39:58 +0300 Subject: [PATCH] [add] tests for root privileges (#55) --- tests/all.sh | 17 +++++++++++++++++ zabbix/zabbix_php_fpm_discovery.sh | 6 ++++++ zabbix/zabbix_php_fpm_status.sh | 6 ++++++ 3 files changed, 29 insertions(+) diff --git a/tests/all.sh b/tests/all.sh index 1c1bf93..db58c11 100644 --- a/tests/all.sh +++ b/tests/all.sh @@ -562,6 +562,23 @@ testZabbixGetVersion() { printSuccess "${FUNCNAME[0]}" } +testNonRootUserPrivilegesDiscovery() { + #Run the script under non root user + DATA=$(sudo -u zabbix "/etc/zabbix/zabbix_php_fpm_discovery.sh") + IS_OK=$(echo "$DATA" | grep -F 'Insufficient privileges') + assertNotNull "The discovery script must not work for non root user" "$IS_OK" + printSuccess "${FUNCNAME[0]}" +} + +testNonRootUserPrivilegesStatus() { + #Run the script under non root user + assertNotNull "Test socket is not defined" "$TEST_SOCKET" + DATA=$(sudo -u zabbix "/etc/zabbix/zabbix_php_fpm_status.sh" "$TEST_SOCKET" "/php-fpm-status") + IS_OK=$(echo "$DATA" | grep -F 'Insufficient privileges') + assertNotNull "The status script must not work for non root user" "$IS_OK" + printSuccess "${FUNCNAME[0]}" +} + testPHPIsRunning() { IS_OK=$(sudo ps ax | grep -F "php-fpm: pool " | grep -F -v "grep" | head -n1) assertNotNull "No running PHP-FPM instances found" "$IS_OK" diff --git a/zabbix/zabbix_php_fpm_discovery.sh b/zabbix/zabbix_php_fpm_discovery.sh index 476fe15..f413788 100644 --- a/zabbix/zabbix_php_fpm_discovery.sh +++ b/zabbix/zabbix_php_fpm_discovery.sh @@ -132,6 +132,12 @@ if [[ ! -d "$CACHE_ROOT" ]]; then exit 1 fi +USER_ID=$(id -u) +if [[ $USER_ID -ne 0 ]]; then + echo "Insufficient privileges. This script must be run under 'root' user or with 'sudo'." + exit 1 +fi + function createCacheDirectory() { if [[ ! -d "$CACHE_DIRECTORY" ]]; then mkdir "$CACHE_DIRECTORY" diff --git a/zabbix/zabbix_php_fpm_status.sh b/zabbix/zabbix_php_fpm_status.sh index f9a6b09..2252215 100644 --- a/zabbix/zabbix_php_fpm_status.sh +++ b/zabbix/zabbix_php_fpm_status.sh @@ -16,6 +16,12 @@ if [[ ! -x $S_GREP ]]; then exit 1 fi +USER_ID=$(id -u) +if [[ $USER_ID -ne 0 ]]; then + echo "Insufficient privileges. This script must be run under 'root' user or with 'sudo'." + exit 1 +fi + if [[ -z $1 ]] || [[ -z $2 ]]; then echo "No input data specified" echo "Usage: $0 php-path status"