From 0f65c5602c9e265cff84932b5157e271cb6d738a Mon Sep 17 00:00:00 2001
From: Donatas Abraitis <donatas@opensourcerouting.org>
Date: Wed, 20 Apr 2022 18:33:06 +0300
Subject: [PATCH] tools: Allow running frrinit.sh only for EUID=0

watchfrr and staticd do not require <1024 ports to be running, thus they can
start, but others fail.

We should allow only users with EUID=0 (sudo or root) running frrinit.sh.

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
---
 tools/frrcommon.sh.in | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
index 52f5277d25..4683ceef14 100644
--- a/tools/frrcommon.sh.in
+++ b/tools/frrcommon.sh.in
@@ -42,6 +42,13 @@ RELOAD_SCRIPT="$D_PATH/frr-reload.py"
 # general helpers
 #
 
+is_user_root () {
+	[ "${EUID:-$(id -u)}" -eq 0 ] || {
+		log_failure_msg "Only users having EUID=0 can start/stop daemons"
+		return 1
+	}
+}
+
 debug() {
 	[ -n "$watchfrr_debug" ] || return 0
 
@@ -150,6 +157,8 @@ daemon_prep() {
 daemon_start() {
 	local dmninst daemon inst args instopt wrap bin
 
+	is_user_root || exit 1
+
 	all=false
 	[ "$1" = "--all" ] && { all=true; shift; }
 
@@ -183,6 +192,8 @@ daemon_stop() {
 	local dmninst daemon inst pidfile vtyfile pid cnt fail
 	daemon_inst "$1"
 
+	is_user_root || exit 1
+
 	pidfile="$V_PATH/$daemon${inst:+-$inst}.pid"
 	vtyfile="$V_PATH/$daemon${inst:+-$inst}.vty"