Feature #2935 Modes: root? predicate

Use a predicate method to check if we're running as root, rather than
comparing the effective user id

Signed-off-by: Jesse Wolfe <jes5199@gmail.com>

9 files changed, 14 insertions, 10 deletions

diff --git a/lib/puppet/application/master.rb b/lib/puppet/application/master.rb
index 433a4d2f2..5d597a69b 100644
--- a/lib/puppet/application/master.rb
+++ b/lib/puppet/application/master.rb
@@ -95,7 +95,7 @@ class Puppet::Application::Master < Puppet::Application
             Puppet::SSL::Host.ca_location = :only
         end
 
-        if Process.uid == 0
+        if Puppet.features.root?
             begin
                 Puppet::Util.chuser
             rescue => detail
diff --git a/lib/puppet/feature/base.rb b/lib/puppet/feature/base.rb
index aac04f234..1971f14f2 100644
--- a/lib/puppet/feature/base.rb
+++ b/lib/puppet/feature/base.rb
@@ -15,7 +15,7 @@ Puppet.features.add(:usage, :libs => %w{rdoc/ri/ri_paths rdoc/usage})
 Puppet.features.add(:libshadow, :libs => ["shadow"])
 
 # We're running as root.
-Puppet.features.add(:root) { require 'puppet/util/suidmanager'; Puppet::Util::SUIDManager.uid == 0 }
+Puppet.features.add(:root) { require 'puppet/util/suidmanager'; Puppet::Util::SUIDManager.root? }
 
 # We've got mongrel available
 Puppet.features.add(:mongrel, :libs => %w{rubygems mongrel puppet/network/http_server/mongrel})
diff --git a/lib/puppet/provider/nameservice/directoryservice.rb b/lib/puppet/provider/nameservice/directoryservice.rb
index 9a860b71e..2d4fc24c0 100644
--- a/lib/puppet/provider/nameservice/directoryservice.rb
+++ b/lib/puppet/provider/nameservice/directoryservice.rb
@@ -215,7 +215,7 @@ class DirectoryService < Puppet::Provider::NameService
         # stored in the user record. It is stored at a path that involves the
         # UUID of the user record for non-Mobile local acccounts.
         # Mobile Accounts are out of scope for this provider for now
-        if @resource_type.validproperties.include?(:password) and Process.uid == 0 
+        if @resource_type.validproperties.include?(:password) and Puppet.features.root?
             attribute_hash[:password] = self.get_password(attribute_hash[:guid])
         end
         return attribute_hash
diff --git a/lib/puppet/type/file/owner.rb b/lib/puppet/type/file/owner.rb
index e5ca06a86..2b530928e 100755
--- a/lib/puppet/type/file/owner.rb
+++ b/lib/puppet/type/file/owner.rb
@@ -42,7 +42,7 @@ module Puppet
                 return true if uid == current
             end
 
-            unless Puppet::Util::SUIDManager.uid == 0
+            unless Puppet.features.root?
                 warnonce "Cannot manage ownership unless running as root"
                 return true
             end
diff --git a/lib/puppet/util/settings.rb b/lib/puppet/util/settings.rb
index dd85342c0..1a2126517 100644
--- a/lib/puppet/util/settings.rb
+++ b/lib/puppet/util/settings.rb
@@ -728,7 +728,7 @@ Generated on #{Time.now}.
     def writesub(default, file, *args, &bloc)
         obj = get_config_file_default(default)
         chown = nil
-        if Puppet::Util::SUIDManager.uid == 0
+        if Puppet.features.root?
             chown = [obj.owner, obj.group]
         else
             chown = [nil, nil]
diff --git a/lib/puppet/util/suidmanager.rb b/lib/puppet/util/suidmanager.rb
index 424fb461b..6f09005e2 100644
--- a/lib/puppet/util/suidmanager.rb
+++ b/lib/puppet/util/suidmanager.rb
@@ -44,9 +44,13 @@ module Puppet::Util::SUIDManager
         alias :gid :egid
     end
 
+    def self.root?
+        Process.uid == 0
+    end
+
     # Runs block setting uid and gid if provided then restoring original ids
     def asuser(new_uid=nil, new_gid=nil)
-        return yield unless Process.uid == 0
+        return yield unless root?
         # We set both because some programs like to drop privs, i.e. bash.
         old_uid, old_gid = self.uid, self.gid
         old_euid, old_egid = self.euid, self.egid
diff --git a/spec/unit/application/master.rb b/spec/unit/application/master.rb
index 54336c10e..f082ece16 100644
--- a/spec/unit/application/master.rb
+++ b/spec/unit/application/master.rb
@@ -391,7 +391,7 @@ describe Puppet::Application::Master do
             end
 
             it "should drop privileges if running as root" do
-                Process.stubs(:uid).returns(0)
+                Puppet.features.stubs(:root?).returns true
 
                 Puppet::Util.expects(:chuser)
 
diff --git a/spec/unit/transaction/resource_harness.rb b/spec/unit/transaction/resource_harness.rb
index 2abec3cc0..3b9a42a38 100755
--- a/spec/unit/transaction/resource_harness.rb
+++ b/spec/unit/transaction/resource_harness.rb
@@ -101,7 +101,7 @@ describe Puppet::Transaction::ResourceHarness do
         before do
             @current_state = Puppet::Resource.new(:file, "/my/file")
             @resource.stubs(:retrieve).returns @current_state
-            Puppet::Util::SUIDManager.stubs(:uid).returns 0
+            Puppet.features.stubs(:root?).returns true
         end
 
         it "should retrieve the current values from the resource" do
diff --git a/spec/unit/type/file/owner.rb b/spec/unit/type/file/owner.rb
index 62f7b0ae5..6891ba210 100755
--- a/spec/unit/type/file/owner.rb
+++ b/spec/unit/type/file/owner.rb
@@ -56,7 +56,7 @@ describe property do
     describe "when determining if the file is in sync" do
         describe "and not running as root" do
             it "should warn once and return true" do
-                Puppet::Util::SUIDManager.expects(:uid).returns 1
+                Puppet.features.expects(:root?).returns false
 
                 @owner.expects(:warnonce)
 
@@ -66,7 +66,7 @@ describe property do
         end
 
         before do
-            Puppet::Util::SUIDManager.stubs(:uid).returns 0
+            Puppet.features.stubs(:root?).returns true
         end
 
         it "should be in sync if 'should' is not provided" do