From 1d42fb941af17a29346b2af03338f8e18470f009 Mon Sep 17 00:00:00 2001 From: Michal Ruprich Date: Tue, 22 Nov 2022 12:38:05 +0100 Subject: [PATCH] tools: Enable start of FRR for non-root user There might be use cases when this would make sense, for example running FRR in a container as a designated user. Signed-off-by: Michal Ruprich --- tools/etc/frr/daemons | 5 +++++ tools/frrcommon.sh.in | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/tools/etc/frr/daemons b/tools/etc/frr/daemons index 8aa08871e35..2427bfff777 100644 --- a/tools/etc/frr/daemons +++ b/tools/etc/frr/daemons @@ -91,6 +91,12 @@ pathd_options=" -A 127.0.0.1" # say BGP. #MAX_FDS=1024 +# Uncomment this option if you want to run FRR as a non-root user. Note that +# you should know what you are doing since most of the daemons need root +# to work. This could be useful if you want to run FRR in a container +# for instance. +# FRR_NO_ROOT="yes" + # The list of daemons to watch is automatically generated by the init script. #watchfrr_options="" diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in index 3c16c27c6df..4f095a176e4 100755 --- a/tools/frrcommon.sh.in +++ b/tools/frrcommon.sh.in @@ -43,6 +43,10 @@ RELOAD_SCRIPT="$D_PATH/frr-reload.py" # is_user_root () { + if [[ ! -z $FRR_NO_ROOT && "${FRR_NO_ROOT}" == "yes" ]]; then + return 0 + fi + [ "${EUID:-$(id -u)}" -eq 0 ] || { log_failure_msg "Only users having EUID=0 can start/stop daemons" return 1 diff --git a/doc/user/setup.rst b/doc/user/setup.rst index 25934df..51ffd32 100644 --- a/doc/user/setup.rst +++ b/doc/user/setup.rst @@ -114,6 +114,16 @@ most operating systems is 1024. If the operator plans to run bgp with several thousands of peers than this is where we would modify FRR to allow this to happen. +:: + + FRR_NO_ROOT="yes" + +This option allows you to run FRR as a non-root user. Use this option +only when you know what you are doing since most of the daemons +in FRR will not be able to run under a regular user. This option +is useful for example when you run FRR in a container with a designated +user instead of root. + :: zebra_options=" -s 90000000 --daemon -A 127.0.0.1"