Allow running postgres on root + fix clippy lints

.gitignore

@@ -1,2 +1,3 @@
 /target
+/.idea
 Cargo.lock

Cargo.toml

@@ -14,19 +14,19 @@ maintenance = { status = "experimental" }
 
 [dependencies]
 glob = "0.3"
-lazy_static = "1.4.0"
-nix = "0.22"
+nix = "0.26"
 tempdir = "0.3"
 thiserror = "1.0"
 tokio = { version = "1.8", features = ["parking_lot", "rt", "sync", "io-util", "process", "macros", "fs"], default-features = false, optional = true }
 tracing = "0.1"
 which = "4.0"
+once_cell = "1"
 
 [dev-dependencies]
-test-env-log = { version = "0.2", default-features = false, features = ["trace"] }
+test-log = { version = "0.2", default-features = false, features = ["trace"] }
 tokio = { version = "1.8", features = ["parking_lot", "rt", "rt-multi-thread", "sync", "io-util", "process", "macros", "fs"], default-features = false }
 tokio-postgres = "0.7"
-tracing-subscriber = { version = "0.2", default-features = false, features = ["env-filter", "fmt"] }
+tracing-subscriber = { version = "0.3", default-features = false, features = ["env-filter", "fmt"] }
 
 [features]
 default = []

src/asynchronous.rs

@@ -1,3 +1,4 @@
+use nix::unistd::Uid;
 use std::path::Path;
 use std::process::Stdio;
 use std::sync::Arc;
@@ -16,6 +17,7 @@ use tracing::{debug, instrument};
 
 use crate::errors::{ProcessCapture, TmpPostgrustError, TmpPostgrustResult};
 use crate::search::find_postgresql_command;
+use crate::POSTGRES_UID_GID;
 
 /// Limit the total processes that can be running at any one time.
 pub(crate) static MAX_CONCURRENT_PROCESSES: Semaphore = Semaphore::const_new(8);
@@ -32,7 +34,7 @@ async fn exec_process(
         .await
         .map_err(|err| TmpPostgrustError::ExecSubprocessFailed {
             source: err,
-            command: format!("{:?}", command),
+            command: format!("{command:?}"),
         })?;
 
     if output.status.success() {
@@ -56,12 +58,15 @@ pub(crate) fn start_postgres_subprocess(
     let postgres_path =
         find_postgresql_command("bin", "postgres").expect("failed to find postgres");
 
-    Command::new(postgres_path)
+    let mut command = Command::new(postgres_path);
+    command
         .env("PGDATA", data_directory.to_str().unwrap())
         .arg("-p")
         .arg(port.to_string())
         .stdout(Stdio::piped())
-        .stderr(Stdio::piped())
+        .stderr(Stdio::piped());
+    cmd_as_non_root(&mut command);
+    command
         .spawn()
         .map_err(TmpPostgrustError::SpawnSubprocessFailed)
 }
@@ -71,13 +76,12 @@ pub(crate) async fn exec_init_db(data_directory: &'_ Path) -> TmpPostgrustResult
     let initdb_path = find_postgresql_command("bin", "initdb").expect("failed to find initdb");
 
     debug!("Initializing database in: {:?}", data_directory);
-    exec_process(
-        &mut Command::new(initdb_path)
-            .env("PGDATA", data_directory.to_str().unwrap())
-            .arg("--username=postgres"),
-        TmpPostgrustError::InitDBFailed,
-    )
-    .await
+    let mut command = Command::new(initdb_path);
+    command
+        .env("PGDATA", data_directory.to_str().unwrap())
+        .arg("--username=postgres");
+    cmd_as_non_root(&mut command);
+    exec_process(&mut command, TmpPostgrustError::InitDBFailed).await
 }
 
 #[instrument]
@@ -117,21 +121,20 @@ pub(crate) async fn exec_create_db(
     owner: &'_ str,
     dbname: &'_ str,
 ) -> TmpPostgrustResult<()> {
-    exec_process(
-        &mut Command::new("createdb")
-            .arg("-h")
-            .arg(socket)
-            .arg("-p")
-            .arg(port.to_string())
-            .arg("-U")
-            .arg("postgres")
-            .arg("-O")
-            .arg(owner)
-            .arg("--echo")
-            .arg(dbname),
-        TmpPostgrustError::CreateDBFailed,
-    )
-    .await
+    let mut command = Command::new("createdb");
+    command
+        .arg("-h")
+        .arg(socket)
+        .arg("-p")
+        .arg(port.to_string())
+        .arg("-U")
+        .arg("postgres")
+        .arg("-O")
+        .arg(owner)
+        .arg("--echo")
+        .arg(dbname);
+    cmd_as_non_root(&mut command);
+    exec_process(&mut command, TmpPostgrustError::CreateDBFailed).await
 }
 
 #[instrument]
@@ -140,23 +143,35 @@ pub(crate) async fn exec_create_user(
     port: u32,
     username: &'_ str,
 ) -> TmpPostgrustResult<()> {
-    exec_process(
-        &mut Command::new("createuser")
-            .arg("-h")
-            .arg(socket)
-            .arg("-p")
-            .arg(port.to_string())
-            .arg("-U")
-            .arg("postgres")
-            .arg("--superuser")
-            .arg("--echo")
-            .arg(username),
-        TmpPostgrustError::CreateDBFailed,
-    )
-    .await
+    let mut command = Command::new("createuser");
+    command
+        .arg("-h")
+        .arg(socket)
+        .arg("-p")
+        .arg(port.to_string())
+        .arg("-U")
+        .arg("postgres")
+        .arg("--superuser")
+        .arg("--echo")
+        .arg(username);
+    cmd_as_non_root(&mut command);
+    exec_process(&mut command, TmpPostgrustError::CreateDBFailed).await
 }
 
-/// ProcessGuard represents a postgresql process that is running in the background.
+#[instrument]
+pub(crate) async fn chown_to_non_root(dir: &Path) -> TmpPostgrustResult<()> {
+    let current_uid = Uid::effective();
+    if !current_uid.is_root() {
+        return Ok(());
+    }
+
+    let (uid, gid) = &*POSTGRES_UID_GID;
+    let mut cmd = Command::new("chown");
+    cmd.arg("-R").arg(format!("{uid}:{gid}")).arg(dir);
+    exec_process(&mut cmd, TmpPostgrustError::UpdatingPermissionsFailed).await
+}
+
+/// `ProcessGuard` represents a postgresql process that is running in the background.
 /// once the guard is dropped the process will be killed.
 pub struct ProcessGuard {
     /// Allows users to read stdout by line for debugging.
@@ -188,3 +203,12 @@ impl Drop for ProcessGuard {
         }
     }
 }
+
+fn cmd_as_non_root(command: &mut Command) {
+    let current_uid = Uid::effective();
+    if current_uid.is_root() {
+        // PostgreSQL cannot be run as root, so change to default user
+        let (user_id, group_id) = &*POSTGRES_UID_GID;
+        command.uid(user_id.as_raw()).gid(group_id.as_raw());
+    }
+}

src/errors.rs

@@ -52,6 +52,9 @@ pub enum TmpPostgrustError {
     /// Error when the cache directory cannot be created.
     #[error("failed to create cache directory")]
     CreateCacheDirFailed(#[source] std::io::Error),
+    /// Error when `cp` fails for the initialized database.
+    #[error("updating directory permission to non-root failed")]
+    UpdatingPermissionsFailed(ProcessCapture),
 }
 
 /// Result type for `TmpPostgrustError`, used by functions in this crate.