Merge: * auto-upgrade: don't show Upgrade button on UNIX if running under non-root user

Close #1193 * commit '58f183103248d3efd7e94551ffaebc5df3689ac0': * auto-upgrade: don't show Upgrade button on UNIX if running under non-root user
2024-11-22 21:15:35 +03:00 · 2020-03-18 15:19:30 +03:00 · 2020-03-18 15:19:30 +03:00 · 7ff743ab32
commit 7ff743ab32
parent 3303d77dad 58f1831032
1 changed files with 17 additions and 1 deletions
--- a/home/control_update.go
+++ b/home/control_update.go
@ -52,7 +52,23 @@ func getVersionResp(data []byte) []byte {
 	}
 	_, ok := versionJSON[dloadName]
 	if ok && ret["new_version"] != versionString && versionString >= selfUpdateMinVersion {
-		ret["can_autoupdate"] = true
+		canUpdate := true
+
+		tlsConf := tlsConfigSettings{}
+		Context.tls.WriteDiskConfig(&tlsConf)
+
+		if runtime.GOOS != "windows" &&
+			((tlsConf.Enabled && (tlsConf.PortHTTPS < 1024 || tlsConf.PortDNSOverTLS < 1024)) ||
+				config.BindPort < 1024 ||
+				config.DNS.Port < 1024) {
+			// On UNIX, if we're running under a regular user,
+			//  but with CAP_NET_BIND_SERVICE set on a binary file,
+			//  and we're listening on ports <1024,
+			//  we won't be able to restart after we replace the binary file,
+			//  because we'll lose CAP_NET_BIND_SERVICE capability.
+			canUpdate, _ = util.HaveAdminRights()
+		}
+		ret["can_autoupdate"] = canUpdate
 	}

 	d, _ := json.Marshal(ret)