From 373441b7ab3abfb9145eb5f7dfbbf85c106a3d79 Mon Sep 17 00:00:00 2001 From: James Graham Date: Sun, 25 May 2025 13:36:44 +1200 Subject: [PATCH 1/5] Fix geolock url in README.md Geoblock url needed https:// appended --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 15ca7add..5c20bd5e 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ _Resources page of Pangolin dashboard (dark mode) showing multiple resources ava ### Modular Design -- Extend functionality with existing [Traefik](https://github.com/traefik/traefik) plugins, such as [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) and [Geoblock](github.com/PascalMinder/geoblock). +- Extend functionality with existing [Traefik](https://github.com/traefik/traefik) plugins, such as [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) and [Geoblock](https://github.com/PascalMinder/geoblock). - **Automatically install and configure Crowdsec via Pangolin's installer script.** - Attach as many sites to the central server as you wish. From 56fd366a7dd29ae33b7c2bf6b13b9a3bb79fc1c8 Mon Sep 17 00:00:00 2001 From: Socheat Sok Date: Thu, 29 May 2025 15:59:21 +0700 Subject: [PATCH 2/5] Allow installer to run without sudo & only need it when need to install Docker --- install/main.go | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/install/main.go b/install/main.go index a0d74a43..fc3a7e2f 100644 --- a/install/main.go +++ b/install/main.go @@ -57,12 +57,6 @@ type Config struct { func main() { reader := bufio.NewReader(os.Stdin) - // check if the user is root - if os.Geteuid() != 0 { - fmt.Println("This script must be run as root") - os.Exit(1) - } - var config Config // check if there is already a config file @@ -81,6 +75,15 @@ func main() { moveFile("config/docker-compose.yml", "docker-compose.yml") if !isDockerInstalled() && runtime.GOOS == "linux" { + // Prompt to install Docker if not installed + // But only if the user is root, otherwise we exit with an error message + if os.Geteuid() != 0 { + fmt.Println("Docker is not installed. Please install Docker manually or run this installer as root.") + fmt.Println("You can run this installer with 'sudo' to install Docker automatically.") + fmt.Println("Exiting...") + os.Exit(1) + } + if readBool(reader, "Docker is not installed. Would you like to install it?", true) { installDocker() } @@ -619,4 +622,4 @@ func generateRandomSecretKey() string { b[i] = charset[seededRand.Intn(len(charset))] } return string(b) -} \ No newline at end of file +} From 6f3514199ac7588502c3a7a94d4a205f3be79e7d Mon Sep 17 00:00:00 2001 From: Socheat Sok Date: Thu, 29 May 2025 21:45:57 +0700 Subject: [PATCH 3/5] Revert "Allow installer to run without sudo & only need it when need to install Docker" This reverts commit 56fd366a7dd29ae33b7c2bf6b13b9a3bb79fc1c8. --- install/main.go | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/install/main.go b/install/main.go index fc3a7e2f..a0d74a43 100644 --- a/install/main.go +++ b/install/main.go @@ -57,6 +57,12 @@ type Config struct { func main() { reader := bufio.NewReader(os.Stdin) + // check if the user is root + if os.Geteuid() != 0 { + fmt.Println("This script must be run as root") + os.Exit(1) + } + var config Config // check if there is already a config file @@ -75,15 +81,6 @@ func main() { moveFile("config/docker-compose.yml", "docker-compose.yml") if !isDockerInstalled() && runtime.GOOS == "linux" { - // Prompt to install Docker if not installed - // But only if the user is root, otherwise we exit with an error message - if os.Geteuid() != 0 { - fmt.Println("Docker is not installed. Please install Docker manually or run this installer as root.") - fmt.Println("You can run this installer with 'sudo' to install Docker automatically.") - fmt.Println("Exiting...") - os.Exit(1) - } - if readBool(reader, "Docker is not installed. Would you like to install it?", true) { installDocker() } @@ -622,4 +619,4 @@ func generateRandomSecretKey() string { b[i] = charset[seededRand.Intn(len(charset))] } return string(b) -} +} \ No newline at end of file From c997b8625f7dd5be0b31d7c082d66bb5c14ee6ff Mon Sep 17 00:00:00 2001 From: Socheat Sok Date: Thu, 29 May 2025 21:55:50 +0700 Subject: [PATCH 4/5] Re: "Allow installer to run without sudo & only need it when need to install Docker" --- install/main.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/install/main.go b/install/main.go index a0d74a43..d1ec85eb 100644 --- a/install/main.go +++ b/install/main.go @@ -58,9 +58,11 @@ func main() { reader := bufio.NewReader(os.Stdin) // check if the user is root - if os.Geteuid() != 0 { - fmt.Println("This script must be run as root") - os.Exit(1) + if !isDockerInstalled() { + if os.Geteuid() != 0 { + fmt.Println("Docker is not installed. Please install Docker manually or run this installer as root.") + os.Exit(1) + } } var config Config @@ -619,4 +621,4 @@ func generateRandomSecretKey() string { b[i] = charset[seededRand.Intn(len(charset))] } return string(b) -} \ No newline at end of file +} From 9ea7275371bda7a75bd47c2149e7ee2e62d78a44 Mon Sep 17 00:00:00 2001 From: Socheat Sok Date: Thu, 29 May 2025 22:49:17 +0700 Subject: [PATCH 5/5] Ensure `installer` check if current user is in `docker` group --- install/main.go | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/install/main.go b/install/main.go index d1ec85eb..0d2cf6a4 100644 --- a/install/main.go +++ b/install/main.go @@ -9,6 +9,7 @@ import ( "io/fs" "os" "os/exec" + "os/user" "path/filepath" "runtime" "strings" @@ -57,7 +58,7 @@ type Config struct { func main() { reader := bufio.NewReader(os.Stdin) - // check if the user is root + // check if docker is not installed and the user is root if !isDockerInstalled() { if os.Geteuid() != 0 { fmt.Println("Docker is not installed. Please install Docker manually or run this installer as root.") @@ -65,6 +66,13 @@ func main() { } } + // check if the user is in the docker group (linux only) + if !isUserInDockerGroup() { + fmt.Println("You are not in the docker group.") + fmt.Println("The installer will not be able to run docker commands without running it as root.") + os.Exit(1) + } + var config Config // check if there is already a config file @@ -481,6 +489,34 @@ func isDockerInstalled() bool { return true } +func isUserInDockerGroup() bool { + if runtime.GOOS == "darwin" { + // Docker group is not applicable on macOS + // So we assume that the user can run Docker commands + return true + } + + if os.Geteuid() == 0 { + return true // Root user can run Docker commands anyway + } + + // Check if the current user is in the docker group + if dockerGroup, err := user.LookupGroup("docker"); err == nil { + if currentUser, err := user.Current(); err == nil { + if currentUserGroupIds, err := currentUser.GroupIds(); err == nil { + for _, groupId := range currentUserGroupIds { + if groupId == dockerGroup.Gid { + return true + } + } + } + } + } + + // Eventually, if any of the checks fail, we assume the user cannot run Docker commands + return false +} + // executeDockerComposeCommandWithArgs executes the appropriate docker command with arguments supplied func executeDockerComposeCommandWithArgs(args ...string) error { var cmd *exec.Cmd