fix(sudo): handle root user case

fargito · fargito · commit 7d47a5cf2f28 · 2025-10-23T17:48:32.000+02:00
diff --git a/src/run/runner/helpers/run_with_sudo.rs b/src/run/runner/helpers/run_with_sudo.rs
@@ -4,65 +4,137 @@ use std::{
     process::{Command, Stdio},
 };
 
+/// Check if we're running as root
+fn is_root() -> bool {
+    #[cfg(unix)]
+    {
+        // On Unix-like systems, check if effective UID is 0
+        nix::unistd::geteuid().is_root()
+    }
+    #[cfg(not(unix))]
+    {
+        false
+    }
+}
+
+/// Check if sudo is available and works without a password
+fn check_sudo_available() -> bool {
+    // If we're already root, we don't need sudo
+    if is_root() {
+        debug!("Running as root, sudo not needed");
+        return false;
+    }
+
+    Command::new("sudo")
+        .arg("--non-interactive")
+        .arg("true")
+        .stdout(Stdio::null())
+        .stderr(Stdio::null())
+        .status()
+        .is_ok_and(|status| status.success())
+}
+
 /// Validate sudo access, prompting the user for their password if necessary
-fn validate_sudo_access() -> Result<()> {
-    let needs_password = IsTerminal::is_terminal(&std::io::stdout())
-        && Command::new("sudo")
-            .arg("--non-interactive") // Fail if password is required
-            .arg("true")
-            .stdout(Stdio::null())
-            .stderr(Stdio::null())
+/// Returns true if sudo should be used, false if commands should run without sudo
+fn validate_sudo_access() -> Result<bool> {
+    let is_terminal = IsTerminal::is_terminal(&std::io::stdout());
+
+    // First check if sudo is needed and available
+    // This returns false if we're root (don't need sudo) or true if sudo works
+    if check_sudo_available() {
+        debug!("Sudo is available and configured for passwordless access");
+        return Ok(true);
+    }
+
+    // If we're running as root, we don't need sudo
+    if is_root() {
+        debug!("Running as root, commands will execute without sudo");
+        return Ok(false);
+    }
+
+    // If we're not in a terminal (e.g., CI environment), we can't prompt for password
+    if !is_terminal {
+        debug!("Not in a terminal and sudo requires password - will run without sudo");
+        return Ok(false);
+    }
+
+    // In a terminal, prompt for password
+    suspend_progress_bar(|| {
+        info!("Sudo privileges are required to continue. Please enter your password if prompted.");
+
+        // Validate and cache sudo credentials
+        let auth_status = Command::new("sudo")
+            .arg("--validate") // Validate and extend the timeout
+            .stdin(Stdio::inherit())
+            .stdout(Stdio::inherit())
+            .stderr(Stdio::inherit())
             .status()
-            .map(|status| !status.success())
-            .unwrap_or(true);
-
-    if needs_password {
-        suspend_progress_bar(|| {
-            info!(
-                "Sudo privileges are required to continue. Please enter your password if prompted."
-            );
-
-            // Validate and cache sudo credentials
-            let auth_status = Command::new("sudo")
-                .arg("--validate") // Validate and extend the timeout
-                .stdin(Stdio::inherit())
-                .stdout(Stdio::inherit())
-                .stderr(Stdio::inherit())
-                .status()
-                .map_err(|_| anyhow!("Failed to authenticate with sudo"))?;
-
-            if !auth_status.success() {
-                bail!("Failed to authenticate with sudo");
-            }
-            Ok(())
-        })?;
+            .map_err(|_| anyhow!("Failed to authenticate with sudo"))?;
+
+        if !auth_status.success() {
+            bail!("Failed to authenticate with sudo");
+        }
+        Ok(true)
+    })
+}
+
+/// Creates the base command (with or without sudo) after validating sudo access
+fn create_command() -> Result<(Command, bool)> {
+    let use_sudo = validate_sudo_access()?;
+
+    if use_sudo {
+        let mut cmd = Command::new("sudo");
+        // Password prompt should not appear here since it has already been validated
+        cmd.arg("--non-interactive");
+        Ok((cmd, true))
+    } else {
+        // Return a dummy command - caller will need to handle this
+        Ok((Command::new(""), false))
     }
-    Ok(())
 }
 
 /// Creates the base sudo command after validating sudo access
 pub fn validated_sudo_command() -> Result<Command> {
-    validate_sudo_access()?;
+    let use_sudo = validate_sudo_access()?;
+
     let mut cmd = Command::new("sudo");
-    // Password prompt should not appear here since it has already been validated
-    cmd.arg("--non-interactive");
+    if use_sudo {
+        // Password prompt should not appear here since it has already been validated
+        cmd.arg("--non-interactive");
+    }
     Ok(cmd)
 }
 
-/// Run a command with sudo after validating sudo access
+/// Run a command with sudo after validating sudo access (falls back to no sudo if unavailable)
 pub fn run_with_sudo(command_args: &[&str]) -> Result<()> {
-    let command_str = command_args.join(" ");
-    debug!("Running command with sudo: {command_str}");
-    let output = validated_sudo_command()?
-        .args(command_args)
-        .stdout(Stdio::piped())
-        .output()
-        .map_err(|_| anyhow!("Failed to execute command with sudo: {command_str}"))?;
+    let (mut base_cmd, use_sudo) = create_command()?;
+
+    let command_str = if use_sudo {
+        format!("sudo {}", command_args.join(" "))
+    } else {
+        command_args.join(" ")
+    };
+
+    debug!("Running command: {command_str}");
+
+    let output = if use_sudo {
+        base_cmd
+            .args(command_args)
+            .stdout(Stdio::piped())
+            .output()
+            .map_err(|_| anyhow!("Failed to execute command with sudo: {command_str}"))?
+    } else {
+        Command::new(command_args[0])
+            .args(&command_args[1..])
+            .stdout(Stdio::piped())
+            .output()
+            .map_err(|_| anyhow!("Failed to execute command: {command_str}"))?
+    };
 
     if !output.status.success() {
         info!("stdout: {}", String::from_utf8_lossy(&output.stdout));
         error!("stderr: {}", String::from_utf8_lossy(&output.stderr));
-        bail!("Failed to execute command with sudo: {command_str}");
+        bail!("Failed to execute command: {command_str}");
     }
 
     Ok(())
