Disallow running CLI with root privileges (#32583)

In #31331, I made a change that prevents Zed from running with root privileges, but I forgot about the CLI. So if you run the CLI without the `--foreground` flag, it just freezes without any messages. This PR fixes that. Release Notes: - N/A
2025-06-13 20:09:32 +03:00 · 2025-06-13 20:09:32 +03:00 · 628f91dd96
commit 628f91dd96
parent 3fb28f695f
6 changed files with 29 additions and 17 deletions
--- a/crates/util/Cargo.toml
+++ b/crates/util/Cargo.toml
@ -45,6 +45,7 @@ workspace-hack.workspace = true
 [target.'cfg(unix)'.dependencies]
 command-fds = "0.3.1"
 libc.workspace = true
+nix = { workspace = true, features = ["user"] }

 [target.'cfg(windows)'.dependencies]
 tendril = "0.4.3"
--- a/crates/util/src/util.rs
+++ b/crates/util/src/util.rs
@ -213,6 +213,28 @@ where
    items.sort_by(compare);
 }

+/// Prevents execution of the application with root privileges on Unix systems.
+///
+/// This function checks if the current process is running with root privileges
+/// and terminates the program with an error message unless explicitly allowed via the
+/// `ZED_ALLOW_ROOT` environment variable.
+#[cfg(unix)]
+pub fn prevent_root_execution() {
+    let is_root = nix::unistd::geteuid().is_root();
+    let allow_root = std::env::var("ZED_ALLOW_ROOT").is_ok_and(|val| val == "true");
+
+    if is_root && !allow_root {
+        eprintln!(
+            "\
+Error: Running Zed as root or via sudo is unsupported.
+       Doing so (even once) may subtly break things for all subsequent non-root usage of Zed.
+       It is untested and not recommended, don't complain when things break.
+       If you wish to proceed anyways, set `ZED_ALLOW_ROOT=true` in your environment."
+        );
+        std::process::exit(1);
+    }
+}
+
 #[cfg(unix)]
 fn load_shell_from_passwd() -> Result<()> {
    let buflen = match unsafe { libc::sysconf(libc::_SC_GETPW_R_SIZE_MAX) } {