add admin check

DataDog · Mar 7, 2025 · e348bc7 · e348bc7
1 parent 22bdd27
commit e348bc7
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 8 deletions.
diff --git a/cmd/installer/subcommands/subcommands.go b/cmd/installer/subcommands/subcommands.go
@@ -7,8 +7,6 @@
 package subcommands
 
 import (
-	"fmt"
-
 	"github.com/DataDog/datadog-agent/cmd/installer/command"
 	"github.com/DataDog/datadog-agent/cmd/installer/subcommands/daemon"
 	"github.com/DataDog/datadog-agent/cmd/installer/user"
@@ -42,7 +40,7 @@ func withRoot(factory command.SubcommandFactory) command.SubcommandFactory {
 			return nil
 		}
 		if !user.IsRoot() {
-			return fmt.Errorf("this command requires root privileges")
+			return user.ErrRootRequired
 		}
 		return user.DatadogAgentToRoot()
 	})
@@ -54,7 +52,7 @@ func withDatadogAgent(factory command.SubcommandFactory) command.SubcommandFacto
 			return nil
 		}
 		if !user.IsRoot() {
-			return fmt.Errorf("this command requires root privileges")
+			return user.ErrRootRequired
 		}
 		return user.RootToDatadogAgent()
 	})

diff --git a/cmd/installer/user/user_darwin.go b/cmd/installer/user/user_darwin.go
@@ -8,7 +8,13 @@
 // Package user provides helpers to change the user of the process.
 package user
 
-import "syscall"
+import (
+	"fmt"
+	"syscall"
+)
+
+// ErrRootRequired is the error returned when an operation requires root privileges.
+var ErrRootRequired = fmt.Errorf("operation requires root privileges")
 
 // IsRoot always returns true on darwin.
 func IsRoot() bool {

diff --git a/cmd/installer/user/user_nix.go b/cmd/installer/user/user_nix.go
@@ -15,6 +15,9 @@ import (
 	"syscall"
 )
 
+// ErrRootRequired is the error returned when an operation requires root privileges.
+var ErrRootRequired = fmt.Errorf("operation requires root privileges")
+
 // IsRoot returns true if the process is running as root.
 func IsRoot() bool {
 	return syscall.Getuid() == 0

diff --git a/cmd/installer/user/user_windows.go b/cmd/installer/user/user_windows.go
@@ -8,9 +8,22 @@
 // Package user provides helpers to change the user of the process.
 package user
 
-// IsRoot always returns true on windows.
+import (
+	"fmt"
+
+	"github.com/DataDog/datadog-agent/pkg/util/winutil"
+)
+
+// ErrRootRequired is the error returned when an operation requires Administrator privileges.
+var ErrRootRequired = fmt.Errorf("operation requires Administrator privileges")
+
+// IsRoot returns true if token has Administrators group enabled
 func IsRoot() bool {
-	return true
+	isAdmin, err := winutil.IsUserAnAdmin()
+	if err != nil {
+		fmt.Printf("error checking if user is admin: %v\n", err)
+	}
+	return isAdmin
 }
 
 // RootToDatadogAgent is a noop on windows.

diff --git a/pkg/util/winutil/users.go b/pkg/util/winutil/users.go
@@ -56,7 +56,7 @@ func IsUserAnAdmin() (bool, error) {
 		0, 0, 0, 0, 0, 0,
 		&administratorsGroup)
 	if err != nil {
-		return false, fmt.Errorf("could not get local system SID: %w", err)
+		return false, fmt.Errorf("could not get Administrators group SID: %w", err)
 	}
 	defer windows.FreeSid(administratorsGroup)