Checks for user running as root not working in Windows (design)

[dbwiddis]

Is your feature request related to a problem? Please describe.

Context: I am a committer at the JNA project and have been developing using JNA for 7 years.

The Bootstrap class prevents running OpenSearch as root via the definitelyRunningAsRoot() method:

OpenSearch/server/src/main/java/org/opensearch/bootstrap/Bootstrap.java

Lines 122 to 125 in c13b679

	// check if the user is running as root, and bail
	if (Natives.definitelyRunningAsRoot()) {
	throw new RuntimeException("can not run opensearch as root");
	}

However, this check is failing on Windows by design... there's not even an attempt to check:

OpenSearch/server/src/main/java/org/opensearch/bootstrap/JNANatives.java

Lines 186 to 197 in c13b679

	/** Returns true if user is root, false if not, or if we don't know */
	static boolean definitelyRunningAsRoot() {
	if (Constants.WINDOWS) {
	return false; // don't know
	}
	try {
	return JNACLibrary.geteuid() == 0;
	} catch (UnsatisfiedLinkError e) {
	// this will have already been logged by Kernel32Library, no need to repeat it
	return false;
	}
	}

On macOS, if JNA is not available, we aren't sure: JNA Availability is determined here where an UnsatisfiedLinkError indicates failure to load the library. This will occur for two use case:

• On macOS versions 11.x (Big Sur) or higher, prior to JNA 5.6.0 due to changing the way system libraries are loaded
• On hardware with the M1 chip (aarch64) not running JVM in Rosetta, prior to JNA 5.7.0

This is potentially problematic because the JNA dependency for building server is still at 5.5.0.

OpenSearch/buildSrc/version.properties

Lines 21 to 22 in 658f7a6

	# when updating the JNA version, also update the version in buildSrc/build.gradle
	jna = 5.5.0

OpenSearch/server/build.gradle

Lines 134 to 135 in 6071824

	// jna
	api "net.java.dev.jna:jna:${versions.jna}"

However, it seems to work, possibly because the comment linked buildSrc directory seems to have 5.11.0, which may indicate that published "built" artifacts might work:

OpenSearch/buildSrc/build.gradle

Line 113 in bb47419

api "net.java.dev.jna:jna:5.11.0"

So I'm not clear where the 5.5 fits into the picture, but it could create problems.

---

Describe the solution you'd like

1. Upgrade both JNA dependency versions linked above to the current JNA release, 5.12.1.

2. Implement code to check whether the Windows version is running with elevated permissions by checking the current process's tokens for TOKEN_ELEVATION. I have implemented that code here.

I am happy to submit both changes if this issue is received favorably.

Describe alternatives you've considered
Status quo,and document the lack of checks.

Additional context

Pro: I'm not clear what the reasoning is for prohibiting running as root on Linux, but assuming that's a good thing we should extend it to all operating systems.

Con: This has the potential to break workflows for customers currently using macOS 11.x+ or Windows with elevated permissions, who don't know that's a bad idea.

[anasalkouz]

Hi @dbwiddis, It makes sense to extend this to other operating system, feel free to submit the changes. we would prefer to have those changes into the next major release.

[dblock]

Upgrading JNA is a no-brainer as far as I am concerned.