fleet/orbit/pkg/execuser/execuser.go

// Package execuser is used to run applications from a high privilege user (root on Unix,
// SYSTEM service on Windows) as the current login user.
package execuser

import (
	"time"
)

type eopts struct {
	env        [][2]string
	args       [][2]string
	stderrPath string //nolint:structcheck,unused
	timeout    time.Duration
	user       string
}

// Option allows configuring the application.
type Option func(*eopts)

// WithEnv sets environment variables for the application.
func WithEnv(name, value string) Option {
	return func(a *eopts) {
		a.env = append(a.env, [2]string{name, value})
	}
}

// WithArg sets command line arguments for the application.
func WithArg(name, value string) Option {
	return func(a *eopts) {
		a.args = append(a.args, [2]string{name, value})
	}
}

// WithTimeout sets the timeout for the application. Currently only supported on Linux.
func WithTimeout(duration time.Duration) Option {
	return func(a *eopts) {
		a.timeout = duration
	}
}

// WithUser sets the user to run the application as. Currently only supported on MacOS.
func WithUser(user string) Option {
	return func(a *eopts) {
		a.user = user
	}
}

// Run runs an application as the current login user.
// It assumes the caller is running with high privileges (root on Unix, SYSTEM on Windows).
//
// It returns after starting the child process.
func Run(path string, opts ...Option) (lastLogs string, err error) {
	var o eopts
	for _, fn := range opts {
		fn(&o)
	}
	return run(path, o)
}

// RunWithOutput runs an application as the current login user and returns its output.
// It assumes the caller is running with high privileges (root on UNIX).
//
// It blocks until the child process exits.
// Non ExitError errors return with a -1 exitCode.
func RunWithOutput(path string, opts ...Option) (output []byte, exitCode int, err error) {
	var o eopts
	for _, fn := range opts {
		fn(&o)
	}
	return runWithOutput(path, o)
}
Orbit: Add Fleet Desktop support to Windows (#4873) * Orbit: Add Fleet Desktop support to Windows * Rename workflow, fix linux build * Do not compile systray on linux * nolint on unused * Fix lint properly * nolint both checkers * Fix monitor logic in desktopRunner * Fix interrupt and execute order 2022-04-01 20:28:51 +00:00			`// Package execuser is used to run applications from a high privilege user (root on Unix,`
			`// SYSTEM service on Windows) as the current login user.`
			`package execuser`

add kdialog for kubuntu key escrow (#24405) 2024-12-05 15:44:16 +00:00			`import (`
			`"time"`
			`)`
bugfix: orbit linux zenity progress windows (#24280) 2024-12-05 15:02:03 +00:00
Orbit: Add Fleet Desktop support to Windows (#4873) * Orbit: Add Fleet Desktop support to Windows * Rename workflow, fix linux build * Do not compile systray on linux * nolint on unused * Fix lint properly * nolint both checkers * Fix monitor logic in desktopRunner * Fix interrupt and execute order 2022-04-01 20:28:51 +00:00			`type eopts struct {`
			`env [][2]string`
launch Nudge using /usr/bin/open (#10051) this accomplishes two things: 1. We're not waiting on Nudge to exit anymore, preventing issues like https://github.com/fleetdm/fleet/issues/10044 2. Nudge is launched as a local user instead of root, which is the recommended way to do it. 2023-02-23 17:48:40 +00:00			`args [][2]string`
Orbit: Add Fleet Desktop support to Windows (#4873) * Orbit: Add Fleet Desktop support to Windows * Rename workflow, fix linux build * Do not compile systray on linux * nolint on unused * Fix lint properly * nolint both checkers * Fix monitor logic in desktopRunner * Fix interrupt and execute order 2022-04-01 20:28:51 +00:00			`stderrPath string //nolint:structcheck,unused`
add kdialog for kubuntu key escrow (#24405) 2024-12-05 15:44:16 +00:00			`timeout time.Duration`
Ensure MacOS desktop app launched as correct user (#27296) For #25924 This PR attempts to fix the issue where the Fleet desktop icon sometimes fails to appear on MacOS hosts until the hosts are rebooted. Anecdotal evidence points to this being an issue when system setup is happening, leading to the theory that Orbit is attempting to launch the app as `_mbsetupuser` rather than the real logged-in user. The fix here is to use a different command to get the name of the logged-in user (ignoring `_mbsetupuser` if it appears), and to launch the desktop app as that user using `sudo`. I have tested this on MacOS and Ubuntu hosts, and verified that the desktop app launches as expected on both. We don't have a solid reproduction scenario for the issue, but we do have [some ways to look for relevant errors](https://github.com/fleetdm/fleet/issues/19172#issuecomment-2627812786), so we can try this out and see if those errors cease. 2025-03-20 14:49:23 +00:00			`user string`
Orbit: Add Fleet Desktop support to Windows (#4873) * Orbit: Add Fleet Desktop support to Windows * Rename workflow, fix linux build * Do not compile systray on linux * nolint on unused * Fix lint properly * nolint both checkers * Fix monitor logic in desktopRunner * Fix interrupt and execute order 2022-04-01 20:28:51 +00:00			`}`

			`// Option allows configuring the application.`
			`type Option func(*eopts)`

			`// WithEnv sets environment variables for the application.`
			`func WithEnv(name, value string) Option {`
			`return func(a *eopts) {`
			`a.env = append(a.env, [2]string{name, value})`
			`}`
			`}`

launch Nudge using /usr/bin/open (#10051) this accomplishes two things: 1. We're not waiting on Nudge to exit anymore, preventing issues like https://github.com/fleetdm/fleet/issues/10044 2. Nudge is launched as a local user instead of root, which is the recommended way to do it. 2023-02-23 17:48:40 +00:00			`// WithArg sets command line arguments for the application.`
			`func WithArg(name, value string) Option {`
			`return func(a *eopts) {`
			`a.args = append(a.args, [2]string{name, value})`
			`}`
			`}`

add kdialog for kubuntu key escrow (#24405) 2024-12-05 15:44:16 +00:00			`// WithTimeout sets the timeout for the application. Currently only supported on Linux.`
			`func WithTimeout(duration time.Duration) Option {`
			`return func(a *eopts) {`
			`a.timeout = duration`
			`}`
			`}`

Ensure MacOS desktop app launched as correct user (#27296) For #25924 This PR attempts to fix the issue where the Fleet desktop icon sometimes fails to appear on MacOS hosts until the hosts are rebooted. Anecdotal evidence points to this being an issue when system setup is happening, leading to the theory that Orbit is attempting to launch the app as `_mbsetupuser` rather than the real logged-in user. The fix here is to use a different command to get the name of the logged-in user (ignoring `_mbsetupuser` if it appears), and to launch the desktop app as that user using `sudo`. I have tested this on MacOS and Ubuntu hosts, and verified that the desktop app launches as expected on both. We don't have a solid reproduction scenario for the issue, but we do have [some ways to look for relevant errors](https://github.com/fleetdm/fleet/issues/19172#issuecomment-2627812786), so we can try this out and see if those errors cease. 2025-03-20 14:49:23 +00:00			`// WithUser sets the user to run the application as. Currently only supported on MacOS.`
			`func WithUser(user string) Option {`
			`return func(a *eopts) {`
			`a.user = user`
			`}`
			`}`

Orbit: Add Fleet Desktop support to Windows (#4873) * Orbit: Add Fleet Desktop support to Windows * Rename workflow, fix linux build * Do not compile systray on linux * nolint on unused * Fix lint properly * nolint both checkers * Fix monitor logic in desktopRunner * Fix interrupt and execute order 2022-04-01 20:28:51 +00:00			`// Run runs an application as the current login user.`
			`// It assumes the caller is running with high privileges (root on Unix, SYSTEM on Windows).`
			`//`
			`// It returns after starting the child process.`
Adding telemetry for specific Fleet Desktop errors (#23349) Adding telemetry for catching issue #19172 # Docs changes In another PR: https://github.com/fleetdm/fleet/pull/23423/files # Demo <div> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <p>[Demo] Add telemetry for vital fleetd errors - Issue #23413 - Watch Video</p> </a> <a href="https://www.loom.com/share/233625875eec46508c26ae315cd52d19"> <img style="max-width:300px;" src="https://cdn.loom.com/sessions/thumbnails/233625875eec46508c26ae315cd52d19-45ca0ec1b7b5e9e7-full-play.gif"> </a> </div> # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). 2024-10-31 19:24:42 +00:00			`func Run(path string, opts ...Option) (lastLogs string, err error) {`
Orbit: Add Fleet Desktop support to Windows (#4873) * Orbit: Add Fleet Desktop support to Windows * Rename workflow, fix linux build * Do not compile systray on linux * nolint on unused * Fix lint properly * nolint both checkers * Fix monitor logic in desktopRunner * Fix interrupt and execute order 2022-04-01 20:28:51 +00:00			`var o eopts`
			`for _, fn := range opts {`
			`fn(&o)`
			`}`
			`return run(path, o)`
			`}`
zenity package for Linux (#23619) 2024-11-20 16:44:40 +00:00
			`// RunWithOutput runs an application as the current login user and returns its output.`
			`// It assumes the caller is running with high privileges (root on UNIX).`
			`//`
			`// It blocks until the child process exits.`
			`// Non ExitError errors return with a -1 exitCode.`
			`func RunWithOutput(path string, opts ...Option) (output []byte, exitCode int, err error) {`
			`var o eopts`
			`for _, fn := range opts {`
			`fn(&o)`
			`}`
			`return runWithOutput(path, o)`
			`}`