()
| 596 | } |
| 597 | |
| 598 | func currentUserForGroup() (string, error) { |
| 599 | candidate := os.Getenv("SUDO_USER") |
| 600 | if candidate == "" { |
| 601 | candidate = os.Getenv("USER") |
| 602 | } |
| 603 | if candidate == "" { |
| 604 | return "", fmt.Errorf("cannot read current user from environment") |
| 605 | } |
| 606 | |
| 607 | // Reject root: happens with `sudo su -` (SUDO_USER is cleared) or when the |
| 608 | // command is run directly as root. Adding root to the celer group is useless |
| 609 | // (root already bypasses group checks) and hides the real misuse from the user. |
| 610 | if candidate == "root" { |
| 611 | return "", fmt.Errorf("cannot determine the invoking non-root user (SUDO_USER and USER both point to root); re-run as: sudo ./celer setup ...") |
| 612 | } |
| 613 | |
| 614 | return candidate, nil |
| 615 | } |
| 616 | |
| 617 | // addCurrentUserToGroup adds the invoking user to the celer group. |
| 618 | // Under sudo this is SUDO_USER; otherwise it falls back to USER. |
no outgoing calls