From 120ec5aba5793c872b014c9473ce237d9d716e37 Mon Sep 17 00:00:00 2001 From: Greg Batye Date: Mon, 13 Nov 2023 12:19:19 -0800 Subject: [PATCH] Remove 'use_machine_owner_for_console_user' tag used for rollouts Summary: ``` ``` the tag was used to rollout the change to a core library. It's been at 100% for 4+ months Differential Revision: D51140315 fbshipit-source-id: f6b6da3b12107e2642b90087916db3d36ec1d8d0 --- .../cpe_helpers/libraries/cpe_helpers.rb | 24 +++++-------------- 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/itchef/cookbooks/cpe_helpers/libraries/cpe_helpers.rb b/itchef/cookbooks/cpe_helpers/libraries/cpe_helpers.rb index cad99c9e..46a6c01d 100644 --- a/itchef/cookbooks/cpe_helpers/libraries/cpe_helpers.rb +++ b/itchef/cookbooks/cpe_helpers/libraries/cpe_helpers.rb @@ -157,25 +157,13 @@ def self.console_user @console_user ||= if macos? user = get_macos_console_user.to_s - - # tag file to rollout new logic to use machine_owner - # for local account chef runs - rollout_tag = ::File.join( - CPE::Utils.get_cpe_path('tags'), - '.use_machine_owner_for_local_accounts', - ) - if ::File.exist?(rollout_tag) - if macos_local_account?(user) - CPE::Log.log( - "#{user} detected as console user, " + - "falling back to machine owner: #{machine_owner}", - :type => 'cpe::helpers.console_user', - :action => 'read_from_machine_owner_macos', - ) - user = machine_owner - end + # use machine_owner if console user is a local account + # prevents running chef as "root" user + if macos_local_account?(user) + machine_owner + else + user end - user elsif linux? filtered_users = loginctl_users.select do |u| u['user'] != 'gdm' && u['uid'] >= 1000