Adds option --bypass-root-check to install and remove command

dilawar · dilawar · commit a4c6d5874715 · 2025-07-20T08:07:58.000+05:30
And escalate sudo by default in both commands.
diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml
@@ -19,7 +19,7 @@ dialoguer = "0.11"
 libloading = "0.8"
 cargo_metadata = "0.20"
 semver = "1.0"
-sudo = "0.6.0"
+elevate = "0.6.1"
 
 [lints.rust]
 missing_docs = "warn"
diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
@@ -121,6 +121,9 @@ struct Install {
     /// Whether to bypass the install prompt.
     #[clap(long)]
     yes: bool,
+    /// Whether to bypass the root check
+    #[clap(long)]
+    bypass_root_check: bool,
 }
 
 #[derive(Parser)]
@@ -140,6 +143,9 @@ struct Remove {
     /// Whether to bypass the remove prompt.
     #[clap(long)]
     yes: bool,
+    /// Whether to bypass the root check
+    #[clap(long)]
+    bypass_root_check: bool,
 }
 
 #[cfg(not(windows))]
@@ -193,6 +199,13 @@ impl Install {
             self.no_default_features,
         )?;
 
+        if !self.bypass_root_check {
+            anyhow::ensure!(
+                elevate::check() == elevate::RunningAs::User,
+                "Running as root is not recommended. Use --bypass-root-check to override."
+            );
+        }
+
         let (mut ext_dir, mut php_ini) = if let Some(install_dir) = self.install_dir {
             (install_dir, None)
         } else {
@@ -221,50 +234,74 @@ impl Install {
             ext_dir.push(ext_name);
         }
 
-        // We copying of file fails, escalate the privilege and try again.
-        if let Err(_) = std::fs::copy(&ext_path, &ext_dir) {
-            // failed to copy. escalate the privileges and try again.
-            #[cfg(unix)]
-            let _ = sudo::escalate_if_needed().ok();
+        copy_extension(&ext_path, &ext_dir).with_context(|| {
+            "Failed to copy extension from target directory to extension directory"
+        })?;
 
-            std::fs::copy(&ext_path, &ext_dir).with_context(|| {
-                "Failed to copy extension from target directory to extension directory"
-            })?;
+        if let Some(php_ini) = php_ini {
+            copy_ini_file(&php_ini, ext_name, self.disable)
+                .with_context(|| "Failed to update `php.ini`")?;
         }
 
-        if let Some(php_ini) = php_ini {
-            let mut file = OpenOptions::new()
+        Ok(())
+    }
+}
+
+// Copy ini file, if fails, try with sudo again.
+fn copy_ini_file(php_ini: &PathBuf, ext_name: &str, disable: bool) -> anyhow::Result<()> {
+    let mut file = match OpenOptions::new().read(true).write(true).open(php_ini) {
+        Ok(x) => x,
+        Err(_e) => {
+            #[cfg(unix)]
+            {
+                elevate::escalate_if_needed().expect("sudo failed");
+            }
+            OpenOptions::new()
                 .read(true)
                 .write(true)
                 .open(php_ini)
-                .with_context(|| "Failed to open `php.ini`")?;
+                .with_context(|| "Failed to open `php.ini`")?
+        }
+    };
 
-            let mut ext_line = format!("extension={ext_name}");
+    let mut ext_line = format!("extension={ext_name}");
 
-            let mut new_lines = vec![];
-            for line in BufReader::new(&file).lines() {
-                let line = line.with_context(|| "Failed to read line from `php.ini`")?;
-                if line.contains(&ext_line) {
-                    bail!("Extension already enabled.");
-                }
+    let mut new_lines = vec![];
+    for line in BufReader::new(&file).lines() {
+        let line = line.with_context(|| "Failed to read line from `php.ini`")?;
+        if line.contains(&ext_line) {
+            bail!("Extension already enabled.");
+        }
 
-                new_lines.push(line);
-            }
+        new_lines.push(line);
+    }
 
-            // Comment out extension if user specifies disable flag
-            if self.disable {
-                ext_line.insert(0, ';');
-            }
+    // Comment out extension if user specifies disable flag
+    if disable {
+        ext_line.insert(0, ';');
+    }
 
-            new_lines.push(ext_line);
-            file.rewind()?;
-            file.set_len(0)?;
-            file.write(new_lines.join("\n").as_bytes())
-                .with_context(|| "Failed to update `php.ini`")?;
-        }
+    new_lines.push(ext_line);
+    file.rewind()?;
+    file.set_len(0)?;
+    let _ = file.write(new_lines.join("\n").as_bytes())?;
+    Ok(())
+}
 
-        Ok(())
+// Copy extension, if fails, try with sudo again.
+//
+// We can check if we have write permission for ext_dir but due to ACL, group
+// list and and other nuances, it may not be reliable. See
+// https://doc.rust-lang.org/std/fs/struct.Permissions.html#method.readonly
+fn copy_extension(ext_path: &Utf8PathBuf, ext_dir: &PathBuf) -> anyhow::Result<()> {
+    if let Err(_e) = std::fs::copy(ext_path, ext_dir) {
+        #[cfg(unix)]
+        {
+            elevate::escalate_if_needed().expect("sudo failed");
+        }
+        std::fs::copy(ext_path, ext_dir)?;
     }
+    Ok(())
 }
 
 /// Returns the path to the extension directory utilised by the PHP interpreter,
