Add privilege check to render-template script

debian-pkg/debian/tinypilot.postinst

@@ -62,23 +62,23 @@ MOUSE_PATH = '{{ tinypilot_mouse_interface }}'
 EOF
 )"
 readonly SETTINGS_TEMPLATE
-. venv/bin/activate && \
-  PYTHONPATH=/opt/tinypilot/app \
-    ./scripts/render-template \
+. venv/bin/activate
+runuser tinypilot \
+  --command 'PYTHONPATH=/opt/tinypilot/app ./scripts/render-template' \
   <<< "${SETTINGS_TEMPLATE}" \
-  > "${TINYPILOT_APP_SETTINGS}" && \
-  deactivate
+  > "${TINYPILOT_APP_SETTINGS}"
+deactivate
 chown "${TINYPILOT_USER}:${TINYPILOT_GROUP}" "${TINYPILOT_APP_SETTINGS}"
 popd
 
 # Populate TinyPilot's NGINX config file.
 pushd /opt/tinypilot
-. venv/bin/activate && \
-  PYTHONPATH=/opt/tinypilot/app \
-    ./scripts/render-template \
+. venv/bin/activate
+runuser tinypilot \
+  --command 'PYTHONPATH=/opt/tinypilot/app ./scripts/render-template' \
   < /usr/share/tinypilot/templates/tinypilot.conf.j2 \
-  > /etc/nginx/conf.d/tinypilot.conf && \
-  deactivate
+  > /etc/nginx/conf.d/tinypilot.conf
+deactivate
 popd
 
 # Workaround to restore the default NGINX config that has been previously
@@ -110,12 +110,12 @@ if grep --silent '^dtoverlay=tc358743$' "${BOOT_CONFIG_PATH}" ; then
   # Populate TinyPilot's EDID.
   mkdir -p /home/ustreamer/edids
   pushd /opt/tinypilot
-  . venv/bin/activate && \
-    PYTHONPATH=/opt/tinypilot/app \
-      ./scripts/render-template \
+  . venv/bin/activate
+  runuser tinypilot \
+    --command 'PYTHONPATH=/opt/tinypilot/app ./scripts/render-template' \
     <<< '{{ ustreamer_edid }}' \
-    > /home/ustreamer/edids/tc358743-edid.hex && \
-    deactivate
+    > /home/ustreamer/edids/tc358743-edid.hex
+  deactivate
   chmod 0644 /home/ustreamer/edids/tc358743-edid.hex
   popd
 fi

debian-pkg/opt/tinypilot-privileged/scripts/configure-janus

@@ -34,10 +34,10 @@ done
 
 # Generate and write config file from template.
 pushd /opt/tinypilot
-. venv/bin/activate && \
-  PYTHONPATH=/opt/tinypilot/app \
-    ./scripts/render-template \
+. venv/bin/activate
+runuser tinypilot \
+  --command 'PYTHONPATH=/opt/tinypilot/app ./scripts/render-template' \
   < /usr/share/tinypilot/templates/janus.jcfg.j2 \
-  > /etc/janus/janus.jcfg && \
-  deactivate
+  > /etc/janus/janus.jcfg
+deactivate
 popd

scripts/render-template

@@ -13,6 +13,7 @@ EOF
 # pylint:disable=invalid-name
 
 import argparse
+import os
 import sys
 
 import jinja2
@@ -27,6 +28,16 @@ def main(_):
 
 
 if __name__ == '__main__':
+    # Ensure that the script doesn't have unnecessary privileges.
+    # https://github.com/tiny-pilot/tinypilot-pro/issues/1190
+    if os.geteuid() == 0:
+        print("This script doesn't require root privileges.", file=sys.stderr)
+        print('Please re-run as tinypilot:', file=sys.stderr)
+        print('  runuser tinypilot --command',
+              f"'{' '.join(sys.argv)}'",
+              file=sys.stderr)
+        sys.exit(1)
+
     parser = argparse.ArgumentParser(
         prog='TinyPilot Template Renderer',
         formatter_class=argparse.ArgumentDefaultsHelpFormatter)