From db59cd0fbd11d3a49ac089a5b7e86696adbfae3e Mon Sep 17 00:00:00 2001
From: kaisecheng <69120390+kaisecheng@users.noreply.github.com>
Date: Thu, 31 Oct 2024 13:33:00 +0000
Subject: [PATCH] set `allow_superuser` to false as default (#16558)

- set allow_superuser as false by default for v9
- change the buildkite image of ruby unit test to non-root
---
 .buildkite/pull_request_pipeline.yml       | 4 +++-
 docs/static/settings-file.asciidoc         | 2 +-
 logstash-core/lib/logstash/environment.rb  | 2 +-
 logstash-core/lib/logstash/runner.rb       | 3 ++-
 logstash-core/spec/logstash/runner_spec.rb | 4 ++--
 5 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/.buildkite/pull_request_pipeline.yml b/.buildkite/pull_request_pipeline.yml
index 9209144da..938bb5613 100644
--- a/.buildkite/pull_request_pipeline.yml
+++ b/.buildkite/pull_request_pipeline.yml
@@ -22,10 +22,12 @@ steps:
   - label: ":rspec: Ruby unit tests"
     key: "ruby-unit-tests"
     agents:
-      image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-logstash-ci"
+      image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-logstash-ci-no-root"
       cpu: "4"
       memory: "8Gi"
       ephemeralStorage: "100Gi"
+      # Run as a non-root user
+      imageUID: "1002"
     retry:
       automatic:
         - limit: 3
diff --git a/docs/static/settings-file.asciidoc b/docs/static/settings-file.asciidoc
index bc43cec67..704afa9b1 100644
--- a/docs/static/settings-file.asciidoc
+++ b/docs/static/settings-file.asciidoc
@@ -359,7 +359,7 @@ separating each log lines per pipeline could be helpful in case you need to trou
 
 | `allow_superuser`
 | Setting to `true` to allow or `false` to block running Logstash as a superuser.
-| `true`
+| `false`
 
 | `pipeline.buffer.type`
 | Determine where to allocate memory buffers, for plugins that leverage them.
diff --git a/logstash-core/lib/logstash/environment.rb b/logstash-core/lib/logstash/environment.rb
index d67ad4457..6d2c1d5d3 100644
--- a/logstash-core/lib/logstash/environment.rb
+++ b/logstash-core/lib/logstash/environment.rb
@@ -34,7 +34,7 @@ module LogStash
   end
 
   [
-           Setting::Boolean.new("allow_superuser", true),
+           Setting::Boolean.new("allow_superuser", false),
             Setting::String.new("node.name", Socket.gethostname),
     Setting::NullableString.new("path.config", nil, false),
  Setting::WritableDirectory.new("path.data", ::File.join(LogStash::Environment::LOGSTASH_HOME, "data")),
diff --git a/logstash-core/lib/logstash/runner.rb b/logstash-core/lib/logstash/runner.rb
index 46417a0c5..0fd7a503b 100644
--- a/logstash-core/lib/logstash/runner.rb
+++ b/logstash-core/lib/logstash/runner.rb
@@ -456,7 +456,8 @@ class LogStash::Runner < Clamp::StrictCommand
   def running_as_superuser
     if Process.euid() == 0
       if setting("allow_superuser")
-        deprecation_logger.deprecated("NOTICE: Running Logstash as superuser is not recommended and won't be allowed in the future. Set 'allow_superuser' to 'false' to avoid startup errors in future releases.")
+        logger.warn("NOTICE: Allowing Logstash to run as superuser is heavily discouraged as it poses a security risk. " +
+                      "It is strongly recommended to set 'allow_superuser' to false.")
       else
         raise(RuntimeError, "Logstash cannot be run as superuser.")
       end
diff --git a/logstash-core/spec/logstash/runner_spec.rb b/logstash-core/spec/logstash/runner_spec.rb
index 962f056a7..3a0a7e131 100644
--- a/logstash-core/spec/logstash/runner_spec.rb
+++ b/logstash-core/spec/logstash/runner_spec.rb
@@ -595,7 +595,7 @@ describe LogStash::Runner do
       it "runs successfully with warning message" do
         LogStash::SETTINGS.set("allow_superuser", true)
         expect(logger).not_to receive(:fatal)
-        expect(deprecation_logger_stub).to receive(:deprecated).with(/NOTICE: Running Logstash as superuser is not recommended and won't be allowed in the future. Set 'allow_superuser' to 'false' to avoid startup errors in future releases./)
+        expect(logger).to receive(:warn).with(/NOTICE: Allowing Logstash to run as superuser is heavily discouraged as it poses a security risk./)
         expect { subject.run(args) }.not_to raise_error
       end
     end
@@ -607,7 +607,7 @@ describe LogStash::Runner do
       it "runs successfully without any messages" do
         LogStash::SETTINGS.set("allow_superuser", false)
         expect(logger).not_to receive(:fatal)
-        expect(deprecation_logger_stub).not_to receive(:deprecated).with(/NOTICE: Running Logstash as superuser is not recommended and won't be allowed in the future. Set 'allow_superuser' to 'false' to avoid startup errors in future releases./)
+        expect(logger).not_to receive(:warn).with(/NOTICE: Allowing Logstash to run as superuser is heavily discouraged as it poses a security risk./)
         expect { subject.run(args) }.not_to raise_error
       end
     end