From e52149992aac24dd02248ffb1e166a08f27f0554 Mon Sep 17 00:00:00 2001
From: mpl <mathieu.lonjaret@gmail.com>
Date: Thu, 15 Oct 2015 15:34:35 +0200
Subject: [PATCH] pkg/httputil: allow local connections from root

Context:
https://groups.google.com/d/msg/camlistore/RtpjveY4FVM/P5xldD88CQAJ

Change-Id: Ibc4a1052d94129a40a390390f91d90e6d3236ccd
---
 pkg/httputil/auth.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/httputil/auth.go b/pkg/httputil/auth.go
index c9f84988f..32707616a 100644
--- a/pkg/httputil/auth.go
+++ b/pkg/httputil/auth.go
@@ -63,7 +63,13 @@ func IsLocalhost(req *http.Request) bool {
 	if uid > 0 {
 		connUid, err := netutil.AddrPairUserid(from, to)
 		if err == nil {
-			if uid == connUid {
+			if uid == connUid || connUid == 0 {
+				// If it's the same user who's running the server, allow it.
+				// Also allow root, so users can "sudo camput" files.
+				// Allowing root isn't a security problem because if root wants
+				// to mess with the local user, they already can. This whole mechanism
+				// is about protecting regular users from other regular users
+				// on shared computers.
 				return true
 			}
 			log.Printf("auth: local connection uid %d doesn't match server uid %d", connUid, uid)