Polish "Allow the user that runs the app to be specified via an env var"

See gh-16973

Author: wilkinsona

spring-boot-project/spring-boot-docs/src/main/asciidoc/deployment.adoc

@@ -491,9 +491,10 @@ For example, on Debian, you could use the following command:
 NOTE: The following is a set of guidelines on how to secure a Spring Boot application that runs as an init.d service.
 It is not intended to be an exhaustive list of everything that should be done to harden an application and the environment in which it runs.
 
-When executed as root, as is the case when root is being used to start an init.d service, the default executable script runs the application as the user who owns the jar file.
-You should never run a Spring Boot application as `root`, so your application's jar file should never be owned by root.
-Instead, create a specific user to run your application and use `chown` to make it the owner of the jar file, as shown in the following example:
+When executed as root, as is the case when root is being used to start an init.d service, the default executable script runs the application as the user specified in the `RUN_AS_USER` environment variable.
+When the environment variable is not set, the user who owns the jar file is used instead.
+You should never run a Spring Boot application as `root`, so `RUN_AS_USER` should never be root and your application's jar file should never be owned by root.
+Instead, create a specific user to run your application and set the `RUN_AS_USER` environment variable or use `chown` to make it the owner of the jar file, as shown in the following example:
 
 [indent=0,subs="verbatim,quotes,attributes"]
 ----
@@ -709,9 +710,8 @@ The following environment properties are supported with the default script:
   You can explicitly set it to `service` so that the `stop\|start\|status\|restart` commands work or to `run` if you want to run the script in the foreground.
 
 | `RUN_AS_USER`
-| If set, the application will be executed as the informed user.
-  For security reasons, you should never run an user space application as `root`, therefore it's recommended to set this property.
-  Defaults to the user who owns the jar file.
+| The user that will be used to run the application.
+  When not set, the user that owns the jar file will be used.
 
 | `USE_START_STOP_DAEMON`
 | Whether the `start-stop-daemon` command, when it's available, should be used to control the process.

spring-boot-project/spring-boot-tools/spring-boot-loader-tools/src/main/resources/org/springframework/boot/loader/tools/launch.script

@@ -128,23 +128,18 @@ log_file="$LOG_FOLDER/$LOG_FILENAME"
 # shellcheck disable=SC2012
 [[ $(id -u) == "0" ]] && run_user=$(ls -ld "$jarfile" | awk '{print $3}')
 
-# Force run as informed user (from environment variable)
+# Run as user specified in RUN_AS_USER
 if [[ -n "$RUN_AS_USER" ]]; then
-    # checks performed for all actions except 'status' and 'run'
     if ! [[ "$action" =~ ^(status|run)$ ]]; then
-        # Issue a error if informed user is not valid
         id -u "$RUN_AS_USER" || {
             echoRed "Cannot run as '$RUN_AS_USER': no such user"
-            exit 5
+            exit 2
         }
-
-        # Issue a error if we are not root
         [[ $(id -u) == 0 ]] || {
-            echoRed "root required to run as '$RUN_AS_USER'"
-            exit 6
+            echoRed "Cannot run as '$RUN_AS_USER': current user is not root"
+            exit 4
         }
     fi
-
     run_user="$RUN_AS_USER"
 fi
 

spring-boot-tests/spring-boot-integration-tests/spring-boot-launch-script-tests/src/test/java/org/springframework/boot/launchscript/SysVinitLaunchScriptIT.java

@@ -269,32 +269,34 @@ public void launchWithRelativeLogFolder(String os, String version) throws Except
 
 	@ParameterizedTest(name = "{0} {1}")
 	@MethodSource("parameters")
-	public void launchWithRunAs(String os, String version) throws Exception {
-		String output = doTest(os, version, "launch-with-run-as.sh");
+	public void launchWithRunAsUser(String os, String version) throws Exception {
+		String output = doTest(os, version, "launch-with-run-as-user.sh");
 		assertThat(output).contains("wagner root");
 	}
 
 	@ParameterizedTest(name = "{0} {1}")
 	@MethodSource("parameters")
-	public void launchWithRunAsInvalidUser(String os, String version) throws Exception {
+	public void whenRunAsUserDoesNotExistLaunchFailsWithInvalidArgument(String os, String version) throws Exception {
 		String output = doTest(os, version, "launch-with-run-as-invalid-user.sh");
-		assertThat(output).contains("Status: 5");
+		assertThat(output).contains("Status: 2");
 		assertThat(output).has(coloredString(AnsiColor.RED, "Cannot run as 'johndoe': no such user"));
 	}
 
 	@ParameterizedTest(name = "{0} {1}")
 	@MethodSource("parameters")
-	public void launchWithRunAsPreferUserInformed(String os, String version) throws Exception {
-		String output = doTest(os, version, "launch-with-run-as-prefer-user-informed.sh");
+	public void whenJarOwnerAndRunAsUserAreBothSpecifiedRunAsUserTakesPrecedence(String os, String version)
+			throws Exception {
+		String output = doTest(os, version, "launch-with-run-as-user-preferred-to-jar-owner.sh");
 		assertThat(output).contains("wagner root");
 	}
 
 	@ParameterizedTest(name = "{0} {1}")
 	@MethodSource("parameters")
-	public void launchWithRunAsRootRequired(String os, String version) throws Exception {
-		String output = doTest(os, version, "launch-with-run-as-root-required.sh");
-		assertThat(output).contains("Status: 6");
-		assertThat(output).has(coloredString(AnsiColor.RED, "root required to run as 'wagner'"));
+	public void whenLaunchedUsingNonRootUserWithRunAsUserSpecifiedLaunchFailsWithInsufficientPrivilege(String os,
+			String version) throws Exception {
+		String output = doTest(os, version, "launch-with-run-as-user-root-required.sh");
+		assertThat(output).contains("Status: 4");
+		assertThat(output).has(coloredString(AnsiColor.RED, "Cannot run as 'wagner': current user is not root"));
 	}
 
 	static List<Object[]> parameters() {