manage.py: Catch issue with users running manage.py as the wrong user.

Apparently, if you tried running manage.py as a non-root user that
isn't the main zulip user, you'll get a confusing Django exception
about `SECRET_KEY` not being configured.

This change provides a clean, understandable exception for this case.

Author: timabbott

manage.py

@@ -7,15 +7,26 @@
 import scripts.lib.setup_path_on_import
 
 if __name__ == "__main__":
+    if 'posix' in os.name and os.geteuid() == 0:
+        print("manage.py should not be run as root.  Use `su zulip` to drop root.")
+        sys.exit(1)
+    if (os.access('/etc/zulip/zulip.conf', os.R_OK) and not
+            os.access('/etc/zulip/zulip-secrets.conf', os.R_OK)):
+        # The best way to detect running manage.py as another user in
+        # production before importing anything that would require that
+        # access is to check for access to /etc/zulip/zulip.conf (in
+        # which case it's a production server, not a dev environment)
+        # and lack of access for /etc/zulip/zulip-secrets.conf (which
+        # should be only readable by root and zulip)
+        print("Error accessing Zulip secrets; manage.py in production must be run as the zulip user.")
+        sys.exit(1)
+
     os.environ.setdefault("DJANGO_SETTINGS_MODULE", "zproject.settings")
     from django.conf import settings
     from django.core.management import execute_from_command_line
     from django.core.management.base import CommandError
     from scripts.lib.zulip_tools import log_management_command
 
-    if 'posix' in os.name and os.geteuid() == 0:
-        raise CommandError("manage.py should not be run as root.  Use `su zulip` to drop root.")
-
     log_management_command(" ".join(sys.argv), settings.MANAGEMENT_LOG_PATH)
 
     os.environ.setdefault("PYTHONSTARTUP", os.path.join(BASE_DIR, "scripts/lib/pythonrc.py"))