strawman - make the agents not run as root
Curtis Hovey-Canonical
curtis at canonical.com
Tue Dec 17 14:23:40 UTC 2013
> On 2013-12-17 7:39, Tim Penhey wrote:
>> Firstly there are the charms, they expect "apt-get install" to
>> work, and if we change our user, it won't.
We could add the juju user to sudoers on install?
echo 'juju ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/91-juju
chmod 0440 /etc/sudoers.d/91-juju
This reduces the guilt/vulnerability while maintaining apt access. I
suppose sudo breaks charm install hooks.
--
Curtis Hovey
Canonical Cloud Development and Operations
http://launchpad.net/~sinzui
More information about the Juju-dev
mailing list