Restrictive PATH with sudo
Jamie Strandboge
jamie at canonical.com
Fri Jan 9 21:51:05 UTC 2015
On 01/07/2015 12:26 PM, Ilya Dmitrichenko wrote:
> Hi List,
>
Hi!
> Currently one cannot run `sudo docker`, or any other app installed with snappy.
> Has there been any motivation behind this or it's just a bug?
>
/etc/sudoers is setup currently to use both env_reset and secure_path. Because
the 'docker' command is found in ~/snappy-bin and this path is not part of
sudo's secure_path, sudo is not finding it. I confirmed this on the alpha image
and the most recent promoted image.
Note that as the 'ubuntu' user in the snappy images, you don't have to use sudo
at all-- the 'ubuntu' user is part of the 'docker' group which should be all you
need to use the docker cli command.
To run arbitrary snappy app commands under sudo, for now you can do:
$ sudo ~/snappy-bin/<cmd>
Eg:
$ sudo ~/snappy-bin/docker version
...
Client version: 1.3.2-dev
Client API version: 1.16
Go version (client): go1.3.3
Git commit (client): 906c721-dirty
OS/Arch (client): linux/amd64
Server version: 1.3.2-dev
Server API version: 1.16
Go version (server): go1.3.3
Git commit (server): 906c721-dirty
Note to users: ~/snappy-bin is being removed in favor of a cleaner solution.
Note to snappy devs: we'll need to consider the sudo use case when
designing/implementing the cleaner solution.
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-app-devel/attachments/20150109/a0381ddf/attachment.pgp>
More information about the snappy-app-devel
mailing list