On 6 May 2015 02:03:38 CEST, Adam Bolte <[email protected]> wrote: >On Tue, May 05, 2015 at 08:54:18PM +0200, Anders Ingemann wrote: >> Funny you should say that. About 6 months ago I was thinking about >the same >> thing, the best way to do this would be to launch bootstrap-vz as >root, but >> immediately suid to some other user and the only go back when needed. >I >> think using sudo directly might become a little messy and >non-pythonic. > >I don't use bootstrap-vz (I'm still maintaining the old bash version, >which continues to generate all possible Wheezy EC2 image types using >euca2ools), but I have to agree that seeing sudo in scripts really >annoys me - especially if it's unexpected or called multiple times. If >you have the password caching disabled and call it more than once, it >can make execution impractical.
Oh, I agree with that. Especially with the "unexpected" part! Which is part of the reason why I asked here, to gauge interest. At a minimum one could wrap such calls in a sanity check for uid 0 (which might(?) have the benefit/side effect to make "fakeroot" do something... useful(?) for bootstrap-vz)). As mentioned in an another reply, my thought-process was along the lines of "be more like dpkg-buildpackage". And alter documentation/errors to that effect. Is it a goal to support running on windows? OS X? (Not for me). Maybe refactoring into sub-commands that would allow shipping of command-specific sudo(ers)-file would be cleaner? I suppose running sub-processes in general is considered "un-pythonic" -- but bootstrap-vz already does this? >Running as root and dropping privileges where possible is what most >projects (such as Apache httpd) do. Right. But that is a bit of an anti-pattern brought on by the "secure ports"-thing. At any rate, I'd be more interested in a mode that didn't require root at all (eg building tgz-based images) - than "safely" loopback mounting. Maybe it'd make more sense to start from scratch and leverage lxc in some shape (with the container "wrapper" (eg:docker) managing privileged operations through an api)). Or use qemu. I'm not *fanatic* about not running as root. Just almost ;-) -e -- Via phone - please excuse quoting and spelling -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
