Skip to content

Fix sudo configuration #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 28, 2022
Merged

Fix sudo configuration #8

merged 1 commit into from
Nov 28, 2022

Conversation

drieseng
Copy link
Member

Override /etc/sudoers with configuration that allows root and the sudo group to run any command.
Members of the sudo group do not have to specify a password.

@drieseng
Override sudoers with configuration that allows root and the sudo gro…
9c98dd6 
…up to run any command.

Members of the sudo do not have to specify a password.
@daviburg
Copy link
Collaborator

I've not worked in depth in Unix systems for almost 25 years so I don't think I'm the right person to review this change.

@drieseng
Copy link
Member Author

@daviburg, thanks for the honest feedback.
@IgorMilavec, can you take a look? Works fine for me.

@drieseng drieseng mentioned this pull request Nov 22, 2022
Merged
@drieseng
Copy link
Member Author

@daviburg, how do we proceed with this one? I need this to complete the integration tests for sshnet/SSH.NET#910.

@daviburg
Copy link
Collaborator

@daviburg, how do we proceed with this one? I need this to complete the integration tests for sshnet/SSH.NET#910.

I've studied what I can to unblock this.

So, before the change sed -i command was used for an in-place update of the /etc/sudoers security configuration file. There is a substitution syntax s/#\s*%sudo\s*ALL=(ALL)\s*ALL/%sudo which I do not understand.

After the change simple appends to the same configuration file are made with two echo >> commands. As this is a docker file I assume the script is only executed once per host, hence we do not have to worry about repeat execution.

The first append gives root access to all commands per sudoers. Frankly I'm surprised root doesn't already have such access by definition.

The second append gives sudo users the ability to run any command without repeat password entry. I can see how that helps with non-interactive scripts for test execution. And sudo users are already privileged accounts.

So, my unix-ignorant self believes this change is ok and I'll sign-off.

@drieseng
Copy link
Member Author

Instead of modifying the default sudoers configuration file, we now just create one from scratch.

@drieseng drieseng removed the request for review from IgorMilavec November 27, 2022 20:54
@drieseng drieseng merged commit c5ca241 into main Nov 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daviburg daviburg daviburg approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@drieseng @daviburg