vagrant-hostmanager icon indicating copy to clipboard operation
vagrant-hostmanager copied to clipboard

Published 20 hours ago verified publisher icon devopsgroup-io

Passwordless sudo: use tmp file?

Open tjsingleton opened this issue 8 years ago • 2 comments

Have you considered copying the <home>/.vagrant.d/tmp/hosts.local file to /tmp first so that the Passwordless sudo instructions don't change per user?

tjsingleton avatar Mar 31 '16 18:03 tjsingleton

@tjsingleton thank you for your comment. Please submit a pull request with your proposal.

seth-reeser avatar Apr 13 '16 14:04 seth-reeser

The reason he mentions this is that right now, the only way you can setup sudo to work passwordlessly is like so:

%admin ALL=(ALL) NOPASSWD: /bin/cp * /etc/hosts
%admin ALL=(ALL) NOPASSWD: /usr/local/opt/coreutils/libexec/gnubin/cp * /etc/hosts

(I have multiple cp commands, so I added both just in case)

Instead, if the command to deploy it was consistant and secure, then you could do something like this:

%admin ALL=(ALL) NOPASSWD: /path/to/hostmanager-update-etc-hosts

Notice the lack of * which is a bit scary.

The update script could still be something like:

#!/bin/bash

set -euo pipefail

exec cp -f "${HOME}/.vagrant.d/tmp/hosts.local" "/etc/hosts"

This would work with sudo but not sudo -H because $HOME is changed then.

docwhat avatar May 27 '16 17:05 docwhat