turbinia
turbinia copied to clipboard
Add privilege aware execution handler
Currently Turbinia assumes that it runs as a user with sudo privileges. We should add methods to the TurbiniaTask object to handle executing privileged commands rather than hard-coding sudo into commands being run.
Additional suggestion: We can harden sudo by properly restricting who can use sudo and what can be used with sudo in the sudoers config file.
In the mean time, should we add "sudo" to all command execution that might need to be run with elevated privileges?
Use case is image_export.py parsing a disk.image file with chmod 000 in a GoogleCloudDiskRawEmbedded
@aarontp is this solved now that we run insider docker containers and workers are privileged/we can define the user to run as within the Dockerfile?
Yeah, we can probably close this one out now.