sealos icon indicating copy to clipboard operation
sealos copied to clipboard

Published 20 hours ago verified publisher icon labring

Is there currently a version of sealos that supports deployment by non-root users?

Open 1473371932 opened this issue 1 year ago • 10 comments

What is the problem this feature will solve?

如题,或者说目前所有版本都不支持呢?我在 Changlog 中没有找到对应内容

If you have solution,please describe it

No response

What alternatives have you considered?

No response

1473371932 avatar Jan 24 '24 08:01 1473371932

据我所知,没有。这个功能非常少见,并且不够明确。你希望的non-root是指ssh连接用户是非root,还是指用户不能切换为root,还是指当前用户连sudo权限都没有?在我看来没有sudo权限是无法安装的,因为涉及更改多个系统相关的配置。不能切换为root用户但具备sudo权限是很奇怪的需求,至少我没有想到使用场景。非root用户ssh是可实现的,我曾经写过类似的脚本,在其他的k8s发行版中。不过不清楚sealos是否支持这种小众需求。

luanshaotong avatar Jan 29 '24 11:01 luanshaotong

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

As far as I know, no. This feature is very rare and unclear. The non-root you want means that the ssh connection user is non-root, or that the user cannot switch to root, or that the current user does not even have sudo permissions? In my opinion, it is impossible to install without sudo permissions because it involves changing multiple system-related configurations. Not being able to switch to the root user but having sudo permissions is a very strange requirement, at least I didn't think of the usage scenario. Non-root user ssh is achievable, I have written similar scripts in other k8s distributions. However, it is unclear whether sealos supports this niche demand.

sealos-ci-robot avatar Jan 29 '24 11:01 sealos-ci-robot

据我所知,没有。这个功能非常少见,并且不够明确。你希望的non-root是指ssh连接用户是非root,还是指用户不能切换为root,还是指当前用户连sudo权限都没有?在我看来没有sudo权限是无法安装的,因为涉及更改多个系统相关的配置。不能切换为root用户但具备sudo权限是很奇怪的需求,至少我没有想到使用场景。非root用户ssh是可实现的,我曾经写过类似的脚本,在其他的k8s发行版中。不过不清楚sealos是否支持这种小众需求。

我这边有个类似需求,目前生产主机都是不用用root直接登录的,必须用非root用户(此用户可以有sudo权限)登录后切到root,这种情况sealos安装的时候指定了此用户(有sudo权限)但是会安装失败( #4324),使用root用户就没有此问题,不知道这是否是4.3.7版本的一个bug

geyaandy avatar Feb 27 '24 02:02 geyaandy

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

As far as I know, no. This feature is very rare and unclear. The non-root you want means that the ssh connection user is non-root, or that the user cannot switch to root, or that the current user does not even have sudo permissions? In my opinion, it is impossible to install without sudo permissions because it involves changing multiple system-related configurations. Not being able to switch to the root user but having sudo permissions is a very strange requirement, at least I didn't think of the usage scenario. Non-root user ssh is achievable, I have written similar scripts in other k8s distributions. However, it is unclear whether sealos supports this niche demand.

I have a similar need here. Currently, production hosts do not need to be logged in directly with root. You must log in with a non-root user (this user can have sudo permissions) and then switch to root. In this case, this user is specified when sealos is installed. (with sudo permissions) but the installation will fail (#4324). This problem does not occur when using the root user. I don’t know if this is a bug in version 4.3.7.

sealos-ci-robot avatar Feb 27 '24 02:02 sealos-ci-robot

需求+1

生产都是非 root 用户登录,登录后可sudo 或 su - root, 希望尽快支持普通用户 ssh ,再切换 root 部署的方式。

Maple1401 avatar Feb 29 '24 03:02 Maple1401

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Demand +1

In production, non-root users are logged in. After logging in, you can use sudo or su - root. We hope to support ordinary users ssh as soon as possible, and then switch to the root deployment method.

sealos-ci-robot avatar Feb 29 '24 03:02 sealos-ci-robot

As far as I know it's already supported. you can run sealos command without root/sudo privileges(but certain requirements must be met such as uidmap and fuse-overlayfs) and use any user with sudo privileges as the user for remote ssh connections to create a new cluster.

@1473371932 @Maple1401 @geyaandy

fengxsong avatar Feb 29 '24 08:02 fengxsong

As far as I know it's already supported. you can run sealos command without root/sudo privileges(but certain requirements must be met such as uidmap and fuse-overlayfs) and use any user with sudo privileges as the user for remote ssh connections to create a new cluster.

@1473371932 @Maple1401 @geyaandy

@fengxsong 是不是指直接修改clusterfile中的ssh字段?https://sealos.io/docs/self-hosting/lifecycle-management/reference/sealos/commands/apply

luanshaotong avatar Mar 04 '24 03:03 luanshaotong

As far as I know it's already supported. you can run sealos command without root/sudo privileges(but certain requirements must be met such as uidmap and fuse-overlayfs) and use any user with sudo privileges as the user for remote ssh connections to create a new cluster. @1473371932 @Maple1401 @geyaandy

@fengxsong 是不是指直接修改clusterfile中的ssh字段?https://sealos.io/docs/self-hosting/lifecycle-management/reference/sealos/commands/apply

yes.

fengxsong avatar Mar 04 '24 07:03 fengxsong

This issue has been automatically closed because we haven't heard back for more than 60 days, please reopen this issue if necessary.

stale[bot] avatar May 03 '24 08:05 stale[bot]

  你好,邮件我已收到~!祝你的生活越来越好..........

geyaandy avatar Jul 02 '24 23:07 geyaandy

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

​ Hello, I have received the email~! I wish your life will get better and better......

sealos-ci-robot avatar Jul 02 '24 23:07 sealos-ci-robot