talos icon indicating copy to clipboard operation
talos copied to clipboard

Published 20 hours ago verified publisher icon siderolabs

State directory is wrongly created at /root/.talos when using sudo as non-root user

Open usrbinkat opened this issue 3 years ago • 7 comments
trafficstars

Bug Report

Description

State directory is wrongly created at /root/.talos when executing with sudo -E as non-root user.

Logs

creating state directory in "/root/.talos/clusters/talos-qemu"

Environment

talosctl version
Client:
	Tag:         v1.0.3
	SHA:         689c6e54
	Built:       
	Go version:  go1.17.7
	OS/Arch:     linux/amd64

usrbinkat avatar Apr 29 '22 18:04 usrbinkat

what does this return sudo -E bash -c "echo \$HOME", i wonder if it's not properly passing down env vars

frezbo avatar Apr 29 '22 18:04 frezbo

tested from both zsh and bash shells

sudo -E bash -c "echo \$HOME"            
/root

Also ran a printenv and found most of my env vars are correctly inherited but the $HOME env var seems to be off limits to over-writing with the -E flag.

When printing env, the only other var I found that we could leverage was SUDO_USER. From that I can get my home correctly with:

sudo -E bash -c "eval echo ~\${SUDO_USER}"

usrbinkat avatar Apr 29 '22 19:04 usrbinkat

I wonder if it's a os thing, on my debian derivate i see this:

❯ sudo -E bash -c "echo \$HOME"  
/home/frezbo
❯

frezbo avatar Apr 29 '22 20:04 frezbo

I checked on Fedora 35 and Fedora 36, the behavior is the same on both:

$ cat /etc/os-release 
NAME="Fedora Linux"
VERSION="36 (Thirty Six)"
ID=fedora
VERSION_ID=36
VERSION_CODENAME=""
PLATFORM_ID="platform:f36"
PRETTY_NAME="Fedora Linux 36 (Thirty Six)"

usrbinkat avatar Apr 29 '22 20:04 usrbinkat

There is a sudo direktive that is not set on every OS

see: Defaults env_keep

# Run X applications through sudo; HOME is used to find the
# .Xauthority file.  Note that other programs use HOME to find
# configuration files and this may lead to privilege escalation!
Defaults env_keep += "DISPLAY HOME"

and obsolate always_set_home

ohauer avatar Jun 11 '22 18:06 ohauer

I have the same problem on openSUSE Tumbleweed .

$ sudo -E talosctl cluster create --provisioner=qemu --with-uefi=false                     
validating CIDR and reserving IPs
generating PKI and tokens
creating state directory in "/root/.talos/clusters/talos-default"

@ohauer, do you have a workaround for this problem?

Talos Version:

$ talosctl version
Client:
        Tag:         v1.0.5
        SHA:         9f2bfac2
        Built:       
        Go version:  go1.17.10
        OS/Arch:     linux/amd64

hobyte avatar Jun 20 '22 18:06 hobyte

sudo --preserve-env=HOME talosctl cluster create --provisioner=qemu worked for me to keep $HOME

hobyte avatar Jun 23 '22 08:06 hobyte