Run sudo if not in docker group #181
Conversation
|
What your thought on this? |
|
Looks good to me, I think it makes sense to have the feature be a separate environment variable. Maybe just update the CQFD_DOCKER readme section to not suggest using sudo there, rather in the new CQFD_RUN_WITH_SUDO variable. I like the idea of switching to USER sooner instead of using a builder user. Are there any implications to not have that separate builder user for the first few steps of cqfd? Couldn't find any on my side. |
Oh good catch! In fact, I would like to update to
I have seen none. In fact I would have choose the user |
|
At first, I would think that it is a good idea if But it is indeed more practical if sudo is included in cqfd. |
And now, I am convinced you were right, and I was wrong to automatically default to sudo if user is not a member of the docker group.
And yes it would be practical but since docker rootless support is almost merged, with podman, it could be annoying to disable sudo for setup that creates an alias for docker ( |
|
podman does not require sudo indeed |
gportay
force-pushed
the
github/run-sudo-if-not-in-docker-group
branch
from
ed5dd42 to
1916021
Compare
|
honestly I liked the With What do you think about that ? |
This is why I suggested to remove the |
gportay
force-pushed
the
github/run-sudo-if-not-in-docker-group
branch
2 times, most recently
from
b99d111 to
70767e0
Compare
|
@florentsfl I have removed the rename of the variable from that PR. But I guess it is better to rename them so they are just a decapitalized version + |
gportay
force-pushed
the
github/run-sudo-if-not-in-docker-group
branch
from
70767e0 to
e1d8ce0
Compare
|
but if someone wants to run $CQFD_DOCKER with sudo, they can just put "sudo docker" in the variable $CQFD_DOCKER ? |
|
gportay
force-pushed
the
github/run-sudo-if-not-in-docker-group
branch
from
882c015 to
4c5feec
Compare
|
This is just a rebase on top of master. However, I figured out that The command docker run hangs during some tests (not all), it does not even enter the launcher script. |
gportay
force-pushed
the
github/run-sudo-if-not-in-docker-group
branch
2 times, most recently
from
830d669 to
a608a14
Compare
gportay
force-pushed
the
github/run-sudo-if-not-in-docker-group
branch
from
a608a14 to
fe24809
Compare
gportay
force-pushed
the
github/run-sudo-if-not-in-docker-group
branch
from
2542434 to
9b02ebc
Compare
This sets the three internal variables cqfd_user, cqfd_user_home and cqfd_user_cwd using the standard environment variables USER, HOME and PWD if they are set.
This moves the retrieval fo the docker gid (if the group exists) in the function load_config() so it is guessed sooner.
The docker client requires to run as root in rootfull mode. The docker
group allows a user to access to the Unix socket created by the docker
daemon.
The user needs to run docker client with more privileges (i.e. sudo) if
it is not part of that group[1].
This prepends sudo to CQFD_DOCKER automatically if CQFD_RUN_WITH_SUDO is
set to true. It turns the internal variable cqfd_docket into an array to
split the command into pieces ("sudo docker" -> "sudo" and "docker").
[1]: https://docs.docker.com/install/linux/linux-postinstall/#manage-docker-as-a-non-root-user
This adds testing for docker using sudo. Note: The test "the user's home in passwd == $HOME" is skipped as the user nobody is homeless.
gportay
force-pushed
the
github/run-sudo-if-not-in-docker-group
branch
2 times, most recently
from
25b84ca to
58fa9e1
Compare
3 participants
The docker client requires to run as root in rootfull mode. The docker
group allows a user to access to the Unix socket created by the docker
daemon.
The user needs to run docker client with more privileges (i.e. sudo) if
it is not part of that group1.
This prepends sudo to CQFD_DOCKER automatically if CQFD_RUN_WITH_SUDO is
set to true. It turns the internal variable cqfd_docket into an array to
split the command into pieces ("sudo docker" -> "sudo" and "docker").