Fix for issue VOLTTRON#3117

schandrika · Sep 11, 2023 · 6ee5f1e · 6ee5f1e
1 parent 08affba
commit 6ee5f1e
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/scripts/secure_user_permissions.sh b/scripts/secure_user_permissions.sh
@@ -265,6 +265,19 @@ while true; do
     fi
 done
 
+# Get full path to python executable
+while true; do
+    echo -n "Enter full path to python used for volttron:"
+    read python_path
+    valid=0
+    version=`$python_path -V`
+    if [ $? -eq 0 ]; then
+        break
+    else
+        echo "Invalid python_path"
+    fi
+done
+
 echo "$volttron_user ALL= NOPASSWD: /usr/sbin/groupadd volttron_$name" | sudo EDITOR='tee -a' visudo -f /etc/sudoers.d/volttron_$name
 echo "$volttron_user ALL= NOPASSWD: /usr/sbin/usermod -a -G volttron_$name $USER" | sudo EDITOR='tee -a' visudo -f /etc/sudoers.d/volttron_$name
 echo "$volttron_user ALL= NOPASSWD: /usr/sbin/useradd volttron_[1-9]* -r -G volttron_$name" | sudo EDITOR='tee -a' visudo -f /etc/sudoers.d/volttron_$name
@@ -273,6 +286,6 @@ echo "$volttron_user ALL= NOPASSWD: $source_dir/scripts/stop_agent_running_in_is
 # TODO want delete only users with pattern of particular group
 echo "$volttron_user ALL= NOPASSWD: /usr/sbin/userdel volttron_[1-9]*" | sudo EDITOR='tee -a' visudo -f /etc/sudoers.d/volttron_$name
 # allow user to run all non-sudo commands for all volttron agent users
-echo "$volttron_user ALL=(%volttron_$name) NOPASSWD: ALL" | sudo EDITOR='tee -a' visudo -f /etc/sudoers.d/volttron_$name
+echo "$volttron_user ALL=(%volttron_$name) NOPASSWD:SETENV: $python_path" | sudo EDITOR='tee -a' visudo -f /etc/sudoers.d/volttron_$name
 echo "Permissions set for $volttron_user"
 echo "Volttron agent isolation mode setup is complete"
diff --git a/volttrontesting/platform/security/test_aip_security.py b/volttrontesting/platform/security/test_aip_security.py
@@ -18,8 +18,12 @@
                                 reason="Can't run on travis as this test needs root to run "
                                        "setup script before running test case")
 
-# Run as root or sudo scripts/secure_user_permissions.sh for both the below instance names before running these tests
-# also make sure your test environment has acl installed (sudo apt-get install acl)
+# IMPORTANT steps for running this test
+# 1. Make sure your test environment has acl installed (sudo apt-get install acl)
+# 2. Make sure the python executable is accessible by any user. This would mean read and execute access to all
+# directories in the path. For example if python is in /user/home/env/bin/python, then do chmod r+x to /user,
+# and /user/home, and  /user/home/env/, and /user/home/env/bin  and /user/home/env/bin/python.
+# 3. Run as root or sudo scripts/secure_user_permissions.sh for both the below instance names before running these
 INSTANCE_NAME1 = "svolttron1"
 INSTANCE_NAME2 = "svolttron2"