New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nextcloud-occ: replace sudo with su #114966
Conversation
That statement doesn't sound true to me at all... but I haven't actually checked. It seems like there would be a ton of implications if you run this as another user than currently intended... |
The change is in not using sudo to change user, but rather use su.
It does not run it as root, the actual things that should be executed, but rather you run the script as root, so it can do the 'su' part.
The difference is here, not to depend on sudo to change user, as it is not required and causes issues for people without sudo installed.
…On 3 March 2021 13.05.52 CET, Aaron Andersen ***@***.***> wrote:
> This script just needs to be run as root, and then it would work just fine.
That statement doesn't sound true to me at all... but I haven't actually checked. It seems like there would be a ton of implications if you run this as another user than currently intended...
--
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#114966 (comment)
|
@eyJhb Sorry I misread that! LGTM 👍 |
Reading the expression again I finally realised what this is for: Hard-coding The current I think changing this to |
if [[ "$USER" != nextcloud ]]; then | ||
sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR --preserve-env=OC_PASS' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This probably needs a different approach: su doesn't take --preserve-env, so this would need to be --preserve-environment but you might not want the entire environment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have changed this, and currently su will perserve the env.
Seeing as this is being run by systemd services, etc. most of the time it should be OK.
I don't think there should be any issues with doing this.
I will check later/tomorrow and see how it works.
Are there any objections to this?
I agree with @lukegb here. |
32ee701
to
a4aba3a
Compare
Closing, might pick up in the future, but not needed as of now. |
Motivation for this change
Systems that have 100% replaced sudo with doas would not work with the script as is.
This script just needs to be run as root, and then it would work just fine.
@adisbladis for the patch, just posting this here.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)