-
-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use the root user for app installation #188
Conversation
0d0214c
to
ab75319
Compare
I'm putting this as a medium decision because this is going to affect application installation (but exception for permissions stuff I don't see what it can really change, but I'm expecting you to find other situations) |
Up. I'd least I'd like to have your opinion on the principle of moving to root for app installation. @maniackcrudelis @scith I'd like your opinion on the principle of this change since you are in the apps team. |
Hi, how may it affect app installation? Root has more privileges than admin, and we already use sudo most of the times. |
You won't have to put
You can still uses Since admin has sudo right without a password it was basically having root access while having to put |
It's ok for me, I think isn't a problem for packages, because the permissions are set when it's necessary. |
@@ -330,7 +331,11 @@ def hook_exec(path, args=None, raise_on_error=False, no_trace=False, | |||
cmd_script = path | |||
|
|||
# Construct command to execute | |||
command = ['sudo', '-n', '-u', 'admin', '-H', 'sh', '-c'] | |||
if user == "root": | |||
command = ['sh', '-c'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This means we always consider this python code is executed as root. Shouldn't we add a sudo here just in case ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
YunoHost can't be runned as another user than root.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it intentionnal that you handle install/upgrade/remove, and not backup/restore ? |
No, that's a mistake. |
While I'm not really against this (after all apt use root for install), I have to disagree with the first statement of this PR: |
Same as @mbugeia, though not against it either (c.f. apt). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works fine.
I installed an app without sudo
prefixs.
I removed it with sudo
prefixs.
I think hooks are missing in this PR. There is pro and cons with this idea to run hook script with user root. About backup, it may be a problem if there is no backup because the user admin (so the nscd, nslcd or slapd) is not available. At the same time, I'm agree too with the args from mbugeia about hiding a bug. But, an error during the app setup is not the good moment for warning the administrator about a missing admin user... About this bug, we should check that very earlier. May be this PR could break some app package. Some program need to be run as a non root user so currently (without this pr) if you run in a script a program like this it works, but with this pr it could raise an error like "This programm need to be run as a non root user". |
Going to add it then.
I have no opinion on this one, I can easily add it if you want.
Therefor it would be better to add it then? Making all app scripts running with root seems more coherent. |
Je voulais dire que je suis d'accord avec le root pour une raison toute simple : on finit par mettre sudo partout. Par contre, je suis d'accord avec @mbugeia sur un point inquiétant : certains qui font des apps ne se rendent pas compte des commandes qu'ils lancent ni du pouvoir qu'elles ont sur le systèmes (on parlait de rm -rf malheureux par exemple dans un script remove). C'est aussi pour ça que je souhaitais pouvoir afficher le readme.md de l'app avant de l'installer. Autre question : comment faire pour cocher "changes approved" ? |
a1f70a9
to
7ddb35e
Compare
8daa084
to
76a7a36
Compare
Work is ready to be rewied. Hooks run using root now and I've fixed the backup.py where root wasn't specified.
You need to be a member of the core dev team for that. |
We need one or two more approval to merge this PR (I always wonder why so few people have reviewed it :/) |
From my point of view, I don't know what to think about the purpose of PR (not trying to say it's bad, I genuinely don't know what to think). On one hand, we really do use sudo most of the time in app scripts and it's annoying to have to loose time because of forgetting to put "sudo" in install script ;). On the other hand, I agree with @mbugeia on the principle of least privilege. But if apt does the same thing, well, okay. However what I'm worried about at this point is wether or not this breaks some apps. As @zamentur said, some apps or specific program need to be run as a non-root user. What's the plan to test apps ? Imho we can rely on the App CI if it runs on testing/unstable. But we should be careful and not release this too quickly. |
And to insist, just look at any random script file of a YunoHost app, At this point it's just making the life of every package developper harder for nothing. |
After having read a lot of random app scripts (and having made apps myself), I'm now really convinced that keeping |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't have the knowledge to check the python code, but I agree with the fact we run root and stop using sudo.
@M5oul @maniackcrudelis already agreed on that PR apparently:
|
Hello,
I'm opening this PR to avoid forgetting it but I'm not calling for a decision yet.
It's the implementation of "don't use admin user for installing apps because it doesn't brings anything and that forgetting sudo is the first bug ever while developping apps", also will greatly reduce broken situation du to missing admin user (well ... hide them).
We'll probably need to talk again about this choice.