How to use sudo to execute commands as root

[ttmthuy]

Hello,
For pokyuser, can I use sudo commands likes root?
how about pokyuser pwd?

Thank you!.

[rewitt1]

Hi,

Since the images are setup with the idea of being temporary, and to try and protect users from accidentally impacting their host machine, you can't use sudo with the images. The idea was to make the image capable of doing a build using bitbake, but all other items of work would be done on the host (editing files, etc), outside of the container.

There are a few ways that you could change this if you really wanted this behavior, such as modifying the sudoers file and building the image yourself, or using "docker exec" to explicitly login as the root user to a running container.

If not having sudo access is really impacting your ability to use the image, then posting more details about what you're trying to accomplish may allow someone to offer suggestions to alternatives.

[jaredwolff]

@rewitt1, having a similar need here too. It relates to NPM is not being installed and is required for barys (as suggested by here https://resinos.io/docs/custombuild/)

I agree with your mindset here, i'll try to work around it using docker exec

For those interested, I ran

docker exec -u root <image hash> apt-get install npm -y

[rewitt1]

Hi @jaredwolff,

Since you would have to run that command each time you used the image, or create an actual container from it, would it be better to just build your own image and add the "apt-get install" for npm to the Dockerfile?

If that isn't the case, I'm curious to learn why you would lean more toward using "docker exec". Understanding different use patterns is always helpful.

Edit
I also decided to add this dockerfile example, since there is a bit of the tricky thing of needing to switch back to the proper user.

FROM crops/poky
USER root

RUN apt-get install npm -y

USER usersetup

[jaredwolff]

Ohh @rewitt1, I'm still learning the ins-and-outs of Docker. So excuse my ignorance. I was just going by what you suggested earlier.

I'll go by what you suggest here and build my own image that way. Thanks for the input!

[jaredwolff]

Quick addition:

Getting an error with the usersetup.py command when creating a new instance.

Refusing to use a gid of 0
Traceback (most recent call last):
  File "/usr/bin/usersetup.py", line 62, in <module>
    subprocess.check_call(cmd.split(), stdout=sys.stdout, stderr=sys.stderr)
  File "/usr/lib/python2.7/subprocess.py", line 541, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', 'restrict_groupadd.sh', '0', 'pokyuser']' returned non-zero exit status 1

[sujeethk]

I'm having the same issue as above. If I remove the --workdir parameter it works but the workdir is owned by root. And I do not know the root password in the container.

[rewitt1]

@sujeethk and @jaredwolff,

I added a new issue, #20. I think it addresses what you are seeing. Please feel free to comment in #20 if it doesn't.

[rewitt1]

Closing, since there is no issue to fix.

[DavidAntliff]

If not having sudo access is really impacting your ability to use the image, then posting more details about what you're trying to accomplish may allow someone to offer suggestions to alternatives.

I think one area that may be problematic is the network setup with runqemu - for reasons I don't understand, the native qemu (built inside the container) doesn't seem to work properly outside of the container (I suspect changes to paths since linking? But I really don't know), yet if one wants to use the tun/tap scheme for QEMU networking then sudo access is required to create the tap interfaces. This can be accomplished with docker exec, apt-get install nano, visudo etc, but perhaps the bigger question is why doesn't the build result work with QEMU outside the container, which is a different issue.