Evaluate strategies to avoid any need for sudoer calls on VMs and docker images.

[jeremy-donson]

The two associated VM problems that have been recurrent are the tip of the potential iceberg here:

• Sudoer calls lose access to MAGMA_ROOT shell env variable.
• We also can have file/folder privilege issues arise.

I believe this issue arises due to two roles:

• local vm package builder
• local vm package service runner

Package builder MIGHT need sudo but should not... Package service runner should NEVER have sudo access.

Frankly, when there is a single user on an entire host (vm or docker container) access issues are avoidable.
This should go for VMs and for docker images as well.

Things worth testing:

A 'magma' service user might make some good sense.
How about a builder user who is sudoer who gets deleted after the build is over? 🙂

We could call set -a to export all vars.

We could use umask....
https://widerin.net/blog/change-umask-in-docker-containers/