-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/tailscale: remember SUDO_UID from "up", don't require sudo for future commands? #1684
Comments
Unless I missed something about what sudo does here, -1. This is second-guessing sudo and silently granting long-term privilege upgrades, which is super surprising. If folks want passwordless access to stuff, sudo already supports configuring nopasswd access on certain commands. If we want a way to grant privileged access to normal users, we can do what docker et al. do, and have a |
The intention is to make Tailscale on Linux/etc behave more like it does on Windows where the daemon is owned by one user. Currently tailscaled on a multi-user Linux system is really bizarre. |
I think that'd be quite confusing on linux, we'd be the only global process to act like that. The model I'm loosely following is NetworkManager, which is a global service but lets anyone play with it, if they have the appropriate (PolicyKit) permissions. Then distros and users can adjust the policy to their level of comfort, including an "anyone can touch without root" free for all if so desired. |
From discussion with @danderson. Fixes #1684 (in a different way) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
From discussion with @danderson. Fixes #1684 (in a different way) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
From discussion with @danderson. Fixes #1684 (in a different way) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
From discussion with @danderson. Fixes #1684 (in a different way) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
On Windows, we already track the Windows userid who currently "owns" the backends.
On Linux/Unix we don't. We know the uid of the client's unix socket via https://inet.af/peercred but we require root for many actions.
But sudo sets some environment variables when run:
So we could require sudo for
tailscale up
and then snapshot thatSUDO_UID
and let that userid do all commands in the future without sudo but otherwise require root the same as we do today./cc @danderson
The text was updated successfully, but these errors were encountered: