execute remote commands with sudo #54
Labels
No Label
bugfix
cleanup
discussion
documentation
doing
done
feature
improvement
packaging
Stale
testing
TODO
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: ungleich-public/cdist#54
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
more and more I'm in situation where I don't get root with VM or it's even forbidden to do
sudo -i
. there are many reasons for that. from overzealous security policy writes who see root as root of all evil to monitoring and auditability of operator actions. YMMV of course, but we can't ignore the fact that this is happening and it's a new norm just like Gospel of systemd brought to you by Church of Lennart.fun fact is that
sudo
is often allowed without password in situations where all non-system users present in system are admins anyway. shared systems with some users in sudoers group is different issue and isn't in scope imho.what must be done:
~/.cdist/exec
?). imho that should be default even if we use root.discuss.
yeah, something like
$TMP/cdist-$USER
with mode0700
would be nice too.Not sure whether I like
~/.cdist/exec
.I'd propose to use
/tmp
for temporary files. It is also always writable by users.If permissions are a concern the cdist temp directory could be owned by the executing user and have mode
0700
.It isn't.
For example, how would you write
--remote-copy
with sudo? :)@ander You can use --remote-exec/--remote-copy custom settings to do it with sudo/non-root user. Or this isn't enough?
changed the description
changed the description