Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sudo support #190

Closed
znd4 opened this issue Jun 1, 2024 · 4 comments
Closed

Sudo support #190

znd4 opened this issue Jun 1, 2024 · 4 comments
Labels
done Done, awaiting release enhancement New feature or request

Comments

@znd4
Copy link

znd4 commented Jun 1, 2024

Feature Request

Use Case:

I'd like to be able to manage processes that require elevated permissions (e.g. kubectl port-forward 443:44)

Proposed Change:

Add an admin or sudo flag. When true, run the configured command with sudo {rest of command} in an embedded tty (so that user gets password retries).

Who Benefits From The Change(s)?

Users who want to manage background processes with elevated permissions without elevating the entire process-compose process.

Alternative Approaches

Prompt for an admin password and pipe it to sudo.
@F1bonacc1 F1bonacc1 added the enhancement New feature or request label Jun 30, 2024
@F1bonacc1
Copy link
Owner

Hi @znd4,

A "short" update on this feature.
Since there is no native way to use the log viewer portion of PC for input, I went in a slightly different direction.

I added is_elevated flag to the process type:

elevated_ls:
  command: "ls -l /root"
  is_elevated: true
  shutdown:
    signal: 9

The way I feed the password to an elevated process is through stdin with something like sudo -S ls root.
As long as an elevated process is running without a password, once it is selected in the TUI it will ask for a password using the command and search dialog:
image

And that works great and supports multiple retries, PC even provides visual feedback if the password is wrong:
image

Unfortunately, this doesn't work for more than one process...

It's specific to sudo -S and every other stdin expecting process works fine.

It looks like a consequence of how the system handles sudo and privilege escalation. This is a security feature to prevent race conditions and ensure that privilege escalation is handled safely.

It took me so long to understand that it was not a bug in my code, but I didn't give up on this feature and I'm looking for workarounds.

@F1bonacc1 F1bonacc1 added the done Done, awaiting release label Jul 25, 2024
F1bonacc1 added a commit that referenced this issue Jul 25, 2024
@F1bonacc1
Issue #190: Added sudo support
b7ede9c
@F1bonacc1
Copy link
Owner

Released in v1.9.0

@RafaelKr
Copy link

I tried this in devenv with

{
  processes = {
    caddy.process-compose = {
      # required to install its unique root certificate into the trust store
      is_elevated = true;
    };
  };
}

It asks for my password but after entering it I get sudo: exec: command not found

@F1bonacc1
Copy link
Owner

Hi @RafaelKr,

Please open a new issue with steps to reproduce it.

@RafaelKr RafaelKr mentioned this issue Aug 15, 2024
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
done Done, awaiting release enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@F1bonacc1 @RafaelKr @znd4