search

F1bonacc1 / process-compose

Process Compose is a simple and flexible scheduler and orchestrator to manage non-containerized applications.
https://f1bonacc1.github.io/process-compose/
Apache License 2.0
1.22k stars 40 forks source link

Sudo support #190

Closed znd4 closed 1 month ago

znd4 commented 3 months ago

Feature Request

Use Case:

I'd like to be able to manage processes that require elevated permissions (e.g. kubectl port-forward 443:44)

Proposed Change:

Add an admin or sudo flag. When true, run the configured command with sudo {rest of command} in an embedded tty (so that user gets password retries).

Who Benefits From The Change(s)?

Users who want to manage background processes with elevated permissions without elevating the entire process-compose process.

Alternative Approaches

Prompt for an admin password and pipe it to sudo.

F1bonacc1 commented 1 month ago

Hi @znd4,

A "short" update on this feature. Since there is no native way to use the log viewer portion of PC for input, I went in a slightly different direction.

I added is_elevated flag to the process type:

elevated_ls:
  command: "ls -l /root"
  is_elevated: true
  shutdown:
    signal: 9

The way I feed the password to an elevated process is through stdin with something like sudo -S ls root. As long as an elevated process is running without a password, once it is selected in the TUI it will ask for a password using the command and search dialog: image

And that works great and supports multiple retries, PC even provides visual feedback if the password is wrong: image

Unfortunately, this doesn't work for more than one process...

It's specific to sudo -S and every other stdin expecting process works fine.

It looks like a consequence of how the system handles sudo and privilege escalation. This is a security feature to prevent race conditions and ensure that privilege escalation is handled safely.

It took me so long to understand that it was not a bug in my code, but I didn't give up on this feature and I'm looking for workarounds.

F1bonacc1 commented 1 month ago

Released in v1.9.0

RafaelKr commented 1 month ago

I tried this in devenv with

{
  processes = {
    caddy.process-compose = {
      # required to install its unique root certificate into the trust store
      is_elevated = true;
    };
  };
}

It asks for my password but after entering it I get sudo: exec: command not found

F1bonacc1 commented 1 month ago

Hi @RafaelKr,

Please open a new issue with steps to reproduce it.