Open svvac opened 5 years ago
I don't see any reference to setuid() or geteuid() in the source code, so I guess that's normal that it doesn't work ;-) It could be added easily through...
Right. If changes are involved, might as well do this the proper way and check for actually required capabilities to run the tool instead of just checking uid=0
?
I'm not sure it would be worth the effort to find and check individually for all the required capabilities when most users will just run it as root anyway. Do you have a specific use case in mind?
Well, production use with locked-down permissions. I guest the target is more disposable VM build hosts than uid-namespaced containers?
I installed
dgr
with exec permissions restricted to a dedicated group and set thesetuid
bit on the binary, hoping this would spare me thesudo
stuff. Even though,dgr
fails complaining about needing root.