search

brikis98 / docker-osx-dev

A productive development environment with Docker on OS X
http://www.ybrikman.com/writing/2015/05/19/docker-osx-dev/
MIT License
1.43k stars 106 forks source link

Running as a non-admin user asks for password I don't know #152

Open ComaVN opened 8 years ago

ComaVN commented 8 years ago

I run homebrew and docker-osx-dev install as admin (privileged user), and do my development as roel (an unprivileged user, who isn't member of the admin group)

If I run docker-osx-dev as admin, it works, and it starts rsyncing.

However if I run docker-osx-dev as roel, it asks for a docker@localhost's password:

roel% docker-osx-dev
2015-12-11 11:25:24 [INFO] Using default sync paths: .
2015-12-11 11:25:24 [INFO] Complete list of paths to sync: /Users/roel/workspace
2015-12-11 11:25:24 [INFO] Using default exclude paths: .git
2015-12-11 11:25:24 [INFO] Complete list of paths to exclude: .git
2015-12-11 11:25:24 [INFO] Complete list of paths to include:
2015-12-11 11:25:24 [INFO] Starting docker-osx-dev file syncing
docker@localhost's password:

I have no idea what this password would be. I presume this is somehow caused by the installation linking admin's ssh key to the vm's authorized_keys?

I cannot do docker-osx-dev install as roel:

roel% docker-osx-dev install
2015-12-11 11:21:09 [INFO] Starting install of docker-osx-dev
2015-12-11 11:21:09 [INFO] Updating HomeBrew
Error: The /usr/local directory is not writable.
Even if this directory was writable when you installed Homebrew, other
software may change permissions on this directory. Some versions of the
"InstantOn" component of Airfoil are known to do this.

You should probably change the ownership and permissions of /usr/local
back to your user account.
  sudo chown -R $(whoami):admin /usr/local

I don't want my regular user to be able to write to /usr/local for security reasons.

Am I doing something wrong here? should I run docker-osx-dev as admin? This feels wrong, since the directory I want to rsync lives in roel's home dir.

brikis98 commented 8 years ago

Hm, that's a tricky one. By installing as admin, certain files are being installed for the admin user, and therefore, the roel account won't be able to access them. You can try to track each one down and fix it, but I'm not sure how easy it is. As a first step, run echo $DOCKER_CERT_PATH and see if you have read permissions to that file, as I believe that's what's used to SSH to the boot2docker VM.

ComaVN commented 8 years ago

I worked around it by running docker-osx-dev install as admin to install the dependencies, then commenting out line 1097 in the install function (install_dependencies), and then running docker-osx-dev install again as roel (plus some virtualbox housekeeping to delete the boot2docker-vm running under the admin user):

roel% su admin
admin% docker-osx-dev install
admin% VBoxManage controlvm boot2docker-vm poweroff
admin% VBoxManage unregistervm --delete boot2docker-vm
admin% nano /usr/local/bin/docker-osx-vm

comment out line 1097 in /usr/local/bin/docker-osx-vm:

function install {
  log_info "Starting install of docker-osx-dev"
# XXX  install_dependencies
  init_docker_host
  install_rsync_on_docker_host
  add_docker_host
  add_environment_variables
  print_next_steps
}
admin% exit
roel% docker-osx-dev install

After that, it works ok, and boot2docker-vm runs as roel

I could try to find some time to make a PR to make the install_dependencies optional, with a --skip-dependencies. Would that be something you'd consider pulling? Alternatively, there could be an init command that does the same, eg. 

function init {
  log_info "Initializing docker-osx-dev"
  init_docker_host
  install_rsync_on_docker_host
  add_docker_host
  add_environment_variables
  print_next_steps
}
brikis98 commented 8 years ago

Nice. A --skip-dependencies flag sounds like a great idea!