This PR proposes a means for the Pebble daemon to authenticate additional local unix users as admins through a new environment variable, $PEBBLE_ADMINS. This environment variable is a comma , delimited unordered list of UIDs that represent admins in addition to the defaults (e.g. root and the user running the daemon).
The use case for this is in Juju, where we have a charm container (the pebble client) and the workload container (the pebble daemon), both running as different non-root users. The charm container needs to be able to connect to and control the pebble process in the neighbouring container.
It is expected that the following should not work:
$ sudo pebble run &
$ pebble exec echo hello
error: access denied (try with sudo)
But with this PR, this is expected that the following should work:
This PR proposes a means for the Pebble daemon to authenticate additional local unix users as admins through a new environment variable,
$PEBBLE_ADMINS
. This environment variable is a comma,
delimited unordered list of UIDs that represent admins in addition to the defaults (e.g. root and the user running the daemon).The use case for this is in Juju, where we have a charm container (the pebble client) and the workload container (the pebble daemon), both running as different non-root users. The charm container needs to be able to connect to and control the pebble process in the neighbouring container.
It is expected that the following should not work:
But with this PR, this is expected that the following should work:
JU091