Closed DelusionalOptimist closed 5 months ago
@DelusionalOptimist
Just took a look on this issue and looks the sudo
command is not really mandatory
[lekaf974@~ ]$ curl -sfL http://get.kubearmor.io/ | sh -s -- -b "$HOME/.local/bin"
kubearmor/kubearmor-client info checking GitHub for latest tag
kubearmor/kubearmor-client info found version: 1.2.0 for v1.2.0/linux/amd64
kubearmor/kubearmor-client info installed /home/lekaf974/.local/bin/karmor
[lekaf974@i~]$ /home/lekaf974/.local/bin/karmor version
karmor version 1.2.0 linux/amd64 BuildDate=2024-03-15T08:11:25Z
current version is the latest
@DelusionalOptimist
Just took a look on this issue and looks the
sudo
command is not really mandatory[lekaf974@~ ]$ curl -sfL http://get.kubearmor.io/ | sh -s -- -b "$HOME/.local/bin" kubearmor/kubearmor-client info checking GitHub for latest tag kubearmor/kubearmor-client info found version: 1.2.0 for v1.2.0/linux/amd64 kubearmor/kubearmor-client info installed /home/lekaf974/.local/bin/karmor [lekaf974@i~]$ /home/lekaf974/.local/bin/karmor version karmor version 1.2.0 linux/amd64 BuildDate=2024-03-15T08:11:25Z current version is the latest
Yes, right @lekaf974. It is possible to pass a path which is writable by the user and circumvent the use of sudo. However the path that the user passes might not be in their shell's PATH
variable, due to which they'll not be able to directly execute karmor
as a command.
The requirement here is to add logic in the install script telling the user to add the path that was specified as an argument to their PATH
environment variable. Also, update KubeArmor's documentation and remove the usage of sudo
at all places.
Gotcha I'll take a look and see if I can send a PR
Would something like the following replies to the request
kubearmor/kubearmor-client info checking GitHub for latest tag
kubearmor/kubearmor-client info found version: 1.2.0 for v1.2.0/linux/amd64
kubearmor/kubearmor-client info installed /home/lekaf974/.local/bin/karmor
kubearmor/kubearmor-client info Add /home/lekaf974/.local/bin to PATH variable
Description
Currently to install kubearmor-client one has to run the below which fetches and runs https://github.com/kubearmor/kubearmor-client/blob/main/install.sh and installs karmor at the specified path.
We set the path to
/usr/local/bin
everywhere in our docs so that user's can run it easily. However, for this we need to use sudo while executing the script which is not desirable from a security POV.Proposal
/usr/local/bin
, use a path writable by user for e.g$HOME/.local/bin/karmor
everywhere in our docs and removesudo
.PATH
variable either in the current shell or in their shell's RC.