search

kubearmor / kubearmor-client

KubeArmor cli tool aka kArmor :robot:
Apache License 2.0
34 stars 82 forks source link

Install karmor without `sudo` #415

Closed DelusionalOptimist closed 5 months ago

DelusionalOptimist commented 5 months ago

Description

Currently to install kubearmor-client one has to run the below which fetches and runs https://github.com/kubearmor/kubearmor-client/blob/main/install.sh and installs karmor at the specified path.

curl -sfL http://get.kubearmor.io/ | sudo sh -s -- -b <path-to-install>

We set the path to /usr/local/bin everywhere in our docs so that user's can run it easily. However, for this we need to use sudo while executing the script which is not desirable from a security POV.

Proposal

lekaf974 commented 5 months ago

@DelusionalOptimist

Just took a look on this issue and looks the sudo command is not really mandatory

[lekaf974@~ ]$ curl -sfL http://get.kubearmor.io/ | sh -s -- -b "$HOME/.local/bin"
kubearmor/kubearmor-client info checking GitHub for latest tag
kubearmor/kubearmor-client info found version: 1.2.0 for v1.2.0/linux/amd64
kubearmor/kubearmor-client info installed /home/lekaf974/.local/bin/karmor
[lekaf974@i~]$ /home/lekaf974/.local/bin/karmor version
karmor version 1.2.0 linux/amd64 BuildDate=2024-03-15T08:11:25Z
current version is the latest
DelusionalOptimist commented 5 months ago

@DelusionalOptimist

Just took a look on this issue and looks the sudo command is not really mandatory

[lekaf974@~ ]$ curl -sfL http://get.kubearmor.io/ | sh -s -- -b "$HOME/.local/bin"
kubearmor/kubearmor-client info checking GitHub for latest tag
kubearmor/kubearmor-client info found version: 1.2.0 for v1.2.0/linux/amd64
kubearmor/kubearmor-client info installed /home/lekaf974/.local/bin/karmor
[lekaf974@i~]$ /home/lekaf974/.local/bin/karmor version
karmor version 1.2.0 linux/amd64 BuildDate=2024-03-15T08:11:25Z
current version is the latest

Yes, right @lekaf974. It is possible to pass a path which is writable by the user and circumvent the use of sudo. However the path that the user passes might not be in their shell's PATH variable, due to which they'll not be able to directly execute karmor as a command.

The requirement here is to add logic in the install script telling the user to add the path that was specified as an argument to their PATH environment variable. Also, update KubeArmor's documentation and remove the usage of sudo at all places.

lekaf974 commented 5 months ago

Gotcha I'll take a look and see if I can send a PR

lekaf974 commented 5 months ago

Would something like the following replies to the request

kubearmor/kubearmor-client info checking GitHub for latest tag
kubearmor/kubearmor-client info found version: 1.2.0 for v1.2.0/linux/amd64
kubearmor/kubearmor-client info installed /home/lekaf974/.local/bin/karmor
kubearmor/kubearmor-client info Add /home/lekaf974/.local/bin to PATH variable