Open ashirwad opened 1 month ago
You can't really restrict this to pak, or even to R AFAIK. You can specify that you allow your (no-root) user to run apt-get
commands as root. You need to create a file /etc/sudoers.d/pak
with the contents:
# This user can run sh -c apt-get *
username ALL=(root) NOPASSWD: /usr/bin/sh -c apt-get\ *
Or, if you want to restrict it a bit more, then only allow apt-get -y update
and apt-get -y install
(Cf. https://github.com/r-lib/pkgdepends/blob/1ecfde9b31d84719ed331f704ff6279a8a780689/R/sysreqs2.R#L14):
# This user can run sh -c apt-get -y update, apt-get -y install * and apt-get -y satisfy *
% ALL=(root) NOPASSWD: /usr/bin/sh -c apt-get update
username ALL=(root) NOPASSWD: /usr/bin/sh -c apt-get -y update
username ALL=(root) NOPASSWD: /usr/bin/sh -c apt-get -y install\ *
username ALL=(root) NOPASSWD: /usr/bin/sh -c apt-get -y satisfy\ *
(The third form is not used yet, but will be soon.)
However, I have to say, that since pak runs sh -c
instead of apt-get
directly, it is pretty easy to bypass this restriction by running something like
sudo sh -c "apt-get -y install nonexisting-package || dosomethingbad"
So even with the restrictions, username
will have access to any command as root. Even if pak called apt-get
directly, it is possible, indeed likely, that one can force apt-get
to run a shell or some other external command.
Keep this in mind, when configuring your system.
Finally, you'll also need to set these env vars to force pak to install sysreqs and to use sudo:
PKG_SYSREQS=true
PKG_SYSREQS_SUDO=true
You can set then in .Renviron
or your shell profile. You can also set options instead if you prefer those, see https://pak.r-lib.org/reference/pak-config.html
@gaborcsardi, I really enjoy using
pak
, so thanks for building this package! I am wondering if you could provide some instructions on how I can configure password less sudo just for runningpak::pkg_install()
command so that system dependencies get installed automatically. I am usingrig
(thanks for this as well!) with R 4.2.3 on Ubuntu 20.04.