[Question] How can I configure password less sudo just for `pak::pkg_install()`?

You can't really restrict this to pak, or even to R AFAIK. You can specify that you allow your (no-root) user to run apt-get commands as root. You need to create a file /etc/sudoers.d/pak with the contents:

# This user can run sh -c apt-get *
username ALL=(root) NOPASSWD: /usr/bin/sh -c apt-get\ *

Or, if you want to restrict it a bit more, then only allow apt-get -y update and apt-get -y install (Cf. https://github.com/r-lib/pkgdepends/blob/1ecfde9b31d84719ed331f704ff6279a8a780689/R/sysreqs2.R#L14):

# This user can run sh -c apt-get -y update, apt-get -y install * and apt-get -y satisfy *
% ALL=(root) NOPASSWD: /usr/bin/sh -c apt-get update
username ALL=(root) NOPASSWD: /usr/bin/sh -c apt-get -y update
username ALL=(root) NOPASSWD: /usr/bin/sh -c apt-get -y install\ *
username ALL=(root) NOPASSWD: /usr/bin/sh -c apt-get -y satisfy\ *

(The third form is not used yet, but will be soon.)

However, I have to say, that since pak runs sh -c instead of apt-get directly, it is pretty easy to bypass this restriction by running something like

sudo sh -c "apt-get -y install nonexisting-package || dosomethingbad"

So even with the restrictions, username will have access to any command as root. Even if pak called apt-get directly, it is possible, indeed likely, that one can force apt-get to run a shell or some other external command.

Keep this in mind, when configuring your system.

Finally, you'll also need to set these env vars to force pak to install sysreqs and to use sudo:

PKG_SYSREQS=true
PKG_SYSREQS_SUDO=true

You can set then in .Renviron or your shell profile. You can also set options instead if you prefer those, see https://pak.r-lib.org/reference/pak-config.html

r-lib / pak

[Question] How can I configure password less sudo just for `pak::pkg_install()`? #634