Closed kalta closed 9 years ago
The way to use this feature in the existing version of exec is through means of capabilities. When the exec process is started with -user User
option , it'll switch effective user to User and set the setuid capability so that it would be able to start child processes using {user, SomeUser}
option, where SomeUser
could be any user including root
.
We're running tests inside of our CI which is done via GitLab CI and the official elixir image. The CI is automatically run as root
.
I see no reason why a library should prevent me from doing exactly that.
I would propose that either the root
checking condition that throws is removed or that there is at least a config option disabling the check both in the erlang & c++ code.
What you are proposing to do would impose a serious security risk as the erlexec could run any command on the system with root
privileges for any user who doesn't have such privileges.
In the limited context where you don't care about such a security issue, you can accomplish that by using the proper startup options, described in the overview under the Allowing exec-port to run commands as other effective users
example. There you would specify {user, "root"}, {limit_users, ["root"]}
options to run at your own risk.
@saleyn I tried to specifically setting the root user as an option, but this triggered the following warning: https://github.com/saleyn/erlexec/blob/master/c_src/exec.cpp#L492
If I run any application as root, it is expected that the application also can use those rights. I don't understand why it should be different for this library...?
That error is fixed in the latest commit. The reason the library makes it harder (but not impossible) to run as root is that it's easy to accidentally damage the system (think of exec:run("rm -rf *")
), or to have unauthorized users do or see stuff they are not supposed to do or see.
Under some circumstances, it is necessary to use the root user. For example, I'm developing a remote manager for docker instances, and I want to do things like using iptables. For sure there are other ways to do this, but they are much more complex. I don't see any problem in running as root a program I have the source code and it is not setuid.
I have commented out the root-checking lines from exec.cpp and it seems to work perfectly. Would it be interesting to add an option to exec.cpp and exec.erl to allow root access? Do you see any problem in that?
If it is ok I will contribute it. Thanks