search

subuser-security / subuser

Run programs on linux with selectively restricted permissions.
http://subuser.org
GNU Lesser General Public License v3.0
890 stars 65 forks source link

Error when running using sudo #306

Closed timthelion closed 7 years ago

timthelion commented 7 years ago

No idea:

timothy@yoga ~/.arbtt> time sudo ../current/subuser/logic/subuser run gt status
Traceback (most recent call last):
  File "../current/subuser/logic/subuser", line 52, in <module>
    command(sys.argv[2:])
  File "/home/timothy/current/subuser/logic/subuserlib/builtInCommands/run.py", line 66, in runCommand
    user.getRegistry().setLogOutputVerbosity(0)
  File "/home/timothy/current/subuser/logic/subuserlib/classes/user.py", line 68, in getRegistry
    self.__registry.ensureGitRepoInitialized()
  File "/home/timothy/current/subuser/logic/subuserlib/classes/registry.py", line 64, in ensureGitRepoInitialized
    os.makedirs(self.getUser().getConfig()["registry-dir"])
  File "/usr/lib/python3.4/os.py", line 237, in makedirs
    mkdir(name, mode)
FileExistsError: [Errno 17] File exists: '/root/.subuser/registry'
Command exited with non-zero status 1
0.10user 0.01system 0:00.13elapsed 89%CPU (0avgtext+0avgdata 17688maxresident)k
72inputs+8outputs (0major+7916minor)pagefaults 0swaps
timothy@yoga ~/.arbtt> sudo ../current/subuser/logic/subuser run gt status
Traceback (most recent call last):
  File "../current/subuser/logic/subuser", line 52, in <module>
    command(sys.argv[2:])
  File "/home/timothy/current/subuser/logic/subuserlib/builtInCommands/run.py", line 66, in runCommand
    user.getRegistry().setLogOutputVerbosity(0)
  File "/home/timothy/current/subuser/logic/subuserlib/classes/user.py", line 68, in getRegistry
    self.__registry.ensureGitRepoInitialized()
  File "/home/timothy/current/subuser/logic/subuserlib/classes/registry.py", line 64, in ensureGitRepoInitialized
    os.makedirs(self.getUser().getConfig()["registry-dir"])
  File "/usr/lib/python3.4/os.py", line 237, in makedirs
    mkdir(name, mode)
FileExistsError: [Errno 17] File exists: '/root/.subuser/registry'
Exadra37 commented 7 years ago

When I tried to install SubUser I followed this instructions http://subuser.org/installation.html#install-with-pip-stable-version.

install

Install seems ok, but now when I try to run subuser list available in another terminal window I am asked for my sudo password... why?

screenshot from 2017-02-05 10-50-37

The instructions to run the above command don't say that sudo is needed http://subuser.org/tutorial-use.html, but If I enter the password then i get:

screenshot from 2017-02-05 10-51-35

Now we have an exception because this folder /home/exadra37/.subuser/registry is created with root permissions due to the requested sudo password, but is trying to access it without sudo.

Now if I try to install Vim as suggested in the quick start tutorial I also get the same type of error in this topic:

screenshot from 2017-02-05 11-08-57

My system:

screenshot from 2017-02-05 11-04-12

screenshot from 2017-02-05 11-01-06

timthelion commented 7 years ago

Thank you for the high quality bug report! Wow! Did you use gimp to make those screenshots?

This is definitely a bug, but will require some debugging. The reason for sudo, is that subuser needs to communicate with Docker and Docker requires administrative permissions to setup and launch conatiners. There are two ways to access the Docker daemon, one is to use sudo, and the other is to make your user a member of the docker group. Being a member of the docker group is the same as having root access, where-as with sudo, you only grant subuser access to root. So new in 0.6 is that we support using sudo. If you add yourself to the docker group, you won't be prompted for your password anymore. Evidently, this new sudo support has caused a bug when creating a new registry, and I will have to solve that.

timthelion commented 7 years ago

Here is the bug: https://github.com/subuser-security/subuser/blob/master/logic/subuserlib/classes/registry.py#L64 I need to change that to use this https://github.com/subuser-security/subuser/blob/master/logic/subuserlib/classes/endUser.py#L77

timthelion commented 7 years ago

I am currently at FOSDEM. I'll have to wait till I get home to release a fix.

Exadra37 commented 7 years ago

@timthelion cool you found it ;)

That question about sudo was my tired brain asking... I completely forget about subuser talking with Docker :(

Print screens done with shift+prtsc.

timthelion commented 7 years ago

Hi, I've uploaded what I beleive to be correct code. Can you please delete your ~/.subuser directory, pull from master, and test this before I release the fix?

Exadra37 commented 7 years ago

I can install it, but needs sudo to install, once the dir to install it is not a USER dir /usr/local/lib/python3.4/dist-packages/...

screenshot from 2017-02-07 18 47 51

Seems to work

screenshot from 2017-02-07 18 45 52

In http://subuser.org/installation.html#install-from-git-development-version you need to add that we need to run sudo python3 setup.py install

timthelion commented 7 years ago

Thanks for testing. Does subuser list available work? The reason why I don't tell the user to use setup.py install is that I find running subuser in place is better for development due to the fact that when you change the code you don't need to install again ;). I have added a note about the possibility of using setup.py though.

Exadra37 commented 7 years ago

Cool you have added the note about Git installation ;)

It works:

screenshot from 2017-02-07 22 40 45

timthelion commented 7 years ago

Totally off topic, but it's cool how you have your shell prompt set to show which branch you are on in git :)

Exadra37 commented 7 years ago

I always use ZSH shell with https://github.com/robbyrussell/oh-my-zsh

timthelion commented 7 years ago

Thanks for the link. I use fish which is like ZSH but for people who are too stupid/lazy to edit config files.