Bug 849452
| Summary: | RFE: scl sudo subcommand or equivalent | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Developer Toolset | Reporter: | Frank Ch. Eigler <fche> | ||||
| Component: | scl-utils | Assignee: | Frank Ch. Eigler <fche> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Tomas Dohnalek <tdohnale> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | unspecified | CC: | alikins, drieden, martin, mcermak, mpolacek, ohudlick, pkovar, tdohnale | ||||
| Target Milestone: | alpha | Keywords: | FutureFeature | ||||
| Target Release: | 1.1 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | devtoolset-1.1-12.el[56] | Doc Type: | Enhancement | ||||
| Doc Text: |
No documentation needed
|
Story Points: | --- | ||||
| Clone Of: | |||||||
| : | 852031 (view as bug list) | Environment: | |||||
| Last Closed: | 2013-01-22 14:36:28 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 852031 | ||||||
| Attachments: |
|
||||||
|
Description
Frank Ch. Eigler
2012-08-19 15:17:32 UTC
IMO the easiest solution would be to use wrapper script in case of more complicated scl invocation or in case that privilege escalation is needed. In case of privilege escalation one can even better fine-grain ACL file attributes of the script or modify SELinux context. Note that even the current scl invocation allows you to run custom scripts from /opt/rh/<collection>/ path. Currently only 'enable' scriptlet is mandatory. Your use case can be handled by creating, say 'sudo_enable' scriptlet in case that scl passes the command to be executed by a shell variable, such as $SCL_COMMAND. In that case you can do: . enable sudo $SCL_COMMAND in the sudo_enable scriptlet and the command can then be executed with privileges escalated like: scl sudo_enable SCL COMMAND ARGS ARGS ... The sudo_enable idea wouldn't work exactly like that, because after . enable loads the various environment variables, sudo $SCL_COMMAND proceeds to cleanse the environment. I'm currently experimenting with a $SCL_ROOT/root/usr/bin/sudo wrapper script. The sudo wrapper script idea appears to work: I'll plop it into the devtoolset-1.1 rpm in the next respin. (Is there a bugzilla component for it?) This wrapper fails in this situation: [root@ibm-l4b-lp1]# scl_enabled && echo "ok" ok [root@ibm-l4b-lp1]# echo 5 | /usr/bin/sudo cat 5 [root@ibm-l4b-lp1]# echo 5 | sudo cat [root@ibm-l4b-lp1]# Experimented with passing the stdin file descriptor across sudo using exec 4<&0 echo "$@ <&4" | exec /usr/bin/sudo -E -C5 scl enable devtoolset-1.1 - but sudo -C* is prohibited in default sudo configurations. Experimenting... (A native "scl sudo devtoolset-1.1 COMMAND ARGS..." seems handier every day.) Created attachment 632150 [details]
sudo wrapper, now with More Quoting (tm)
Martin, the other bit I'd test is the proper passage of the DTS environment variables. e.g., .../devtoolset-1.1/.../sudo env should show the devtoolset paths etc. set. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-0175.html This borks sudo! See #1319936 . |