-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2013-12-17 18:23, Curtis Hovey-Canonical wrote: >> On 2013-12-17 7:39, Tim Penhey wrote: >>> Firstly there are the charms, they expect "apt-get install" to >>> work, and if we change our user, it won't. > > We could add the juju user to sudoers on install? > > echo 'juju ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/91-juju chmod > 0440 /etc/sudoers.d/91-juju > > This reduces the guilt/vulnerability while maintaining apt access. > I suppose sudo breaks charm install hooks. >
Right, so the transition plan could be that juju runs "sudo hook" for everything, and then when charms can do it themselves it just runs "hook" and those hooks then run "sudo do-stuff". They still all need the ability to do root-level stuff, but it would mean that they explicitly state in the charm what lines need it vs which ones don't. However, that is rewriting charms which is a non-trivial amount of work even if we had jujud with sudo today. John =:-> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Cygwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKwYOIACgkQJdeBCYSNAANoKACfaOUOQ7XjMEX6oagBpPD2XWBu vXwAoM7X/kFpK35ug62aQdo2CN4Z6ihB =naa0 -----END PGP SIGNATURE----- -- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
