From b301ee8e0f5c4a6ce2af365c950b7bb40fc9b3c7 Mon Sep 17 00:00:00 2001 From: Fabio Rehm Date: Wed, 31 Jul 2013 22:48:00 -0300 Subject: [PATCH] Add warning about the sudo wrapper script --- README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3bf379b..f1eb943 100644 --- a/README.md +++ b/README.md @@ -99,8 +99,8 @@ For other configuration options, please check the [lxc.conf manpages](http://man This plugin requires **a lot** of `sudo`ing since [user namespaces](https://wiki.ubuntu.com/UserNamespace) are not supported on mainstream kernels. In order to work around that we can use -a really dumb Ruby wrapper script like the one below and add a `NOPASSWD` entry -to our `/etc/sudoers` file: +a really dumb (**AND INSECURE**) Ruby wrapper script like the one below and add +a `NOPASSWD` entry to our `/etc/sudoers` file: ```ruby #!/usr/bin/env ruby @@ -115,6 +115,10 @@ and add the line below to your `/etc/sudoers` file: USERNAME ALL=NOPASSWD:/usr/bin/lxc-vagrant-wrapper ``` +*__WARNING__: the `/usr/bin/lxc-vagrant-wrapper` + `/etc/sudoers` combination +above allows `USERNAME` to run any privileged command without a password. You +might want to think twice before using that on a machine with sensitive data.* + In order to tell vagrant-lxc to use that script when `sudo` is needed, you can pass in the path to the script as a configuration for the provider: