Add warning about the sudo wrapper script

This commit is contained in:
Fabio Rehm 2013-07-31 22:48:00 -03:00
parent 2082a5a81d
commit b301ee8e0f

View file

@ -99,8 +99,8 @@ For other configuration options, please check the [lxc.conf manpages](http://man
This plugin requires **a lot** of `sudo`ing since [user namespaces](https://wiki.ubuntu.com/UserNamespace) This plugin requires **a lot** of `sudo`ing since [user namespaces](https://wiki.ubuntu.com/UserNamespace)
are not supported on mainstream kernels. In order to work around that we can use are not supported on mainstream kernels. In order to work around that we can use
a really dumb Ruby wrapper script like the one below and add a `NOPASSWD` entry a really dumb (**AND INSECURE**) Ruby wrapper script like the one below and add
to our `/etc/sudoers` file: a `NOPASSWD` entry to our `/etc/sudoers` file:
```ruby ```ruby
#!/usr/bin/env ruby #!/usr/bin/env ruby
@ -115,6 +115,10 @@ and add the line below to your `/etc/sudoers` file:
USERNAME ALL=NOPASSWD:/usr/bin/lxc-vagrant-wrapper USERNAME ALL=NOPASSWD:/usr/bin/lxc-vagrant-wrapper
``` ```
*__WARNING__: the `/usr/bin/lxc-vagrant-wrapper` + `/etc/sudoers` combination
above allows `USERNAME` to run any privileged command without a password. You
might want to think twice before using that on a machine with sensitive data.*
In order to tell vagrant-lxc to use that script when `sudo` is needed, you can In order to tell vagrant-lxc to use that script when `sudo` is needed, you can
pass in the path to the script as a configuration for the provider: pass in the path to the script as a configuration for the provider: