Derivative-maker build script running as user versus root versus sudo design

  • The build script needs to have root because many actions such as mounting a raw image require root.
  • At the same time, the build script should be non-interactive, i.e. not require the user to enter a sudo password in the middle of the build, let alone several times.
  • Therefore currently, the build script is expected to be run under user ("user") and with sudo.
  • Whenever an action should be performed as user instead of root, it uses $SUDO_TO_USER which results in:
    • sudo --non-interactive -u user
    • Why not run all under root? Because some build dependency tools (such as dpkg-buildpackage, lintian?) would complain about this.

This is problematic because:

  • it raises the question when to use sudo --non-interactive -u user with --preserve-env and when not,
  • environment variables should or must passed or better (must) not,
  • home folder root versus user.

For a cleaner implementation, the build script should probably run as user without sudo and then internally use sudo --non-interactive (to root) when required. To prevent the build stalling and asking the the sudo password every few minutes, build documentation would recommend to

  • either set up passwordless sudo or,
  • use a longer sudo password timeout
    • Probably sudo configuration file option timestamp_timeout, unfortunately unavailable as an environment variable.

Then after the build script started, it would use sudo to test if it is available and to cache password entry (using sudo’s built-in timestamp_timeout feature).

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]