[bug#36957] [PATCH] machine: Allow non-root users to deploy.

[Jakob L. Kreuze]

Hi Ricardo and Chris,

Ricardo Wurmus <address@hidden> writes:

> Hi Jakob,
>
> I haven’t yet looked over the patches, but when I saw that it mentions
> “sudo” I wondered: is it feasible to support “su” with interactive (or
> cached) password input as well?

I believe so. This would require two additions:

- Code to interact with the 'su' prompt.
- Some way for 'managed-host-environment-type' to obtain root's
  password, which I imagine would be either a prompt or a field in the
  configuration record.

On the latter addition, I've experimented a bit with both possibilities
(albeit for a password-authenticated sudo). Prompting the user for a
password feels like a bad idea because then deployments wouldn't really
be automated, and we would have to do some sort of thread
synchronization when parallel deployments are implemented so we don't
mess up the TTY. I could get behind a 'password' field for
'managed-host-environment-type' (and then if users want a prompt they
can just call out to 'getpass'), but again, we'd need code to interact
with the 'su' prompt.

Christopher Lemmer Webber <address@hidden> writes:

> Maybe a more important question: if this turns out to be desirable, is
> there a path forward to add it later? If that's true, I'd suggest we
> move forward with merging the patch and worry about how to add the
> option at a future time.

Yeah. A 'password' field with '(default #f)' shouldn't be too invasive.
Aside from that, it would just involve adding the 'su' interaction code
to the two procedures that spawn REPLs.

Regards,
Jakob

signature.asc
Description: PGP signature