Add documentation to cover cloning with sudo

Question

Add documentation to cover cloning with sudo

soulofmischief opened this issue 6 years ago · 3 comments

soulofmischief commented 6 years ago

Hi,

When cloning / manipulating repos that have files in protected directories, sudo is required.

However, the environment must be preserved or vcsh will add configuration files into /root.

I figure we can save someone some potential future grief by mentioning the need for sudo -E in such cases.

Not sure what part of the docs you would want to stick that into so I haven't done a PR yet.

Answer 1 · 2019-07-13T19:20:52.000Z

@soulofmischief Can you please share the commands/configuration that you use to work with files outside of $HOME? How can I work with files inside /etc, /usr/share, /usr/local?

Answer 2 · 2019-09-06T17:52:43.000Z

@GeneZharov my available.d/<repo>.vcsh's checkout command sets the environment variable VCSH_BASE to the appropriate directory (/, /usr/local, etc)

When I run mr up, repos which require elevated priviliges fail, then I run sudo -E mr up to catch those.

It's inelegant and I worry about bugs hiding in the shadows. Perhaps the answer lies with overriding the config location when calling mr so that privileged repos aren't handled at all with mr up and sudo -E mr up only handles those privileged repos.

Answer 3 · 2021-04-02T09:03:32.000Z

I think this is effectively a duplicate of #110. I know it doesn't sound to similar but here is my reasoning:

Anything in $HOME should be owned by the user. Anything that isn't should be a special case and the user should understand what they are doing. Running sudo vcsh is simply not a supported or suggested workflow at this point, so there isn't a logical place to document it.
Any proper treatment of tracking directories outside of $HOME will inevitably need to address this properly. I imagine some kind of ownership check between the effective user and the repo directory with an error if they don't match will be in order.

By the way your mr up; sudo -E mr up is bound to eventually create problems in a race condition where something happened between the two invocations or the first one died with unfinished work for unrelated reasons and the second one writes a bunch of stuff to your home directory as root. I suggest you don't do that. As a temporary hack you should probably add a different set up commands to myrepos for handling root-owned vcsh repos that run sudo -E vcsh all the time for mr actions taken on those repos rather than ever running mr as root.