bug: ASDF fails to load in some sudo/su contexts

Question

bug: ASDF fails to load in some sudo/su contexts

mcandre opened this issue 4 months ago · 3 comments

Describe the Bug

Hi,

While provisioning Ruby environments upon enterprise Jenkins agents, I noticed a hidden assumption within ASDF that causes the ASDF bash load process to fail.

Note two workarounds:

Jenkins pipelines probably still work, due to connecting directly to the Jenkins SSH account using known credentials, as opposed to sudo/su. But that breaks SSH troubleshooting from individual engineer accounts.
The user can override a default bash shell to target sh, then run sudo/su, then explicitly cd to the Jenkins home directory, and finally launch bash to load ASDF. But that's tedious.

Steps to Reproduce

chmod 0700 ~ in your normal Unix account.
Create a Jenkins Unix account.
Install ASDF in the Jenkins account.
Use sudo or su to change context to the Jenkins account.

Expected Behaviour

ASDF is available and working.

Actual Behaviour

The ASDF source line in the Jenkins account's .bashrc file terminates too early, citing cd permission errors.

The asdf command fails to register. asdf version reports that no such command is found.

Environment

Redacted

asdf plugins affected (if relevant)

No response

Answer 1 · 2024-09-01T05:09:31.000Z

Asdf isn't the problem. The problem is a failure to start a clean login shell as the target user, and so the environment is inherited and wrong.

/usr/bin/env sudo -iu jenkins -- ...

Answer 2 · 2024-09-01T05:14:17.000Z

I suspect asdf is triggering a dirty login shell as a consequence of asdf's assumptions about the authorization to cd into arbitrary /home/* directories, which is not true in all environments.