You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Will the file be owned by root or user? -> user But why since the whole command runs under sudo? A bit unexpected.
vs
sudo orjail -y sudo touch a
Will the file be owned by root or user? -> root That syntax is a bit long though.
So I was wondering why not run orjail without sudo, and then orjail would internally use sudo whenever required?
Maybe orjail could be running under user orjail and user orjail would have /etc/sudoers.d/orjail exceptions to run the required commands (ip, iptables, ...) under root using sudo.
The end result could be:
sudo orjail -y touch a -> owned by root
orjail -y touch a -> owned by user
If you're interested in this, I could try to come up with a pull request since I have some experiences running applications under user something and then having /etc/sudoers.d/ exceptions to allow user something do run required commands as root.
The text was updated successfully, but these errors were encountered:
The flowing is a bit strange.
Will the file be owned by
root
oruser
? ->user
But why since the whole command runs undersudo
? A bit unexpected.vs
Will the file be owned by
root
oruser
? ->root
That syntax is a bit long though.So I was wondering why not run
orjail
withoutsudo
, and thenorjail
would internally usesudo
whenever required?Maybe
orjail
could be running under userorjail
and userorjail
would have/etc/sudoers.d/orjail
exceptions to run the required commands (ip
,iptables
, ...) underroot
usingsudo
.The end result could be:
sudo orjail -y touch a
-> owned byroot
orjail -y touch a
-> owned byuser
If you're interested in this, I could try to come up with a pull request since I have some experiences running applications under user
something
and then having/etc/sudoers.d/
exceptions to allow usersomething
do run required commands as root.The text was updated successfully, but these errors were encountered: