On 23.01.2024 20:15, Jim Henderson wrote:
On Tue, 23 Jan 2024 13:09:28 +0100, Michal Vyskocil wrote:
I don't think this is possible in 1.6.0, see the default sudoers config created by distrobox: https://github.com/89luca89/distrobox/blob/main/distrobox-init#L1779 distrobox-init assigns the wheels/sudo/root groups to the user in guest container if host user has them.
Maybe mounting a volume with one's own sudoers into the container will work as well.
The thing that I find strange is that if I create the container with the option to leave the root password blank, I can see the sudoers file includes the files in /etc/sudoers.d/ - which includes a configuration that includes "jhenderson" (my username, in quotes), but it varies slightly from the way my host is set up.
In the arch distrobox, it's included from /etc/sudoers; in the TW distrobox, it's included from /usr/etc/sudoers
I tested on my host modifying the sudoers file to put my username in quotes, and that still worked, so it seems like it should be working.
The line in /etc/sudoers.d/sudoers in the containers is:
"jhenderson" ALL = (root) NOPASSWD:ALL
(Yes, I use NOPASSWD; yes, I understand the risks.)
On the host, (root) is instead (ALL) - but as that's just defining the user(s) that I can sudo as, that shouldn't be an issue.
Are you talking about https://github.com/89luca89/distrobox/issues/1092? Then it is clear - distrobox attempts to disable "Default targetpw" in /etc/sudoers, but Tumbleweed/MicroOS have it in /usr/etc/sudoers. It will also fail in every distribution which is using /etc/sudoers.d instead of the main file.