.\" Automatically generated by Pandoc 2.17.1.1 .\" .\" Define V font for inline verbatim, using C font in formats .\" that render this, and otherwise B font. .ie "\f[CB]x\f[]"x" \{\ . ftr V B . ftr VI BI . ftr VB B . ftr VBI BI .\} .el \{\ . ftr V CR . ftr VI CI . ftr VB CB . ftr VBI CBI .\} .TH "IMAGE-FACTORY-SUDO-HELPER" "1" "2020-08-05" "image-factory-sudo-helper" "image-factory-sudo-helper\[cq]s Manual" .hy .SH NAME .PP image-factory-sudo-helper - Run certain commands as root .SH SYNOPSIS .PP \f[B]image-factory-sudo-helper\f[R] \f[B]COMMAND\f[R] .SH DESCRIPTION .PP \f[B]image-factory\f[R] can be run as normal user, but it need root permission for a few operations like chmod, mount, and umount. Since these operations cannot be secured with sudo\[cq]s wildcards, \f[B]image-factory-sudo-helper\f[R] was introduced to check the commands using regular expression. .PP \f[B]image-factory-sudo-helper\f[R] will take a command (including parameters) and checks if it one of the three allowed commands: .IP \[bu] 2 chmod on files or (sub-)directories in /tmp/image-factory .IP \[bu] 2 mount of loop device in /tmp/image-factory .IP \[bu] 2 umount in /tmp/image-factory .PP If the given command passes is one of the allowed commands, it will be executed. Otherwise an error message will be printed. .SH USAGE .PP To allow running \f[B]image-factory\f[R] as normal user, only \f[B]image-factory-sudo-helper\f[R] needs sudo permission for the user. Example sudo configuration for user \f[I]jenkins\f[R]: .IP .nf \f[C] jenkins ALL = NOPASSWD:SETENV: /usr/bin/image-factory-sudo-helper \f[R] .fi .SH ENVIRONMENT .PP If the environment variable \f[B]DRYRUN\f[R] is set, the given command will not be executed but printed instead. .SH AUTHOR .PP Benjamin Drung