What
Executes a program as a user different from the user running sue. The target program is exec'ed which means, that it replaces the sue process you are using to run the target program. This simulates native tools like su and sudo and uses the same low-level POSIX tools to achieve that, but eliminates common issues that usually arise, when using those native tools.
Why
Maintainable alternative to ncopa/su-exec, which is the better tianon/gosu. This one is far better (higher performance, smaller size), than the original gosu, however it is far easier to maintain, than su-exec, which is written in plain C.
This and its alternatives all exist for pretty much the same core reason:
This is a simple tool grown out of the simple fact that
suandsudohave very strange and often annoying TTY and signal-forwarding behavior. They're also somewhat complex to setup and use (especially in the case ofsudo), which allows for a great deal of expressivity, but falls flat if all you need is "run this specific application as this specific user and get out of the pipeline".
How
First, make sure you are running sue as the root user, to avoid permission issues.
Get the project and prepare it:
git clone https://github.com/theAkito/sue.git
cd sue
nimble configure
To build the project use one of the predefined tasks:
nimble fbuild
for the release build or
nimble dbuild
for the debug/development build.
You can also make a quick test if sue works, as it should:
nimble test
The first argument passed to sue is the user-spec with either the username or its id. Appending a group to the user-spec is optional.
The following examples assume a user named dunwall, belonging to a group of the same name and id.
Example 1:
./sue dunwall src/testExample 2:
./sue dunwall:dunwall src/testExample 3:
./sue 1000:dunwall src/testWhere
This tool is meant to be used in a Docker environment, as a way to execute a program while temporarily switching the user just for running that process, as some need to be run as a specific user or need a designated user for taking over a user role in that program.
Real world example
The following example is taken from the official postgres:13-alpine Docker image's docker-entrypoint.sh script, where su-exec is used to execute this startup script as the postgres user, since PostgreSQL should be operated by the postgres user.
if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
docker_setup_env
# setup data directories and permissions (when run as root)
docker_create_db_directories
if [ "$(id -u)" = '0' ]; then
# then restart script as postgres user
exec su-exec postgres "$BASH_SOURCE" "$@"
fiNote that use-cases like this one are the primary target of sue. Using this program outside of a Docker container usually means that this tool is misused, as it is specifically designed for the type of purpose shown in the example above.
Goals
- Performance
- Size
- Maintainability
Project Status
Could need some more testing and confirmation, but it works in all cases I tested so far, in a non-production environment. This will be declared stable, once it is confirmed to cover all gosu test cases, successfully.
TODO
Implement test suite- Include
gosutest cases - Optimize
- Better error handling
License
Copyright (C) 2020 Akito the@akito.ooo
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.
