Add a note about sudo for cache
#564
Conversation
It seems not too obvious.
| in the [user-specific cached data folder](https://golang.org/pkg/os/#UserCacheDir). [Similar to Cirrus Cloud](https://cirrus-ci.org/guide/writing-tasks/#http-cache) | ||
| the CLI can use a caching HTTP server for more efficient sharing of cached artifacts between tasks executed on different physical hosts. | ||
| in the [user-specific cached data folder](https://golang.org/pkg/os/#UserCacheDir). | ||
| Please note, that if you run `cirrus` under `sudo` (for example, in ArchLinux by default), check `/root` directories. |
There was a problem hiding this comment.
if you run
cirrusundersudo(for example, in ArchLinux by default)
Care to elaborate on why is this a default for Arch Linux?
There was a problem hiding this comment.
I guess, security reasons. From the ArchLinux Wiki:
If you want to be able to run the
dockerCLI command as a non-root user, add your user to thedockeruser group, re-login, and restartdocker.service.
Warning: Anyone added to the
dockergroup is root equivalent because they can use thedocker run --privilegedcommand to start containers with root privileges. For more information see [3] and [4].
There was a problem hiding this comment.
Sorry, but I fail to see the how your quote implies that the sudo is default/should be used on Arch Linux. As we've previously discussed, consider running Cirrus CLI as a separate user and adding that user to the docker group instead if you're concerned about the docker attack vector.
Also, by default, the sudo invocation doesn't seem to actually change the $HOME:
% echo $HOME
/Users/edi
% sudo sh -c 'echo $HOME'
/Users/edi
Do you have a different behavior on your system?
|
Closing due to inactivity. |
It seems not too obvious.