Ideas for better non-root usage

[AlCalzone]

Here's a collection of things we could improve in order to reduce the hurdles when adapters have to work with sudo.

Always run specific adapters as root

Some low-level adapters might need real root to do their thing (e.g. RPI2 for the CPU frequency). We could add a flag runAsRoot in io-package.json. If this is set to true, the adapter is always executed as root on Unix systems. I think this should be whitelisted in the repo files somehow or at least be questioned before moving an adapter to the stable repo.

Specify which commands may be executed with sudo

We currently whitelist all commands the iobroker user may execute as sudo in the installer/fixer. Ideally, this should be configured on a per-adapter basis, e.g. with an option in io-package.json:

"sudoCommands": ["systemctl start", "ping"]

or (with optional and required commands):

"sudoCommands": {
  "systemctl start": "optional",
  "ping": "required"
}

We would need to provide a shell script that is whitelisted, so only iobroker may execute it as root, which adds the commands to sudoers.d/iobroker. When an adapter is installed, JS-Controller executes that script and passes the required commands.
It probably makes sense to compile the entire list on each adapter install/uninstall/update, because some adapters might share the required commands.
Again, we need some form of control over this - probably check it before moving adapters to stable.

@Apollon77 @GermanBluefox your thoughts?

[Apollon77]

For me the question is if really "we" need to be in charge to check/question this (we can do this initailly when a adapter comes into the repo, but after that we are nearly blind - unless we diuplictae tis in the repo file and so see on PRs.
We can also require

My idea would be more "Transparency", "Guidance" and "self control", so we should have a popup in Admin when installing such adapters stating exactly what we do and maybe user explicitely needs to "ack" (Checkboxes?!) that we do these actions/run dapter as root. And the message should be clear "Dear user, you need to approve that this adapter is allowed to ... Decide carefully"

We would need to add that into the install adapter dialog where you choose host and instance number and such.

[AlCalzone]

I like the popup idea. In that case, we should probably distinguish between required commands (that the adapter needs to function at all) and optional commands (that allow the adapter to do more).
The installation should not be possible when a required command is not permitted.

[Apollon77]

I would not let the user choose n a command base, ore like

• one checkbox if "run as root" is requested. if not accepted, no install
• one checkbox for "install will give the following prigrams access for iobroker ..." if not accepted no install

if we want we could do one more with "optional" command, but then it maybe becomes complex

And sure we also need to have such a question on cli level :-)

[Apollon77]

With ll the things we did so far ... whats really left here or ok for now?

[AlCalzone]

Everything thats described above is still TODO. This is about managing the permissions using JS-Controller and io-package fields. Currently, we are doing this very manually.