Mirrors/dokku
1
0
Fork 0
mirror of https://github.com/dokku/dokku.git synced 2025-12-29 00:25:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6675 from dokku/remove-sudo-crontab

Browse Source 
Remove the need for executing crontab as root
This commit is contained in:
Jose Diaz-Gonzalez
2024-03-06 11:37:52 -05:00
committed by GitHub
parent 2bc79032cf 9fca7cf7d7
commit 7b61baddfd
4 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docker/etc/sudoers.d/dokku-docker
View File

@@ -1 +1 @@
dokku ALL=NOPASSWD:SETENV:/usr/bin/docker,/usr/bin/docker-container-healthchecker,/usr/bin/docker-image-labeler,/usr/bin/pack,/usr/bin/crontab
dokku ALL=NOPASSWD:SETENV:/usr/bin/docker,/usr/bin/docker-container-healthchecker,/usr/bin/docker-image-labeler,/usr/bin/pack

9
plugins/scheduler-docker-local/functions.go
View File

@@ -16,18 +16,16 @@ import (
func deleteCrontab() error {
result, err := common.CallExecCommand(common.ExecCommandInput{
Command: "/usr/bin/crontab",
Command: "crontab",
Args: []string{"-l", "-u", "dokku"},
Sudo: true,
})
if err != nil || result.ExitCode != 0 {
return nil
}
result, err = common.CallExecCommand(common.ExecCommandInput{
Command: "/usr/bin/crontab",
Command: "crontab",
Args: []string{"-r", "-u", "dokku"},
Sudo: true,
})
if err != nil {
return fmt.Errorf("Unable to remove schedule file: %w", err)
@@ -148,9 +146,8 @@ func writeCronEntries() error {
}
result, err := common.CallExecCommand(common.ExecCommandInput{
Command: "/usr/bin/crontab",
Command: "crontab",
Args: []string{"-u", "dokku", tmpFile.Name()},
Sudo: true,
})
if err != nil {
return fmt.Errorf("Unable to update schedule file: %w", err)

3
plugins/scheduler-docker-local/install
View File

@@ -14,8 +14,7 @@ trigger-scheduler-docker-local-install() {
fn-plugin-property-setup "scheduler-docker-local"
echo "%dokku ALL=(ALL) NOPASSWD:/usr/bin/crontab" >"/etc/sudoers.d/dokku-cron"
chmod "0440" "/etc/sudoers.d/dokku-cron"
rm -f "/etc/sudoers.d/dokku-cron"
echo "%dokku ALL=(ALL) NOPASSWD:/usr/bin/docker-container-healthchecker" >"/etc/sudoers.d/dokku-docker-container-healthchecker"
chmod "0440" "/etc/sudoers.d/dokku-docker-container-healthchecker"

2
tests/unit/cron.bats
View File

@@ -41,7 +41,7 @@ teardown() {
run /bin/bash -c "test -f /etc/sudoers.d/dokku-cron"
echo "output: $output"
echo "status: $status"
assert_success
assert_failure
}
@test "(cron) invalid [missing-keys]" {