As I was testing a personal docker build and image that does run the vscode in a browser, similar to Gitpod, I came across this setup.sh script that will be launched by coderoad inside vscode at start, when you give it the tutorial.json course.
My question is why are we using elevated privileges (via sudo) to do those tasks. The user that owns those directories is the same user that is launching visual studio code. Why are we creating them as root, and then being forced to open it up to everyone, since root owns it now. That also, has the implication that the normal user now must be allowed to have root privileges.
What’s the inside tribal knowledge that I do not possess, behind the reason?
Thank you.
Not sure those commands need sudo. My guess would be it’s just as a precaution (to avoid write issues).
However, someone more knowledgeable about the setup would have to comment on it. I think the script is launched using the coderoad.yaml yaml file so maybe there is something about that as well.
Thank you for your response. The code is originated by the coderoad.yaml by way of creating the tutorial.json which the coderoad vs code extension initiates.
There are nuance in using sudo in a script. Using it as precaution is one of them
The same goes for chmod 777. Never a good sign by anyone that cares.
Nevertheless, I am not trying to tell anyone “this is bad” you should not do this or that. I am trying to find out if the author knew the consequences of it and made the conscience choice to go that way, and perhaps encourage to give it another thought if it is time to re-visit the choice.
A result of this script is that now the normal user that starts the process for vs code coderoad in a course is required to be allow to elevate privilege as root in order to configure its own state.
Using ‘sudo’ might not be necessary for these commands. Regular users usually have enough permissions for tasks like copying files to their home directory and creating files in a workspace directory. Giving broad permissions with ‘chmod 777’ can be risky. It’s important to check if ‘sudo’ is needed and set permissions carefully to stay safe.
You would have to ask @moT01 about it. I guess you can also open a GitHub issue for it.
I would assume the way Gitpod runs and the limited external access campers would give the environment makes it less of an issue. The Gitpod workspace is also an ephemeral environment that gets auto-deleted by default after some time. So this setup isn’t meant for anything permanent (afaik).
Anyway, I’m not the right person to answer this question but I would assume it is just a case of convenience vs security.
Thank you @lasjorg for you response. I do not want you to feel obligated to give an answer or an explanation to it. However, your words allows me to expose some other conditions where this becomes a problem.
If the intention (and that’s what I have been after all this time) was to care ONLY for what freecodecamp is doing with the isolated Gitpod containers, then I understand the logic behind it is OK and convenient. However, if I, as an individual would like to create an environment away from Gitpod, and I do not find allowing a normal user to be able to elevate privileges acceptable (for good reasons), then I only have two choices: I don’t or I have to possible modify two branches, due to how coderoad works with branches.
Are we not talking about setup files the camper would not usually look at? I don’t think how the challenges are set up is considered part of the learning process specific to the challenges.
I understand the curiosity and desire to learn about it which is great, but I don’t think the setup is part of what is being taught, well at least not directly but maybe indirectly.
The setup should hopefully follow good practices and may inadvertently not do so, but that should be reported as a “bug”.
Anyway, I would still suggest this question and its answer might be better suited to a GitHub issue.
Yeah, I am starting to gather the sense that this is not the place for this question. Remember, that’s why I was concerned with finding out the right place to ask and posted initially in General subforum asking specifically about it and then, both questions got moved here. Thank you for your suggestion. I am satisfied that this venue is not adequate for it.
Using ‘sudo’ may not always be required for executing these commands. Typically, regular users possess adequate permissions to carry out tasks like copying files to their home directory or creating files in designated workspace directories. Resorting to ‘chmod 777’ to grant broad permissions can pose risks. It’s crucial to assess the necessity of ‘sudo’ and assign permissions cautiously to maintain security.
I don’t recall the exact reasoning for all of these - but I’m pretty sure I tried other ways and was having issues. I don’t recall which environments or commands I was having issues with - the courses can be run in Gitpod, and formerly CodeAlly - or locally, and these commands need to work in all of them. Perhaps one of the environments was giving me problems and I needed to elevate some of the commands. I would welcome lowering the permissions if it works.
