sorry, I did not see this earlier
I am running ERPNext inside an ubuntu 18.04 conainer. There comes a tool named bench
that comes with ERPNext and is needed to maintain the application (which is a multiservice webapplication with tools such as mariadb, supervisor, nginx, … involved).
there is a dedidcated user for runnig and maintaining erpnext through the bench
tool. This dedicated user is member of the sudo
group and I access container with lxc exec [container] -- su - [erpnext-user]
and then run most of the bench commands just directly without adding the sudo
prefix.
here an example: bench restart
[erpnext-user@ubn1804:~/frappe-bench$ bench restart
sudo: no tty present and no askpass program specified
Traceback (most recent call last):
File "/usr/local/bin/bench", line 11, in <module>
load_entry_point('bench', 'console_scripts', 'bench')()
File "/home/franch/.bench/bench/cli.py", line 40, in cli
bench_command()
File "/usr/lib/python3/dist-packages/click/core.py", line 722, in __call__
return self.main(*args, **kwargs)
File "/usr/lib/python3/dist-packages/click/core.py", line 697, in main
rv = self.invoke(ctx)
File "/usr/lib/python3/dist-packages/click/core.py", line 1066, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 895, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3/dist-packages/click/core.py", line 535, in invoke
return callback(*args, **kwargs)
File "/home/franch/.bench/bench/commands/utils.py", line 24, in restart
restart_supervisor_processes(bench_path='.', web_workers=web)
File "/home/franch/.bench/bench/utils.py", line 396, in restart_supervisor_processes
supervisor_status = subprocess.check_output(['sudo', 'supervisorctl', 'status'], cwd=bench_path)
File "/usr/lib/python3.6/subprocess.py", line 356, in check_output
**kwargs).stdout
File "/usr/lib/python3.6/subprocess.py", line 438, in run
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['sudo', 'supervisorctl', 'status']' returned non-zero exit status 1.
EDIT: when I add [erpnext-user] ALL=(ALL) NOPASSWD: ALL
to the sudoers file the above command bench restart
(without sudo
prefix as before) runs through as it should. I doubt the NOPASSWD: ALL
situation is ideal from a security perspective though, is it?