Could Repl.it Allow Root User Access Just on Apt?
Would it be possible for Repl.it to allow sudo just on the apt/apt-get commands?
https://askubuntu.com/questions/612256/how-do-i-allow-a-user-to-only-run-the-apt-get-update-command-with-sudo and https://askubuntu.com/questions/612256/how-do-i-allow-a-user-to-only-run-the-apt-get-update-command-with-sudo should help if you decide to do this.
install-pkg doesn't give full root access for building applications, so attempting to build different languages, including COBOL, doesn't work. Enabling sudo in install-pkg or apt/apt-get would allow these languages to be used on Repl.it without you all at Repl.it having to add them directly. Languages like Fortran do work without root access, but not COBOL and likely some others. It seems like Repl.it has been putting a lot of focus on languages there are work-arounds for rather than languages like COBOL that you cannot work around.
@amasad What do you think?
This could be really useful, or a system in which these packages can be installed securely by Replit.
I agree, @19wintersp! Please vote this post up for more people to see (and the comments if u want)!
Yes, we need this. Upvote this feedback post: https://repl.it/feedback/p/root-access-in-the-linux-containers
Having any root access at all is a big risk even for just one program.
How would it tell what you were running is apt? What if someone made a program and named it the same as apt and then put it in PATH?
There are way more ways to break out of a VM when you have root access than if you don't.
@CSharpIsGud well, they could just make the apt binary suid
@programmeruser Does apt not run scripts for pre install post install etc? You don't want those running as root either.
@19wintersp @CSharpIsGud @Andy_4sberg @AmazingMech2418 @wiz64 https://blog.replit.com/nix
This is truly
AWESOME, @programmeruser.@programmeruser Yeah, saw this, and it looks really cool. Planning on making something which takes advantage of this.
@programmeruser I saw Nix as a language, but I was wondering what it was for! This is really cool! Time to port my Ada pi approximator to Repl.it! LOL!