Skip to content
← Back to Community
How to Give Root Privileges to install-pkg
Profile icon
AmazingMech2418

Of course, in Repl.it, we do not have sudo or the ability to change to a superuser through su. Since apt requires root privileges, we must use install-pkg instead. Though, it seems that install-pkg does not have full root privileges as it does not seem to be able to write to the /usr/share/ directory when trying to install open-cobol to run COBOL in Repl.it.

Is it possible to give full root privileges to install-pkg? If so, how do you do it.

Also, I have another question with this: Since Repl.it uses only local file systems for the Ubuntu VMs on which almost every repl runs, why are root privileges denied to replitors? If we had root privileges in repls, we could also use apt, dpkg, etc. and could do so much more with Repl.it, but we can't do it because we don't have sudo or a password for su. @amasad , could you explain this?

Answered by kochman [earned 5 cycles]
View Answer
Voters
Profile icon
Y18IUddin
Profile icon
AmazingMech2418
Comments
hotnewtop
Profile icon
amasad

Because if you ever escape the container "jail" you could get sudo on the host where we run other people's code. Maybe @kochman can explain it better.

Profile icon
AmazingMech2418

@amasad So, if you can get past the local filesystem, you could end up accessing the Repl.it servers? Is that what you mean? I thought repls used a VM, not just a sandboxed command line...

Profile icon
kochman

@AmazingMech2418 repls are Docker containers, not whole VMs. This is how we’re able to give everyone so many resources for free and give even more resources to Hackers in exchange for just a few dollars a month.

We take a layered approach to security, and one important part is to grant fewer privileges to untrusted code. There have been exploits where root inside a container can be used to obtain root on the host.

There’s probably a way to install OpenCOBOL/GnuCOBOL from source without root inside of your repl if you’re up for giving that a try. Also, our base Docker image that we run repls on top of is open source, so you could try installing it there and opening a PR! https://github.com/replit/polygott

Profile icon
HahaYes

@amasad oh so this is why sudo doesn't work

Profile icon
AmazingMech2418

@kochman @amasad I'm guessing that Docker has to run on Linux, preferably Ubuntu or some other Debian-based distro. Unfortunately, I do not yet have a Linux computer and VirtualBox has been messing up lately for me. So, what should I do for testing purposes? I tried setting up Docker in a repl, but it didn't work. I get the following error for the make image command:

make[1]: Entering directory '/home/runner/StingyUnequaledTransversal/polygott' docker build -t polygott:latest . ERRO[0000] failed to dial gRPC: cannot connect to the Docker daemon. Is 'docker daemon' running on this host?: dial unix /var/run/docker.sock: connect: no such file or directory ERRO[0000] Can't add file /home/runner/StingyUnequaledTransversal/polygott/.git/hooks/update.sample to tar: io: read/write on closed pipe ERRO[0000] Can't close tar writer: io: read/write on closed pipe error during connect: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&session=vvzzyehzc9d4l7fzmz2zwhb7o&shmsize=0&t=polygott%3Alatest&target=&ulimits=null&version=1: context canceled Makefile:7: recipe for target 'image' failed make[1]: *** [image] Error 1 make[1]: Leaving directory '/home/runner/StingyUnequaledTransversal/polygott'

Since I don't have a Linux device to run Docker on, should I just try to submit a PR and could someone at Repl.it test the Docker image for COBOL?

I will also try building from source code, but I'm not 100% sure that will work.

Profile icon
kochman

@AmazingMech2418 Unfortunately running Docker inside your repl doesn’t work. It requires lots of privileges that could lead to security issues if granted to untrusted users.

You should be able to run Docker on Windows. I believe there’s an official path for this that runs a Linux VM for you. I don’t have a Windows machine to try it out but I think there is a way to build polygott on Windows.