On Tue, May 05, 2015 at 08:54:18PM +0200, Anders Ingemann wrote: > Funny you should say that. About 6 months ago I was thinking about the same > thing, the best way to do this would be to launch bootstrap-vz as root, but > immediately suid to some other user and the only go back when needed. I > think using sudo directly might become a little messy and non-pythonic. I don't use bootstrap-vz (I'm still maintaining the old bash version, which continues to generate all possible Wheezy EC2 image types using euca2ools), but I have to agree that seeing sudo in scripts really annoys me - especially if it's unexpected or called multiple times. If you have the password caching disabled and call it more than once, it can make execution impractical. Running as root and dropping privileges where possible is what most projects (such as Apache httpd) do.
Attachment:
signature.asc
Description: Digital signature