andykais•17mo ago

best practice when spawning commands that require sudo?

I am building a command line utility in deno that leverages data coming from tcpdump. To get any meaningful data out of tcpdump, I need elevated permissions. To keep this command portable, that means running sudo tcpdump inside my deno program. How can I set up deno permissions to run a specific command executed through sudo? A simple permission of --allow-run=sudo would be dangerous. I could just let the user approve each time, but even then, all they know is that they are approving sudo, there is no other knowledge of what the subcommand is:

┌ ⚠️  Deno requests run access to "sudo".
├ Requested by `Deno.Command().spawn()` API.
├ Run again with --allow-run to bypass this prompt.
└ Allow? [y/n/A] (y = yes, allow; n = no, deny; A = allow all run permissions) > y

┌ ⚠️  Deno requests run access to "sudo".
├ Requested by `Deno.Command().spawn()` API.
├ Run again with --allow-run to bypass this prompt.
└ Allow? [y/n/A] (y = yes, allow; n = no, deny; A = allow all run permissions) > y

Im not sure if I have a suggestion yet on how we could improve this. Right now I am just curious if anyone else has ran into this. I could leverage roles & permissions on my linux machine to allow this program to run without sudo, but thats not very portable, other users would have to do the same "add user/allow user access to x,y,z/change user to run the command/etc"

1 Reply

andykais•17mo ago

I think I found a solution that works. Essentially I use these permissions: --allow-run=tcpdump, and then instruct that the whole deno script must be run with sudo