.\" Automatically generated by Pandoc 2.9.2.1
.\"
.TH "IMAGE-FACTORY-SUDO-HELPER" "1" "2020-08-05" "image-factory-sudo-helper" "image-factory-sudo-helper\[cq]s Manual"
.hy
.SH NAME
.PP
image-factory-sudo-helper - Run certain commands as root
.SH SYNOPSIS
.PP
\f[B]image-factory-sudo-helper\f[R] \f[B]COMMAND\f[R]
.SH DESCRIPTION
.PP
\f[B]image-factory\f[R] can be run as normal user, but it need root
permission for a few operations like chmod, mount, and umount.
Since these operations cannot be secured with sudo\[cq]s wildcards,
\f[B]image-factory-sudo-helper\f[R] was introduced to check the commands
using regular expression.
.PP
\f[B]image-factory-sudo-helper\f[R] will take a command (including
parameters) and checks if it one of the three allowed commands:
.IP \[bu] 2
chmod on files or (sub-)directories in /tmp/image-factory
.IP \[bu] 2
mount of loop device in /tmp/image-factory
.IP \[bu] 2
umount in /tmp/image-factory
.PP
If the given command passes is one of the allowed commands, it will be
executed.
Otherwise an error message will be printed.
.SH USAGE
.PP
To allow running \f[B]image-factory\f[R] as normal user, only
\f[B]image-factory-sudo-helper\f[R] needs sudo permission for the user.
Example sudo configuration for user \f[I]jenkins\f[R]:
.IP
.nf
\f[C]
jenkins ALL = NOPASSWD:SETENV: /usr/bin/image-factory-sudo-helper
\f[R]
.fi
.SH ENVIRONMENT
.PP
If the environment variable \f[B]DRYRUN\f[R] is set, the given command
will not be executed but printed instead.
.SH AUTHOR
.PP
Benjamin Drung <benjamin.drung@cloud.ionos.com>