Get error `Password: su: Authentication failure` when su cannot authenticate about toast HOT 4 CLOSED

Hi @hwittenborn, thanks for filing this issue! I believe you have shed light on a legitimate bug that cannot be resolved by explicitly setting the user, as I will describe below.

As for why Toast uses su: it's because Toast runs your commands using the user's preferred shell, and the widely available su program implements the logic to determine and invoke a user's preferred shell. Toast doesn't make any assumptions about what shells are installed in your image. You are correct that an alternative design would be to assume some default shell (such as Bash), but allow the user to override it in the toastfile. However, that would mean some popular images such as Alpine (which does not have Bash) would not work without explicitly setting the shell, which I think is not a great user experience. Since all major Linux distributions include su, I think it is better for Toast to assume that su exists than to assume that bash exists (even if that assumption could be overridden).

As for why Toast doesn't pass --user to docker container create, it's because we're already using su for the reasoning described above.

However, this GitHub issue has made me realize that I think we should actually pass --user root to Docker (regardless of what user is specified in the toastfile) so that su has permission to then "become" the user configured in the toastfile without a password. I will investigate this and create a PR if necessary.

Thanks again for bringing this to my attention. I'll leave this bug open until I confirm that the issue exists as I understand it and any necessary fix has landed.

from toast.

I think we should actually pass --user root to Docker (regardless of what user is specified in the toastfile) so that su has permission to then "become" the user configured in the toastfile without a password.

Note that Toast defaults to running commands as root regardless of what user is specified in your Docker image, so for your use case you may want to explicitly set the user in your toastfile

That's more than acceptable for me. I'll get my system updated shortly and let you know if everything works after :)

from toast.

Can confirm everthing works now, thanks a ton!

from toast.

I confirmed my understanding of the bug with a simple test case. The bug has now been fixed by #421, and the fix has landed in v0.45.4. Package managers like Homebrew and MacPorts typically lag behind a few days, but the new version can be downloaded immediately from the releases page or installed via the installer script or Cargo. Also, the GitHub Action always uses the latest version of Toast, so the fix should be available there too.

Note that Toast defaults to running commands as root regardless of what user is specified in your Docker image, so for your use case you may want to explicitly set the user in your toastfile (either globally or for specific tasks) if you don't want to use root. For example:

image: proget.hunterwittenborn.com/docker/makedeb/makedeb-alpha:ubuntu-focal
user: makedeb
command_prefix: set -e
tasks:
  install-dependencies:
    command: |
      echo test

Thanks again for discovering and filing this bug! Since the fix has landed, I will close this issue now. Feel free to re-open it if you find that your issue is not resolved after upgrading to v0.45.4.

from toast.