From e58070529de3074f6fe6abf5285396aa0adb8cf0 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Mon, 22 Mar 2021 19:26:25 -0700 Subject: move comments on :SUDO to the manual & drop a TODO Signed-off-by: Sean Whitton --- src/connection/sudo.lisp | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'src/connection/sudo.lisp') diff --git a/src/connection/sudo.lisp b/src/connection/sudo.lisp index c0e8f02..df2b1c3 100644 --- a/src/connection/sudo.lisp +++ b/src/connection/sudo.lisp @@ -25,26 +25,6 @@ ;; data to obtain passwords by following the conventions for having ;; prerequisite data sources provide them. -;; Passing :as implies using a password, not passing it means assume NOPASSWD. -;; We only support querying prerequisite data sources for passwords. - -;; Be aware that if any connection types which start up remote Lisp images -;; occur before a :sudo entry in your connection chain, ESTABLISH-CONNECTION -;; will need to inform the newly-started remote Lisp image of any sudo -;; passwords needed for establishing the remaining hops. Depending on how the -;; connection type feeds instructions to the remote Lisp image, this may -;; involve writing your sudo password to a file under ~/.cache on the machine -;; which runs the remote Lisp image. At least :sbcl avoids this by sending -;; your password in on stdin. - -;; TODO Let's require the user pass :PASSWD or :NOPASSWD to indicate whether -;; we'll query prerequisite data sources and always try to send a password on -;; stdin, or never try to send one (and default to :NOPASSWD). Will still -;; require an :AS parameter, which is redundant in a sense, but this way -;; avoids it being implicit that we're always going to be sending a password -;; on stdin, which latter has security implications (e.g. if a password is not -;; actually required then the password is going into random processes). - (defmethod preprocess-connection-args ((type (eql :sudo)) &key as (to "root")) (list :sudo :user to -- cgit v1.2.3