--- myst: html_meta: "description lang=en": "Configuring Kasm Workspaces sessions to run as root or with sudo access. " "keywords": "Kasm, How to, How-to, Sudo, Docker, Installing Packages, Root, Workspaces" "property=og:locale": "en_US" --- ```{title} Running as Root ``` # Running Workspaces as Root By default Kasm containers run as a non privileged user with a UID of 1000. This user can launch programs and perform typical workloads, but cannot install new programs using the system package manager. In order to install packages the package manager must be run as root, this document shows the methods for using sudo or the docker run config to run commands as root. ```{note} Packages installed in a running container do not persist when the container is destroyed. To have a package be permanently installed an Admin must build it into a custom Workspace, for more details see the [Custom Images Guide](../how_to/building_images). ``` ```{warning} Running a container as root is not recommended, as it removes one layer of security for preventing a user from breaking out of the container and gaining access to the host system. ``` There are two main methods of running programs inside the container as root: - Altering the **Docker Run Config** to run the whole container as root. - Using **sudo** run individual commands as root. ## Running whole container as root Running the container as root is the easiest, as it only requires altering the docker run config, but it comes with some limitations. - If the desktop session refuses to start and enters looping screen of "Creating secure connection" you may have to disable pulse audio. - Some programs, like Mozilla Firefox will refuse to start as root. Enter the **Kasm Workspaces Admin UI**, select **Workspaces** -> **Workspaces** . Edit the Workspace you want to run as root or create a new Workspace. ```{figure} /images/running_as_root/root_edit_image.webp :align: center **Editing a Workspace** ``` Modify the **Docker Run Config Override** field to include `"user":"root"`. For example: > ```json > { > "hostname":"kasm", > "user":"root" > } > ``` Test launching the Workspace. Running `whoami` should display "root". If the Workspace fails to launch and instead cycles through a "Creating Workspace" and a black screen, then edit **Docker Run Config Override** to disable pulseaudio. The resulting field should look like the following example: > ```json > { > "hostname":"kasm", > "user":"root", > "environment" : {"START_PULSEAUDIO" : "0"} > } > ``` If the Workspace launches and `whoami` shows "root" that means the config change is successful and all commands are being run as root. ## Installing and Configuring sudo via Docker Exec Enter the **Kasm Workspaces Admin UI**, select **Workspaces** -> **Workspaces**. Edit the Workspace you want to run as root or create a new Workspace. ```{figure} /images/running_as_root/root_edit_image.webp :align: center **Editing a Workspace** ``` Modify the {ref}`docker-exec-config` field to include the following example of installing sudo and configuring sudo to not require a password. > ```json > { > "first_launch":{ > "user":"root", > "cmd":"bash -c 'apt-get update && apt-get install -y sudo && echo \"kasm-user ALL=(ALL) NOPASSWD: ALL\" >> /etc/sudoers'" > } > } > ``` Test launching the Workspace. It may take a few moments for sudo to be installed and configured. After which, it may be used from a terminal. This workflow requires the Kasm session have access to the ubuntu repositories. This script may be modified to work on other distros. ## Building a Workspace with sudo If desired, sudo can be built directly into a custom image. This only goes over the specific configuration required to get the sudo command working, for detailed instructions on building custom images, please see the [Custom Images Guide](../how_to/building_images). Follow the Custom Images guide to create a custom Workspace, adding the following to the section of the Dockerfile marked "###Customize Container Here###" . > ```{eval-rst} > .. parsed-literal:: > RUN apt-get update \\ > && apt-get install -y sudo \\ > && echo 'kasm-user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers \\ > && rm -rf /var/lib/apt/list/* > ``` When testing the Workspace `sudo whoami` should show "root". Commands can now be run as root by prepending them with `sudo`.