fix: run as root (Basilica blocks sudo), remove sudo prefix logic

echobt · echobt · commit 477a43348d2c · 2026-02-28T09:48:38.000Z
diff --git a/Dockerfile b/Dockerfile
@@ -11,18 +11,15 @@ RUN cargo build --release && strip target/release/term-executor
 # ── Runtime stage ──
 FROM debian:bookworm-slim
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    ca-certificates git curl libssl3 sudo \
+    ca-certificates git curl libssl3 \
     python3 python3-pip python3-venv \
     build-essential nodejs npm \
     golang-go \
     && ln -sf /usr/bin/python3 /usr/bin/python \
     && corepack enable 2>/dev/null || true \
     && rm -rf /var/lib/apt/lists/*
 COPY --from=builder /build/target/release/term-executor /usr/local/bin/
-RUN groupadd --system executor && useradd --system --gid executor --create-home executor \
-    && echo "executor ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/executor \
-    && mkdir -p /tmp/sessions && chown executor:executor /tmp/sessions
-USER executor
+RUN mkdir -p /tmp/sessions
 ENV IMAGE_NAME=platformnetwork/term-executor
 ENV IMAGE_DIGEST=""
 EXPOSE 8080
diff --git a/src/executor.rs b/src/executor.rs
@@ -331,22 +331,9 @@ async fn run_task_pipeline(
     result.status = TaskStatus::InstallingDeps;
     if let Some(ref install_cmds) = task.workspace.install {
         for cmd in install_cmds {
-            // Prefix commands that need root (apt-get, dpkg, etc.) with sudo
-            let effective_cmd = if cmd.trim_start().starts_with("apt-get")
-                || cmd.trim_start().starts_with("dpkg")
-                || cmd.trim_start().starts_with("apt ")
-            {
-                format!("sudo {}", cmd)
-            } else if cmd.contains("apt-get") || cmd.contains("dpkg") {
-                // Command chain containing apt-get (e.g. "apt-get update && apt-get install ...")
-                cmd.replace("apt-get", "sudo apt-get")
-                    .replace("dpkg", "sudo dpkg")
-            } else {
-                cmd.clone()
-            };
-            info!("[{}] Installing: {}", task.id, effective_cmd);
+            info!("[{}] Installing: {}", task.id, cmd);
             let (_, stderr, exit) = run_shell(
-                &effective_cmd,
+                cmd,
                 &repo_dir,
                 Duration::from_secs(config.clone_timeout_secs),
                 None,
