Problem
When sudo-proxy writes a file to a root-owned directory (e.g. /etc/ssh/sshd_config.d/), the human approving the command in the TUI only sees the command line (install -m 644 /tmp/99-hardening.conf /etc/ssh/sshd_config.d/99-hardening.conf). They have no way to review the actual file contents before approving.
This came up when deploying an sshd hardening config — the file was staged in /tmp, copied via scp, then installed with install. The TUI approval step showed the install command but not what was being written.
Proposal
When the command involves writing/copying a file (e.g. install, cp, tee, mv), detect the source file and display its contents in the TUI prompt so the human can review before approving.
Things to consider:
- Heuristic detection of file-write commands vs. explicit metadata in the request
- Size limits / truncation for large files
- Binary file detection (skip or show hex summary)
- Source file may be on the remote host (already staged in
/tmp) or referenced in stdin
Problem
When sudo-proxy writes a file to a root-owned directory (e.g.
/etc/ssh/sshd_config.d/), the human approving the command in the TUI only sees the command line (install -m 644 /tmp/99-hardening.conf /etc/ssh/sshd_config.d/99-hardening.conf). They have no way to review the actual file contents before approving.This came up when deploying an sshd hardening config — the file was staged in
/tmp, copied viascp, then installed withinstall. The TUI approval step showed theinstallcommand but not what was being written.Proposal
When the command involves writing/copying a file (e.g.
install,cp,tee,mv), detect the source file and display its contents in the TUI prompt so the human can review before approving.Things to consider:
/tmp) or referenced in stdin