Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Adding /etc/hosts entry to host machine on vagrant up

Tags:

vagrant

Is it possible for one to modify files on the host machine during the vagrant up process? For example, adding an entry to the host machine's /etc/hosts file to avoid having to do this manually?

like image 415
Michael Robinson Avatar asked May 18 '13 13:05

Michael Robinson


People also ask

Can I add port in etc hosts?

3. Adding a Port Number. Unfortunately, we can't. The hosts file only deals with hostnames, not ports.

What is host file entry?

What is the “hosts” file. A hosts file which is used by operating systems to map a connection between an IP address and domain names before going to domain name servers. This file is a simple text file with the mapping of IPs and domain names.


2 Answers

The solution is to use vagrant-hostsupdater

vagrant plugin install vagrant-hostsupdater

This plugin adds an entry to your /etc/hosts file on the host system.

On up and reload commands, it tries to add the information, if its not already existant in your hosts file. If it needs to be added, you will be asked for an administrator password, since it uses sudo to edit the file.

On halt, suspend and destroy, those entries will be removed again.

like image 126
Michael Robinson Avatar answered Nov 01 '22 19:11

Michael Robinson


OK, so now the guy sitting next to you at the coffee shop can most likely ssh to port 2222 (EDIT: changed on newer versions of vagrant, unless you explicitly enable external access) on your computer, login as vagrant with the insecure key, modify your Vagrantfile, since it's mounted read-write and owned by the vagrant user, insert arbitrary ruby code to run in the host environment, and now it looks like they've got root access on the host environment as well. Brilliant.

I hope people run firewalls on their development machines.

EDIT:

So after writing the above, I bugged the author of Vagrant, the default has been changed so that port 2222 is not open by default on the external interface. Big improvement (though still something to be careful of, since external access is often opened up for various reasons).

So, having put in effort to get the situation fixed since making this comment, I'm now getting down votes, apparently because the comment is out of date. Damn. It was correct when written.

EDIT:

In response to Steve Buzonas, the point is that if there's any likelhihood of the virtual machine being compromised then giving the vagrant up process elevated permissions represents a serious risk to the security of the host environment, and also being able to modify the /etc/hosts environment file is dangerous, even without general root access. As I've pointed out, vagrant's approach to keeping the VM secure is not particularly rigorous.

like image 42
mc0e Avatar answered Nov 01 '22 18:11

mc0e