sonic_installer list without sudo

[qiluo-msft]

Description

Nowadays I must use below command

sudo sonic_installer list

Instead of

sonic_installer list

The sudo seems not necessary and this is a read only operation.

Additional information you deem important (e.g. issue happens only occasionally)
I believe we could solve this issue by make grub.cfg accessible to everyone

sudo chmod a+r /host/grub/grub.cfg
admin@sonic:~$ python
Python 2.7.13 (default, Sep 26 2018, 18:42:22)
[GCC 6.3.0 20170516] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from sonic_installer.main import *
>>> images = get_installed_images()
>>> curimage = get_current_image()
>>> nextimage = get_next_image()
>>> images
['SONiC-OS-20181130.70', 'SONiC-OS-20181130.77']
>>> curimage
'SONiC-OS-20181130.77'
>>> nextimage
'SONiC-OS-20181130.70'

[jleveque]

@qiluo-msft: This issue should also be opened in sonic-buildimage, as we will also need to add sonic-installer list to the list of read-only commands in the sudoers file.

Also, I'm not sure if you're aware, but a show boot command which wraps sonic-installer list was recently added: https://github.com/Azure/sonic-utilities/blob/master/show/main.py#L2723.

[qiluo-msft]

I am arguing about there is no need to sudo.
If this is true, no need to worry about sudoers file.

[jleveque]

We explicitly allow read-only commands in the sudoers file. We will need to explicitly allow sonic-installer list so that the other subcommands are still protected. sonic-installer performs both read and write operations. We still need to protect the other subcommands, so we can't remove the need for sudo altogether.

The show boot command is the correct way to perform this operation without sudo, as sudo is handled under the hood.

[jleveque]

Sudoers file PR here: sonic-net/sonic-buildimage#4996
201911 PR here: sonic-net/sonic-buildimage#4997