[GH-ISSUE #602] when user doesn't have root sudo, install should print the commands to run with root privileges #334

New issue

Open

opened 2026-02-25 22:33:07 +03:00 by kerem · 3 comments

kerem commented

2026-02-25 22:33:07 +03:00

Owner

Originally created by @dcaillibaud on GitHub (Aug 22, 2024).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/602

Root privilege with sudo is common on ubuntu but it's not the only linux distribution !

"Normal" users without sudo are common, with admin task done with a lot of others way (root ssh access, root password, other admin user…).
In that case, a mkcert -install fails (it loops on asking the sudo password that doesn't exists), it should ask if user wants to try another sudo pass or give the root password or print the commands that needs to be run by root.

Originally created by @dcaillibaud on GitHub (Aug 22, 2024). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/602 Root privilege with sudo is common on ubuntu but it's not the only linux distribution ! "Normal" users without sudo are common, with admin task done with a lot of others way (root ssh access, root password, other admin user…). In that case, a `mkcert -install` fails (it loops on asking the sudo password that doesn't exists), it should ask if user wants to try another sudo pass or give the root password or print the commands that needs to be run by root.

kerem commented

2026-02-25 22:33:08 +03:00

Author

Owner

@iamprogrammerlk commented on GitHub (Sep 27, 2024):

I think you can install CA manually by using Firefox.
Go to Settings on Firefox then Search Certificate, click on the View Certificate button then Import.

You can find the rootCA.pem installed location by running mkcert --CAROOT.

@iamprogrammerlk commented on GitHub (Sep 27, 2024): I think you can install CA manually by using Firefox. Go to `Settings` on Firefox then Search ` Certificate`, click on the `View Certificate` button then `Import`. You can find the `rootCA.pem` installed location by running `mkcert --CAROOT`.

kerem commented

2026-02-25 22:33:08 +03:00

Author

Owner

@h43z commented on GitHub (Jan 14, 2025):

mkcert does not run with sudo if the Uid == 0 (https://github.com/FiloSottile/mkcert/blob/master/main.go#L383C1-L385C3).

So you should be able to run mkcert -install as root just fine.

But If you want to install the CA it for a specific non-root user, run it as root (from a root shell) but temporarily overwrite the HOME variable.

HOME=/home/some-non-root-user mkcert -install
chown some-non-root-user /home/some-non-root-user/.local/share/mkcert/rootCA*.pem

@h43z commented on GitHub (Jan 14, 2025): mkcert does not run with sudo if the Uid == 0 (https://github.com/FiloSottile/mkcert/blob/master/main.go#L383C1-L385C3). So you should be able to run `mkcert -install` as root just fine. But If you want to install the CA it for a specific **non-root** user, run it as root (from a root shell) but temporarily overwrite the HOME variable. ``` HOME=/home/some-non-root-user mkcert -install chown some-non-root-user /home/some-non-root-user/.local/share/mkcert/rootCA*.pem ```

kerem commented

2026-02-25 22:33:08 +03:00

Author

Owner

@dcaillibaud commented on GitHub (Jan 17, 2025):

Yes, I found this digging in the install script, but it wasn't so easy.

I open this issue to suggest an install script improvement, giving the choice to print this command, or printing it if sudo fails.

@dcaillibaud commented on GitHub (Jan 17, 2025): Yes, I found this digging in the install script, but it wasn't so easy. I open this issue to suggest an install script improvement, giving the choice to print this command, or printing it if sudo fails.