[INTPenis]

This reminds me of how some vagrant images run scripts. Maybe all of them. I started using vagrant a month ago and recently noticed that the official debian/buster64 image wants to run a script with sudo.

Yet the generic/debian10 and centos/7 images I otherwise use require no such privilege escalation to function.

It seems unnecessary and dangerous, I refuse to use such images if possible. But I did also setup a sudoers config to allow only the NFS commands that they need, just in case.

Point being that all these new tools we're using involve a lot of trust. Many of them can be treated just like curl piping to bash.