Currently when running with a RAM disk e.g. /mnt/ramdisk it is necessary for the run as user to have sufficient permissions to be able to do a password-less sudo. While use of sudo for privileged operations is not unexpected the way it is done currently is overly broad and creates a potential security flaw. For example in the mount script currently the script does a sudo bash in order to invoke a function which carries out the mounting operation:
This essentially gives the run as user a privileged shell. This prevents granting the run as user limited sudo privileges e.g.
Which should be sufficient for the Mount script to mount the RAM disk. Instead you're forced either create a privileged user account or to grant the account the ability to sudo bash. So you have to create an account that has the ability to do privilege escalation because if they can sudo bash they can get a privileged shell and do whatever they want.