From owner-freebsd-stable@FreeBSD.ORG  Tue May 25 19:37:38 2010
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8A5E81065672
	for <freebsd-stable@freebsd.org>; Tue, 25 May 2010 19:37:38 +0000 (UTC)
	(envelope-from cswiger@mac.com)
Received: from asmtpout030.mac.com (asmtpout030.mac.com [17.148.16.105])
	by mx1.freebsd.org (Postfix) with ESMTP id 7204F8FC14
	for <freebsd-stable@freebsd.org>; Tue, 25 May 2010 19:37:38 +0000 (UTC)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=us-ascii
Received: from [10.1.1.200] ([173.200.187.194])
	by asmtp030.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01
	(built Dec
	16 2008; 32bit)) with ESMTPSA id <0L2Z002V0QINIF40@asmtp030.mac.com> for
	freebsd-stable@freebsd.org; Tue, 25 May 2010 12:37:38 -0700 (PDT)
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
	ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam
	adjust=0
	reason=mlx engine=6.0.2-1004200000 definitions=main-1005250125
X-Proofpoint-Virus-Version: vendor=fsecure
	engine=1.12.8161:2.4.5,1.2.40,4.0.166
	definitions=2010-05-25_02:2010-02-06, 2010-05-25,
	2010-05-25 signatures=0
From: Chuck Swiger <cswiger@mac.com>
In-reply-to: <4BFC2354.5040104@dataix.net>
Date: Tue, 25 May 2010 12:37:34 -0700
Message-id: <148119B8-AE3E-471E-A9A2-D93B70843305@mac.com>
References: <AANLkTik61-R3JXS3uSurZo6dqEBNkfL_WDh0TzSzLcTn@mail.gmail.com>
	<20100524190433.GA36301@icarus.home.lan> <4BFC2354.5040104@dataix.net>
To: jhell <jhell@DataIX.net>
X-Mailer: Apple Mail (2.1078)
Cc: freebsd-stable@freebsd.org
Subject: Re: Zpool scrub and not-root users
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2010 19:37:38 -0000

On May 25, 2010, at 12:21 PM, jhell wrote:
> He does not need to add another layer of insecurity to his system such
> as sudo. Not saying that this is bad but it feels like a little overkill
> for something as simple as this.
> 
> This can be done old-school.
> 
> pw groupadd _zfsadm
> pw groupmod _zfsadm -m {username}
> chmod u+s,o-rx /sbin/zpool
> chown :_zfsadm /sbin/zpool
> 
> Repeat command line 2 for every user you want to have root type access to /sbin/zpool.

This is providing them with the ability to run any zpool command, not restricted to "zpool scrub" only.  "zpool offline" or "zpool destroy" could wreak havoc upon the system if misused....

Regards,
-- 
-Chuck