Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 May 2010 15:21:56 -0400
From:      jhell <jhell@dataix.net>
To:        Jeremy Chadwick <freebsd@jdc.parodius.com>
Cc:        Mikkel Skaerris <skaerris@gmail.com>, freebsd-stable@freebsd.org
Subject:   Re: Zpool scrub and not-root users
Message-ID:  <4BFC2354.5040104@dataix.net>
In-Reply-To: <20100524190433.GA36301@icarus.home.lan>
References:  <AANLkTik61-R3JXS3uSurZo6dqEBNkfL_WDh0TzSzLcTn@mail.gmail.com> <20100524190433.GA36301@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/24/2010 15:04, Jeremy Chadwick wrote:
> On Mon, May 24, 2010 at 05:00:03PM +0200, Mikkel Skaerris wrote:
>> Im wondering if there is a way of allowing non-root users to perform a disk
>> scrub using zpool scrub <pool>. I've been messing around with permissions,
>> but no luck so far. Anyone got a clue?
> 
> One question: why?  Followed by one answer: sudo.  :-)
> 

He does not need to add another layer of insecurity to his system such
as sudo. Not saying that this is bad but it feels like a little overkill
for something as simple as this.

This can be done old-school.

pw groupadd _zfsadm
pw groupmod _zfsadm -m {username}
chmod u+s,o-rx /sbin/zpool
chown :_zfsadm /sbin/zpool

Repeat command line 2 for every user you want to have root type access
to /sbin/zpool.

Of course you do not need the zfsadm group to do this. You could just
use the wheel group which in turn gives any member of that group su(1)
access to the root user, so you commands would turn into...

pw groupmod wheel -m {username}
chmod u+s,o-rx /sbin/zpool

Because this binary is already installed group wheel there is no need to
chown it. And this is a little more implicit that you trust anyone with
access to the zpool command will also be having access to su(1)

Pick one, and Ill leave the "how to keep these permissions through
upgrades/updates of world" up to you.

Good luck & regards,

- -- 

 jhell

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iQEcBAEBAgAGBQJL/CNUAAoJEJBXh4mJ2FR+HwcH/0vuGlIP8mU1p6FI0XiEl9K/
tpDLxED+4cd8htBTQyh0mDWrRz8dOagjggaENC2JvNpUO8Vhxx0mJNZY6pvzmAys
5VHevdYKvY6doEjoQD9muktECXruCOXgQtxeI34r+ZLJz9fUhVJIlcNDBBrhOAG5
/P6XYy5LIKEuxBBRNqosW+JVTcU4sOJhGU1YZUlUpn0z41ObM87vjD77XP6sWfhZ
Sw5dDPhNBHmmOuCEeuTnpItu1ykHUrr5jDkrtFWyIFP7ijPl7Fbd3VIRaP5nlWDU
yNd06479yKS1uqOwFeEXt3DOr8nws+uY/6WtXzlsmLdhsqwy2FQN35r7PlXaY0k=
=c/NP
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BFC2354.5040104>