Date: Tue, 25 May 2010 12:37:34 -0700 From: Chuck Swiger <cswiger@mac.com> To: jhell <jhell@DataIX.net> Cc: freebsd-stable@freebsd.org Subject: Re: Zpool scrub and not-root users Message-ID: <148119B8-AE3E-471E-A9A2-D93B70843305@mac.com> In-Reply-To: <4BFC2354.5040104@dataix.net> References: <AANLkTik61-R3JXS3uSurZo6dqEBNkfL_WDh0TzSzLcTn@mail.gmail.com> <20100524190433.GA36301@icarus.home.lan> <4BFC2354.5040104@dataix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 25, 2010, at 12:21 PM, jhell wrote:
> He does not need to add another layer of insecurity to his system such
> as sudo. Not saying that this is bad but it feels like a little overkill
> for something as simple as this.
>
> This can be done old-school.
>
> pw groupadd _zfsadm
> pw groupmod _zfsadm -m {username}
> chmod u+s,o-rx /sbin/zpool
> chown :_zfsadm /sbin/zpool
>
> Repeat command line 2 for every user you want to have root type access to /sbin/zpool.
This is providing them with the ability to run any zpool command, not restricted to "zpool scrub" only. "zpool offline" or "zpool destroy" could wreak havoc upon the system if misused....
Regards,
--
-Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?148119B8-AE3E-471E-A9A2-D93B70843305>