Zpool scrub and not-root users
Chuck Swiger
cswiger at mac.com
Tue May 25 19:37:38 UTC 2010
On May 25, 2010, at 12:21 PM, jhell wrote:
> He does not need to add another layer of insecurity to his system such
> as sudo. Not saying that this is bad but it feels like a little overkill
> for something as simple as this.
>
> This can be done old-school.
>
> pw groupadd _zfsadm
> pw groupmod _zfsadm -m {username}
> chmod u+s,o-rx /sbin/zpool
> chown :_zfsadm /sbin/zpool
>
> Repeat command line 2 for every user you want to have root type access to /sbin/zpool.
This is providing them with the ability to run any zpool command, not restricted to "zpool scrub" only. "zpool offline" or "zpool destroy" could wreak havoc upon the system if misused....
Regards,
--
-Chuck
More information about the freebsd-stable
mailing list