Closed jocelynj closed 1 year ago
apprell
commented
1 year ago Hi,
Can you tell me what this is for?
The script needs to be run 100% from a privileged user, and it's easier to run the script itself with sudo -u autosnapuser proxmox-autosnap.py if needed
jocelynj
commented
1 year ago I've added this option to run the script as a specific user, and limit the specific commands that are launched as root. I think it also allows to make sure that the script doesn't launch any other command if there is a mistake in the python code.
What is your proposition of sudo -u autosnapuser proxmox-autosnap.py? Would this account autosnapuser be a privileged user with root permissions?
apprell
commented
1 year ago Can you show what rules for the user who will run the script you used for the tests sudo -l -U <username>?
jocelynj
commented
1 year ago Here is the list I have:
proxmox-backup ALL=NOPASSWD: /usr/bin/cat /etc/pve/.vmlist, /usr/sbin/pct snapshot *, /usr/sbin/pct listsnapshot *, /usr/sbin/pct delsnapshot *By the way, I would totally understand if you don't want to merge this PR to your repository :)
apprell
commented
1 year ago Cleaned up the script and added sudo, so the new code has everything you need
jocelynj
commented
1 year ago Thanks, this looks good.
This will launch the following commands with sudo: