[Question] run privileged

[Xyz00777]

Hi i have a short question, i want to run it on a linux based server and want to do with it also some things which i need root privileges. so i want to run it as root. but already at the time of doing the first registration i get the "FTL go-hass-agent should not be run with additional privileges or as root." message. how can i say to it i know that i run it as root and i want to do it?

[joshuar]

Hey there! Thanks for trying out the agent. I'm reluctant to allow the agent itself to run as a privileged user, as it doesn't need any privileges. Although, I can understand that gathering some sensor data might require privileges, and some scripts or commands might need privileges. But in those cases, is it possible to elevate your privileges just for those actions? For example, using sudo to execute a script or command?

Would it be possible to provide some details about what you want to do? We could see if there is a workaround.

[Xyz00777]

I thought about turning off the server when window sensors get triggered while I'm not at home, or using custom scripts to get statistics about game servers, or statistiks about my proxmox VMs, because i dont like the available solution with binary sensors. These scripts would run on other users' machines or involve tasks that require root access, like shutting down the server. Yes, I could create a specific user with sudo privileges and specific root allowances, or I could just run everything as root. At this point, the question is whether it's worth taking the time to configure everything correctly, or if the quick and dirty solution is more appropriate for my home network, which already has a good firewall configuration with subnets, etc. :/

[joshuar]

Hey there, so if you have MQTT connected to Home Assistant, you can configure Go Hass Agent to connect to MQTT and it will expose a button for shutting down the device running the agent. You can then trigger that in an Home Assistant automation (or dashboard) by calling the button.press service.

For fetching information from other places, I feel like its best if the any privileged operations stay within the script/program that fetches the data.

I can understand it is easier to avoid any privilege switching, but I'm not convinced there is any benefit for Go Hass Agent itself, to run privileged. I am hoping the current custom script sensors and custom commands via MQTT cover any kind of situation for custom fetching. I would be very interested to hear any specific scenario where you need privileges to get or control some data/thing, cannot do it with a custom script/command and therefore it would be useful for the agent to have privileges.

Sorry this is not the answer you were looking for.

It might be interesting to create a discussion about custom data sources that need privileges. It always seems a bit arbitrary IMO what data I can get without privileges vs what needs certain privileges.

[Xyz00777]

no problem, than i will first try to do it the "correct" (no privileges from the start) way :D i just thought that it would be usefull if there would be an option like allow run as root and im aware of the security danger. but i can understand the point that you would like not to implement these so it will get setup up correctly :) i will do an discussion for things i dont find :)