Can we remove privilege from the check to see if mbuffer is installed on DST?

[papamoose]

For the following line:

https://github.com/oetiker/znapzend/blob/c604a86857430258c2b8479c356437c0f61a4dc6/lib/ZnapZend/ZFS.pm#L525

It seems @{$self->priv} is unnecessary to run the 'test' command.

I setup a dedicated user account to handle zfs sending and receive on SRC and DST:a. This user account requires sudo privileges to execute ZFS commands. (I may have allowed this user account to do too much).

# on DST:
root@client# cat /etc/sudoers.d/20_zfsreplication
zfsreplication ALL=(root) NOPASSWD: /sbin/zfs,/sbin/zpool,/usr/bin/znapzend,/usr/bin/znapzendzetup

This works fine until you want to use 'mbuffer'. Using the '--mbuffer=/usr/bin/mbuffer' command in 'znapzendzetup' and '--rootExec=sudo' results in the following error message:

sudo: no tty present and no askpass program specified
*** WARNING: executable '/usr/bin/mbuffer' does not exist on nfsclient

The program is installed:

root@nfsclient:~# which mbuffer
/usr/bin/mbuffer

It is not until I add the ability for the DST user to be able to 'sudo /usr/bin/test' that 'znapzendzetup' works as expected.

It seems a bit much to require privilege escalation on /usr/bin/test just to check if the 'mbuffer' binary exists. Though, I can easily construct scenarios in which it would be required to use 'sudo'; though none of them seem very likely... which is why I bring it up here instead of making a pull request.

As an aside for ZFS.pm#L525, if we are using sudo here we might want to add the '-n' option.

 -n, --non-interactive
             Avoid prompting the user for input of any kind.  If a password is required for the command to run, sudo will display an error message and exit.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.