It seems @{$self->priv} is unnecessary to run the 'test' command.
I setup a dedicated user account to handle zfs sending and receive on SRC and DST:a. This user account requires sudo privileges to execute ZFS commands. (I may have allowed this user account to do too much).
# on DST:
root@client# cat /etc/sudoers.d/20_zfsreplication
zfsreplication ALL=(root) NOPASSWD: /sbin/zfs,/sbin/zpool,/usr/bin/znapzend,/usr/bin/znapzendzetup
This works fine until you want to use 'mbuffer'. Using the '--mbuffer=/usr/bin/mbuffer' command in 'znapzendzetup' and '--rootExec=sudo' results in the following error message:
sudo: no tty present and no askpass program specified
*** WARNING: executable '/usr/bin/mbuffer' does not exist on nfsclient
The program is installed:
root@nfsclient:~# which mbuffer
/usr/bin/mbuffer
It is not until I add the ability for the DST user to be able to 'sudo /usr/bin/test' that 'znapzendzetup' works as expected.
It seems a bit much to require privilege escalation on /usr/bin/test just to check if the 'mbuffer' binary exists. Though, I can easily construct scenarios in which it would be required to use 'sudo'; though none of them seem very likely... which is why I bring it up here instead of making a pull request.
As an aside for ZFS.pm#L525, if we are using sudo here we might want to add the '-n' option.
-n, --non-interactive
Avoid prompting the user for input of any kind. If a password is required for the command to run, sudo will display an error message and exit.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
For the following line:
https://github.com/oetiker/znapzend/blob/c604a86857430258c2b8479c356437c0f61a4dc6/lib/ZnapZend/ZFS.pm#L525
It seems @{$self->priv} is unnecessary to run the 'test' command.
I setup a dedicated user account to handle zfs sending and receive on SRC and DST:a. This user account requires sudo privileges to execute ZFS commands. (I may have allowed this user account to do too much).
This works fine until you want to use 'mbuffer'. Using the '--mbuffer=/usr/bin/mbuffer' command in 'znapzendzetup' and '--rootExec=sudo' results in the following error message:
The program is installed:
It is not until I add the ability for the DST user to be able to 'sudo /usr/bin/test' that 'znapzendzetup' works as expected.
It seems a bit much to require privilege escalation on /usr/bin/test just to check if the 'mbuffer' binary exists. Though, I can easily construct scenarios in which it would be required to use 'sudo'; though none of them seem very likely... which is why I bring it up here instead of making a pull request.
As an aside for ZFS.pm#L525, if we are using sudo here we might want to add the '-n' option.