Closed reuc closed 2 months ago
I agree with this. I'd like the sudoer file to target only the commands that gravity-sync needs to execute. As an example: replace gs-nopasswd with this:
User_Alias GRAVITY = <myuser>
# command group: implicit allow for commmands
Cmnd_Alias GRAVCMDS = \
/usr/bin/rsync *\
/usr/local/bin/pihole *\
/usr/bin/pihole-FTL *\
/usr/local/bin/gravity-sync *
GRAVITY ALL = NOPASSWD: GRAVCMDS
... or better yet. specify the EXACT commands that need to run (e.g. replace the * with the command line options that run)
Effective July 26, 2024, this project has been retired. Thank you for your use and enthusiasm for a project that began as a few lines of bash in a Slack channel and envolved into something far more complex, and used by many thousands of Pi-hole enthusiasts over the last four years.
Issue Description Install places a sudoers.d config file with the following permissions pi ALL=NOPASSWD: ALL
The template folder shows a sudoers.d of: pi ALL=NOPASSWD: /etc/pihole
However the sudoers config in the template folder fails when trying to push or pull from a remote system
Configuration Details