gravity-sync icon indicating copy to clipboard operation
gravity-sync copied to clipboard

Published 20 hours ago • verified publisher icon vmstan

Password-less sudo too open and template doesn't allow enough permissions

Open reuc opened this issue 2 years ago • 1 comments
trafficstars

Issue Description Install places a sudoers.d config file with the following permissions pi ALL=NOPASSWD: ALL

The template folder shows a sudoers.d of: pi ALL=NOPASSWD: /etc/pihole

However the sudoers config in the template folder fails when trying to push or pull from a remote system

Configuration Details

reuc avatar Dec 30 '22 23:12 reuc

I agree with this. I'd like the sudoer file to target only the commands that gravity-sync needs to execute. As an example: replace gs-nopasswd with this:

User_Alias GRAVITY = <myuser>

# command group: implicit allow for commmands
Cmnd_Alias GRAVCMDS = \
        /usr/bin/rsync *\
	/usr/local/bin/pihole *\
	/usr/bin/pihole-FTL *\
	/usr/local/bin/gravity-sync *

GRAVITY ALL = NOPASSWD: GRAVCMDS

... or better yet. specify the EXACT commands that need to run (e.g. replace the * with the command line options that run)

traxeon avatar Mar 11 '24 13:03 traxeon

Effective July 26, 2024, this project has been retired. Thank you for your use and enthusiasm for a project that began as a few lines of bash in a Slack channel and envolved into something far more complex, and used by many thousands of Pi-hole enthusiasts over the last four years.

vmstan avatar Jul 26 '24 18:07 vmstan