When creating the sudoers file limit the NOPASSWD: to just what is needed

[cmbcmb]

trafficstars

To improve security, when creating the sudoers file limit the NOPASSWD: to just what is needed. Also limit the username The below in the sudoers file was all I found I needed ALL=(ALL:ALL) NOPASSWD: /usr/local/bin/gravity-sync, /usr/bin/rsync, /usr/bin/touch i.e. changes

1. All replaced with username
2. All (after NOPASSWD:) replaced with /usr/local/bin/gravity-sync, /usr/bin/rsync, /usr/bin/touch

I haven't tested all cases (I don't have enough different test cases). I am using default install, tested pull, push, compare, no issues seen. I have not tested docker, podman. I have not tested with cron created for baskup, auto sync.

This reduces possible attacks through sudoers file, by increasing the number of commands which need a password on local machine and over ssh.

[TotalGriffLock]

See PR 445 https://github.com/vmstan/gravity-sync/pull/445

[vmstan]

Effective July 26, 2024, this project has been retired. Thank you for your use and enthusiasm for a project that began as a few lines of bash in a Slack channel and envolved into something far more complex, and used by many thousands of Pi-hole enthusiasts over the last four years.