othman.suseno/atlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix user permission issue
Some checks failed
CI / test-build (push) Failing after 2m13s
Details

Browse Source
This commit is contained in:
othman hendy suseno
2025-12-15 02:01:09 +07:00
parent f45c878051
commit 732e5aca11
2 changed files with 40 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
install.sh
View File

@@ -176,6 +176,22 @@ create_user() {
else
echo -e "${YELLOW}User $SERVICE_USER already exists${NC}"
fi
# Add user to disk group for block device access (required for ZFS)
if getent group disk > /dev/null 2>&1; then
usermod -a -G disk "$SERVICE_USER"
echo -e "${GREEN}Added $SERVICE_USER to disk group${NC}"
fi
# Create sudoers configuration for ZFS commands
echo -e "${GREEN}Configuring sudo for ZFS operations...${NC}"
cat > /etc/sudoers.d/atlas-zfs <<EOF
# Allow atlas user to run ZFS commands without password
# This is required for ZFS pool operations
$SERVICE_USER ALL=(ALL) NOPASSWD: /usr/sbin/zpool, /usr/bin/zpool, /sbin/zpool, /usr/sbin/zfs, /usr/bin/zfs, /sbin/zfs
EOF
chmod 440 /etc/sudoers.d/atlas-zfs
echo -e "${GREEN}Sudo configuration created${NC}"
}
# Create directories
@@ -479,7 +495,9 @@ Environment="ATLAS_LOG_LEVEL=INFO"
Environment="ATLAS_LOG_FORMAT=json"
# Security
NoNewPrivileges=true
# Note: NoNewPrivileges is set to false to allow sudo for ZFS operations
# This is necessary for ZFS pool management
NoNewPrivileges=false
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true

22
internal/zfs/service.go
View File

@@ -27,8 +27,28 @@ func New() *Service {
}
// execCommand executes a shell command and returns output
// For ZFS operations that require elevated privileges, it uses sudo
func (s *Service) execCommand(name string, args ...string) (string, error) {
cmd := exec.Command(name, args...)
// Commands that require root privileges
privilegedCommands := []string{"zpool", "zfs"}
useSudo := false
for _, cmd := range privilegedCommands {
if strings.Contains(name, cmd) {
useSudo = true
break
}
}
var cmd *exec.Cmd
if useSudo {
// Use sudo for privileged commands
sudoArgs := append([]string{name}, args...)
cmd = exec.Command("sudo", sudoArgs...)
} else {
cmd = exec.Command(name, args...)
}
var stdout, stderr bytes.Buffer
cmd.Stdout = &stdout
cmd.Stderr = &stderr