This commit is contained in:
20
install.sh
20
install.sh
@@ -176,6 +176,22 @@ create_user() {
|
||||
else
|
||||
echo -e "${YELLOW}User $SERVICE_USER already exists${NC}"
|
||||
fi
|
||||
|
||||
# Add user to disk group for block device access (required for ZFS)
|
||||
if getent group disk > /dev/null 2>&1; then
|
||||
usermod -a -G disk "$SERVICE_USER"
|
||||
echo -e "${GREEN}Added $SERVICE_USER to disk group${NC}"
|
||||
fi
|
||||
|
||||
# Create sudoers configuration for ZFS commands
|
||||
echo -e "${GREEN}Configuring sudo for ZFS operations...${NC}"
|
||||
cat > /etc/sudoers.d/atlas-zfs <<EOF
|
||||
# Allow atlas user to run ZFS commands without password
|
||||
# This is required for ZFS pool operations
|
||||
$SERVICE_USER ALL=(ALL) NOPASSWD: /usr/sbin/zpool, /usr/bin/zpool, /sbin/zpool, /usr/sbin/zfs, /usr/bin/zfs, /sbin/zfs
|
||||
EOF
|
||||
chmod 440 /etc/sudoers.d/atlas-zfs
|
||||
echo -e "${GREEN}Sudo configuration created${NC}"
|
||||
}
|
||||
|
||||
# Create directories
|
||||
@@ -479,7 +495,9 @@ Environment="ATLAS_LOG_LEVEL=INFO"
|
||||
Environment="ATLAS_LOG_FORMAT=json"
|
||||
|
||||
# Security
|
||||
NoNewPrivileges=true
|
||||
# Note: NoNewPrivileges is set to false to allow sudo for ZFS operations
|
||||
# This is necessary for ZFS pool management
|
||||
NoNewPrivileges=false
|
||||
PrivateTmp=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
|
||||
Reference in New Issue
Block a user