# Permissions Fix Complete **Tanggal:** 2025-01-09 **Status:** ✅ **FIXED** ## Problem User `calypso` tidak memiliki permission untuk: - Mengakses raw disk devices (`/dev/sd*`) - Menjalankan ZFS commands (`zpool`, `zfs`) - Membuat ZFS pools Error yang muncul: ``` failed to create ZFS pool: cannot open '/dev/sdb': Permission denied cannot create 'default': permission denied ``` ## Solution Implemented ### 1. Group Membership ✅ User `calypso` ditambahkan ke groups: - `disk` - Access to disk devices (`/dev/sd*`) - `tape` - Access to tape devices ```bash sudo usermod -aG disk,tape calypso ``` ### 2. Sudoers Configuration ✅ File `/etc/sudoers.d/calypso` dibuat dengan permissions: ```sudoers # ZFS Commands calypso ALL=(ALL) NOPASSWD: /usr/sbin/zpool, /usr/sbin/zfs, /usr/bin/zpool, /usr/bin/zfs # SCST Commands calypso ALL=(ALL) NOPASSWD: /usr/sbin/scstadmin, /usr/bin/scstadmin # Tape Utilities calypso ALL=(ALL) NOPASSWD: /usr/bin/mtx, /usr/bin/mt, /usr/bin/sg_*, /usr/bin/sg3_utils/* # System Monitoring calypso ALL=(ALL) NOPASSWD: /usr/bin/systemctl status *, /usr/bin/systemctl is-active *, /usr/bin/journalctl -u * ``` ### 3. Backend Code Updates ✅ **Helper Functions Added:** ```go // zfsCommand executes a ZFS command with sudo func zfsCommand(ctx context.Context, args ...string) *exec.Cmd { return exec.CommandContext(ctx, "sudo", append([]string{"zfs"}, args...)...) } // zpoolCommand executes a ZPOOL command with sudo func zpoolCommand(ctx context.Context, args ...string) *exec.Cmd { return exec.CommandContext(ctx, "sudo", append([]string{"zpool"}, args...)...) } ``` **All ZFS/ZPOOL Commands Updated:** - ✅ `zpool create` → `zpoolCommand(ctx, "create", ...)` - ✅ `zpool destroy` → `zpoolCommand(ctx, "destroy", ...)` - ✅ `zpool list` → `zpoolCommand(ctx, "list", ...)` - ✅ `zpool status` → `zpoolCommand(ctx, "status", ...)` - ✅ `zfs create` → `zfsCommand(ctx, "create", ...)` - ✅ `zfs destroy` → `zfsCommand(ctx, "destroy", ...)` - ✅ `zfs set` → `zfsCommand(ctx, "set", ...)` - ✅ `zfs get` → `zfsCommand(ctx, "get", ...)` - ✅ `zfs list` → `zfsCommand(ctx, "list", ...)` **Files Updated:** - ✅ `backend/internal/storage/zfs.go` - All ZFS/ZPOOL commands - ✅ `backend/internal/storage/zfs_pool_monitor.go` - Monitor commands - ✅ `backend/internal/storage/disk.go` - Disk discovery commands - ✅ `backend/internal/scst/service.go` - Already using sudo ✅ ### 4. Service Restart ✅ Calypso API service telah di-restart dengan binary baru: - ✅ Binary rebuilt dengan sudo support - ✅ Service restarted - ✅ Running successfully ## Verification ### Test ZFS Commands ```bash # Test zpool list (should work) sudo -u calypso sudo zpool list # Output: no pools available (success - no error) # Test zpool create/destroy (should work) sudo -u calypso sudo zpool create -f test_pool /dev/sdb sudo -u calypso sudo zpool destroy -f test_pool # Should complete without permission errors ``` ### Test Device Access ```bash # Test device access (should work with disk group) sudo -u calypso ls -la /dev/sdb # Should show device (not permission denied) ``` ## Current Status ✅ **Groups:** User calypso in `disk` and `tape` groups ✅ **Sudoers:** Configured and validated ✅ **Backend Code:** All ZFS commands use sudo ✅ **SCST:** Already using sudo (no changes needed) ✅ **Service:** Restarted with new binary ✅ **Permissions:** Fixed ## Next Steps 1. ✅ Permissions configured 2. ✅ Code updated 3. ✅ Service restarted 4. ⏭️ **Test ZFS pool creation via frontend** ## Testing Sekarang user bisa test membuat ZFS pool via frontend: 1. Login ke portal: http://localhost/ atau http://10.10.14.18/ 2. Navigate ke Storage → ZFS Pools 3. Create new pool dengan disks yang tersedia 4. Should work tanpa permission errors --- **Status:** ✅ **PERMISSIONS FIXED** **Ready for:** ZFS pool creation via frontend