I don't believe this is a bug with simplesnapwrap. If all of these commands require root anyway, why not run simplesnapwrap as root? (That's what it's designed to do.)
John On 08/01/2016 03:35 AM, helix84 wrote: > Package: simplesnap > Version: 1.0.3 > > > Hello, first of all I'd like to apologize that I'm reporting here > while I tried the package on Ubuntu where things may be set up > differently. Secondly, thank you for this package, I just set it up > for the first time along with zfSnap and it is very convenient, it > exactly fills the niche I had. > > The problem on Ubuntu 16.04 (which may not be the case in Debian) > stems from the fact that zfs is set up to be used via sudo whereas > simplesnapwrap on activehost calls zfs without sudo (which is > hardcoded in simplesnapwrap). > > My workaround was to add the simplesnap user on activehost to sudoers > and allow the required subset of zfs commands: > > sudo visudo -f /etc/sudoers.d/zfs > > Cmnd_Alias C_ZFS_SIMPLESNAP = \ > /sbin/zfs list *, \ > /sbin/zfs send *, \ > /sbin/zfs snapshot *, \ > /sbin/zfs destroy tank@__simplesnap_*, \ > /sbin/zfs destroy tank/root@__simplesnap_* > > simplesnapuser ALL = (root) NOPASSWD: C_ZFS_SIMPLESNAP > > But unfortunately I had to do a modification to > /usr/sbin/simplesnapwrap on activehost: > #ZFSCMD=/sbin/zfs > ZFSCMD="sudo /sbin/zfs" > > Then as usual, I run simplesnap on backuphost from cron: > 6-56/10 * * * * root PATH=/usr/sbin:/usr/bin:/sbin:/bin > /usr/sbin/simplesnap --host matrix --setname mainset --store > backup/simplesnap --sshcmd "ssh -i /home/ivan/.ssh/id_rsa_simplesnap > -l simplesnapuser" > > Of course, I hate to do changes to files owned by the package which > can be overwritten in case of package upgrade, ergo this bug report. > > The solution I suggest is to allow the user to specify ZFSCMD as an > environment variable, thus enabling creation of a "simplesnapwrap > wrapper" (calling simplesnapwrap with ZFSCMD="sudo /sbin/zfs") which > can be called from backuphost via --wrapcmd. > > If you see another way around it, I'll be happy to hear your thoughts. > Thanks again. > > > Regards, > ~~helix84
