Question: why does ZoL require root for read-only operations?

[mdlayher]

Related to an ongoing discussion in prometheus/node_exporter#213.

Apparently, on FreeBSD, you are able to retrieve these kinds of metrics without superuser privileges. For example, commands like zfs list, zfs get, etc. shouldn't really require running as root.

Is there any way around this, and if not, is there a reason that ZoL works this way? Thanks in advance.

[rlaager]

#434

The best work-around at this point is to create an /etc/sudoers.d/zfs file (permissioned 0440) with these contents and then use sudo:

Cmnd_Alias C_ZFS =       \
  /sbin/zfs "",          \
  /sbin/zfs help *,      \
  /sbin/zfs get,         \
  /sbin/zfs get *,       \
  /sbin/zfs list,        \
  /sbin/zfs list *,      \
  /sbin/zpool "",        \
  /sbin/zpool help *,    \
  /sbin/zpool iostat,    \
  /sbin/zpool iostat *,  \
  /sbin/zpool list,      \
  /sbin/zpool list *,    \
  /sbin/zpool status,    \
  /sbin/zpool status *,  \
  /sbin/zpool upgrade,   \
  /sbin/zpool upgrade -v

# Allow read-only ZFS commands to be called through sudo without a password.
ALL ALL = (root) NOPASSWD: C_ZFS

[DeHackEd]

"Questions" belong on the mailing list.

[behlendorf]

@mdlayher at the moment you'll want to use sudo. Slightly longer term we do want to update the code so that certain commands don't require root.

[mdlayher]

@behlendorf thanks for the info, and apologies, was not aware of the mailing list! Closing.