Creating a snapshot requires "sudo"

Question

Creating a snapshot requires "sudo"

gbenhaim opened this issue 6 years ago · 3 comments

When creating the snapshot, the new layer of the disk is created with the following permissions:

-rw-------. 1 qemu qemu   197120 May  3 11:59 vm-01_root.1525337944

Then we issue lago.providers.libvirt.vm._reclaim_disks in order to add rw permissions to all.
This action requires sudo -u qemu.

During lago installation, we configure /etc/sudoers .d with:

%lago ALL = (qemu) NOPASSWD: /usr/bin/chmod

but it seems that we need to change it to:

%lago ALL = (qemu) NOPASSWD: /usr/bin/chmod *

or to revisit the way we create snapshots.

Answer 1 · 2018-05-06T10:04:40.000Z

This is just a reminder that sudo is not meant for use by automated tools and PolicyKit/ConsoleKit would be a better choice...

Answer 2 · 2018-05-06T15:06:57.000Z

@ifireball thanks for the comment.
Due to time constraints, I'll fix the current logic that uses sudo, but leave this issue open
so we can implement the correct fix in the future.

Answer 3 · 2018-05-06T15:07:56.000Z

Temporary fix #715