zabbix_agentd: Sudoers file reorganization

- Remove sudoers file 'zabbix' in favour of new IPFire managed 'zabbix_agentd' and user managed 'zabbix_agentd_user' which is included in the backup - Provide migration of old sudoers file 'zabbix' or 'zabbix.user' to new zabbix_agentd_user sudoers file if it was modified by user. Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
2026-04-27 11:13:24 +02:00 · 2022-06-30 12:15:53 +02:00
parent e2d54d57d4
commit 092330b128
6 changed files with 45 additions and 18 deletions
--- a/config/backup/includes/zabbix_agentd
+++ b/config/backup/includes/zabbix_agentd
@@ -1,5 +1,5 @@
-/etc/sudoers.d/zabbix
+/etc/sudoers.d/zabbix_agentd_user
 /etc/zabbix_agentd/zabbix_agentd.conf
 /etc/zabbix_agentd/scripts/
 /etc/zabbix_agentd/zabbix_agentd.d/
-/usr/lib/zabbix/
+/usr/lib/zabbix/
--- a/config/rootfiles/packages/zabbix_agentd
+++ b/config/rootfiles/packages/zabbix_agentd
@@ -1,6 +1,7 @@
 etc/logrotate.d/zabbix_agentd
 etc/rc.d/init.d/zabbix_agentd
-etc/sudoers.d/zabbix
+etc/sudoers.d/zabbix_agentd
+etc/sudoers.d/zabbix_agentd_user
 etc/zabbix_agentd
 etc/zabbix_agentd/scripts
 etc/zabbix_agentd/zabbix_agentd.conf
--- a/config/zabbix_agentd/sudoers
+++ b/config/zabbix_agentd/sudoers
@@ -1,17 +1,11 @@
 # Include file for sudoers file
 #
-# This is needed for some userparameters to be able to execute commands that only run as root (using sudo)
-# e.g. /usr/bin/openssl or /usr/sbin/smartctl
+# This is needed for some IPFire specific userparameters to be able to execute commands that only run as root (using sudo)
 #
-# USE AT YOU'RE OWN RISK. USING THIS WRONG CAN RESULT IN A SECURITY BREACH!
+# DO NOT CHANGE THIS FILE. This file is managed by IPFire, will be overwritten on next addon upgrade and is not
+#                          included in the backup.
 #
-# Some hints:
-# - It is strongly recommended to edit this file only using the visudo -f <filename> command. If you mess up this file,
-#   you might end up locking yourself out of your system!
-# - Append the full path incl. parameters to each command, using "," as separator.
-# - Only add commands you really need. Zabbix should not have more rights than it has to.
-#
-# Append / edit the following list of commands to fit your needs:
+# To add more sudo rights to zabbix agent, you should modify the sudoers file zabbix_agentd_user
 #
 Defaults:zabbix !requiretty
 zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status
--- a/config/zabbix_agentd/sudoers_user
+++ b/config/zabbix_agentd/sudoers_user
@@ -0,0 +1,16 @@
+# Include file for sudoers file
+#
+# This is needed for some userparameters to be able to execute commands that only run as root (using sudo)
+# e.g. /usr/bin/openssl or /usr/sbin/smartctl
+#
+# USE AT YOU'RE OWN RISK. USING THIS WRONG CAN RESULT IN A SECURITY BREACH!
+#
+# Some hints:
+# - It is strongly recommended to edit this file only using the visudo -f <filename> command. If you mess up this file,
+#   you might end up locking yourself out of your system!
+# - Append the full path incl. parameters to each command, using "," as separator.
+# - Only add commands you really need. Zabbix should not have more rights than it has to.
+#
+# Uncomment the following line and edit the example of commands to fit your needs:
+
+#zabbix ALL=(ALL) NOPASSWD: <custom command 1>, <custom command 2>, ...