Re: smtpctl: need root privileges
Le 25/09/2018 14:27, Gilles Chehade a écrit : On Tue, Sep 25, 2018 at 11:23:59AM +0200, Joel Carnat wrote: Hi, (Running OpenBSD 6.3/amd64 with OpenSMTPD 6.0.4) I want `telegraf` to be allowed to run `/usr/sbin/smtpctl show stats`. I configured "_smtpq:*:103:_telegraf" in groups and thought it would run. But I still get: # doas -u _telegraf /usr/sbin/smtpctl show stats smtpctl: need root privileges Is the thread (https://github.com/OpenSMTPD/OpenSMTPD/issues/678) still relevant ? Is the only way to get stats is to use doas to execute as root ? Thanks. Hi, The thread you're mentionning is no longer relevant, however as of today it is true that statistics are not exposed to users. I don't know if we should, it requires at least a bit of thinking and of discussion which I think should target the 6.5 release. In particular, a lot of people are using the smtpctl stats command as an input to reporting utilities and maybe we should provide a better way to do that, and maybe I already have diffs heading in that direction ;) Gilles Ok. I've tried using the _smtpq group too but that explains why it still failed. Telegraf seem to be close-linked to `sudo`. I'll see how to fool it to use `doas` Thank you. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: smtpctl: need root privileges
On Tue, Sep 25, 2018 at 11:23:59AM +0200, Joel Carnat wrote: > Hi, > > (Running OpenBSD 6.3/amd64 with OpenSMTPD 6.0.4) > > I want `telegraf` to be allowed to run `/usr/sbin/smtpctl show stats`. > I configured "_smtpq:*:103:_telegraf" in groups and thought it would run. > But I still get: > # doas -u _telegraf /usr/sbin/smtpctl show stats > smtpctl: need root privileges > > Is the thread (https://github.com/OpenSMTPD/OpenSMTPD/issues/678) still > relevant ? > Is the only way to get stats is to use doas to execute as root ? > > Thanks. > Hi, The thread you're mentionning is no longer relevant, however as of today it is true that statistics are not exposed to users. I don't know if we should, it requires at least a bit of thinking and of discussion which I think should target the 6.5 release. In particular, a lot of people are using the smtpctl stats command as an input to reporting utilities and maybe we should provide a better way to do that, and maybe I already have diffs heading in that direction ;) Gilles -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: smtpctl: need root privileges
Hi, it sure is. doas.conf: permit nopass telegraf as root cmd smtpctl args show stats should do the trick. > I've allowed a passwordless sudo in sudoers on CentOS 7 for a certain > user to be able to execute specific smtpd commands. > Albeit, I have no idea if the same is possible on OpenBSD. > Good luck! > Reio > On 25/09/2018 12:23, Joel Carnat wrote: >> Hi, >> >> (Running OpenBSD 6.3/amd64 with OpenSMTPD 6.0.4) >> >> I want `telegraf` to be allowed to run `/usr/sbin/smtpctl show stats`. >> I configured "_smtpq:*:103:_telegraf" in groups and thought it would run. >> But I still get: >> # doas -u _telegraf /usr/sbin/smtpctl show stats >> smtpctl: need root privileges >> >> Is the thread (https://github.com/OpenSMTPD/OpenSMTPD/issues/678) >> still relevant ? >> Is the only way to get stats is to use doas to execute as root ? >> >> Thanks. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: smtpctl: need root privileges
I've allowed a passwordless sudo in sudoers on CentOS 7 for a certain user to be able to execute specific smtpd commands. Albeit, I have no idea if the same is possible on OpenBSD. Good luck! Reio On 25/09/2018 12:23, Joel Carnat wrote: Hi, (Running OpenBSD 6.3/amd64 with OpenSMTPD 6.0.4) I want `telegraf` to be allowed to run `/usr/sbin/smtpctl show stats`. I configured "_smtpq:*:103:_telegraf" in groups and thought it would run. But I still get: # doas -u _telegraf /usr/sbin/smtpctl show stats smtpctl: need root privileges Is the thread (https://github.com/OpenSMTPD/OpenSMTPD/issues/678) still relevant ? Is the only way to get stats is to use doas to execute as root ? Thanks. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
smtpctl: need root privileges
Hi, (Running OpenBSD 6.3/amd64 with OpenSMTPD 6.0.4) I want `telegraf` to be allowed to run `/usr/sbin/smtpctl show stats`. I configured "_smtpq:*:103:_telegraf" in groups and thought it would run. But I still get: # doas -u _telegraf /usr/sbin/smtpctl show stats smtpctl: need root privileges Is the thread (https://github.com/OpenSMTPD/OpenSMTPD/issues/678) still relevant ? Is the only way to get stats is to use doas to execute as root ? Thanks. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org