zfs für non-root User + visudo (#54)

* ZFS Commands RO für non-Root-User angelegt

* Visudo für alle Tasks die in /etc/sudoers.d arbeiten

* linter 201

roles/mgrote.create_users/tasks/main.yml

@@ -38,4 +38,5 @@
     template:
       src: sudoers
       dest: /etc/sudoers.d/{{ create_user_name }}
+      validate: /usr/sbin/visudo -cf %s
 #    no_log: true

roles/mgrote.zfs_tools/tasks/main.yml

@@ -83,3 +83,15 @@
       mode: 0555
       src: zfs-free.sh
       dest: /usr/local/bin/zfs-free.sh
+
+  - name: Erlaube "non-root" Usern Read-Only ZFS Commands
+    become: yes
+    template:
+      src: sudoers_zfs
+      dest: /etc/sudoers.d/zfs
+      owner: root
+      group: root
+      force: yes
+      backup: yes
+      mode: 0440
+      validate: /usr/sbin/visudo -cf %s

roles/mgrote.zfs_tools/templates/sudoers_zfs

@@ -0,0 +1,18 @@
+# Allow read-only ZoL commands to be called through sudo
+# without a password. Remove the first '#' column to enable.
+#
+# CAUTION: Any syntax error introduced here will break sudo.
+#
+# Cmnd alias specification
+Cmnd_Alias C_ZFS = \
+  /sbin/zfs "", /sbin/zfs help *, \
+  /sbin/zfs get, /sbin/zfs get *, \
+  /sbin/zfs list, /sbin/zfs list *, \
+  /sbin/zpool "", /sbin/zpool help *, \
+  /sbin/zpool iostat, /sbin/zpool iostat *, \
+  /sbin/zpool list, /sbin/zpool list *, \
+  /sbin/zpool status, /sbin/zpool status *, \
+  /sbin/zpool upgrade, /sbin/zpool upgrade -v
+#
+# allow any user to use basic read-only ZFS commands
+ALL ALL = (root) NOPASSWD: C_ZFS