diff --git a/.gitignore b/.gitignore
index 56073e44..0a38889e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ vault-pass.yml
 id_rsa_ansible_user
 id_rsa_ansible_user_pub
 plugins/lookup/__pycache__/**
+plugins/callback/__pycache__/
diff --git a/roles/mgrote.zfs_sanoid/tasks/user.yml b/roles/mgrote.zfs_sanoid/tasks/user.yml
index 3df440b9..42348674 100644
--- a/roles/mgrote.zfs_sanoid/tasks/user.yml
+++ b/roles/mgrote.zfs_sanoid/tasks/user.yml
@@ -16,3 +16,16 @@
     when:
       - sanoid_user_group is defined
       - sanoid_user is defined
+
+  - name: add user to sudoers
+    become: true
+    ansible.builtin.blockinfile:
+      path: /etc/sudoers
+      state: present
+      block:  |
+        {{ sanoid_user }} ALL=(ALL) NOPASSWD:ALL
+      validate: '/usr/sbin/visudo -cf %s'
+      backup: yes
+    when:
+      - sanoid_user_group is defined
+      - sanoid_user is defined
diff --git a/roles/mgrote.zfs_sanoid/templates/sanoid-cron.sh b/roles/mgrote.zfs_sanoid/templates/sanoid-cron.sh
index bdf34df9..804f5ffe 100644
--- a/roles/mgrote.zfs_sanoid/templates/sanoid-cron.sh
+++ b/roles/mgrote.zfs_sanoid/templates/sanoid-cron.sh
@@ -2,4 +2,4 @@
 {{ file_header | default () }}
 export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
-/usr/local/bin/sanoid --cron --verbose  | ts '%Y-%m-%d - %H-%M-%S' >> {{ sanoid_log_file }} 2>&1 &
+sudo /usr/local/bin/sanoid --cron --verbose  | ts '%Y-%m-%d - %H-%M-%S' >> {{ sanoid_log_file }} 2>&1 &