From 6bd8ba566a60c18121d9a66f1cdd056878fe6114 Mon Sep 17 00:00:00 2001 From: Eusebius1920 Date: Sun, 4 Feb 2024 06:38:26 +0100 Subject: [PATCH] docs: update sudo configuration to a more restrictive variant (#1001) Signed-off-by: Daniel Schlosser <8429638+Eusebius1920@users.noreply.github.com> Co-authored-by: Daniel Schlosser <8429638+Eusebius1920@users.noreply.github.com> --- docs/index.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/index.md b/docs/index.md index 5f11b539..54f112ce 100644 --- a/docs/index.md +++ b/docs/index.md @@ -163,7 +163,9 @@ You can configure the `sudo` privilege for the user via the command line on the Add the following line to the end of the file: ```sh - terraform ALL=(ALL) NOPASSWD:ALL + terraform ALL=(root) NOPASSWD: /sbin/pvesm + terraform ALL=(root) NOPASSWD: /sbin/qm + terraform ALL=(root) NOPASSWD: /usr/bin/echo tfpve ``` Save the file and exit. @@ -177,10 +179,10 @@ You can configure the `sudo` privilege for the user via the command line on the - Test the SSH connection and password-less `sudo`: ```sh - ssh terraform@ sudo ls -la /root + ssh terraform@ sudo echo tfpve ``` - You should be able to connect to the target node and see content of the `/root` folder without password. + You should be able to connect to the target node and see the output `tfpve` on the screen without being prompted for your password. ### Node IP address used for SSH connection