How can usual user access to /dev/sda file

My OS is Debian9 and I need use command smartctl in my script to get some hard drive info. But due to usual user have some special environment variable， I can't execute this script by sudo. So I execute command ls -l /dev/ | grep sd, and I found the group of /dev/sdb is disk. So I edit the /etc/group add the usual user to the disk group. Then run the script, it still show Smartctl open device: /dev/sda failed: Permission denied. How can I slove this problem? thankyou all!

fajin yu

Posted 2019-05-15T06:26:42.173

Reputation: 1

Answers

Well, I found a way.

sudo chmod u+s /usr/sbin/smartctl
sudo ln /usr/sbin/smartctl /usr/bin/smartctl

In this way I can finally execute command without using sudo.

fajin yu

Posted 2019-05-15T06:26:42.173

Reputation: 1

Don't run the whole script via sudo; change it to run just smartctl via sudo.

Alternatively, use the /etc/sudoers option env_keep to preserve the environment variables:

Defaults env_keep += "EDITOR VISUAL PAGER"

Defaults!someuser env_keep += "API_CLIENT_ID API_CLIENT_SECRET"

Giving full read/write access to the system disk creates a huge security issue – the user can now read/write all files belonging to any user; for example, they could even recover deleted data, or overwrite /etc/sudoers and give themselves unlimited root access.

Besides that, SCSI commands using SG_IO require more privileges than just ordinary device writes – usually they require process capabilities such as CAP_SYS_ADMIN or CAP_SYS_RAWIO. Assigning these privileges essentially makes the user root in everything but name.

user1686

Posted 2019-05-15T06:26:42.173

Reputation: 283 655

Okay， thankyou！ – fajin yu – 2019-05-15T07:57:46.170