customized sudo capability for a user

[stuartbh]

Let us say that I create a user on TrueNAS SCALE and I assign it sudo capability. In so doing the /etc/sudoers file then contains the proper setting for said user to use sudo. Now, if I wish to have a customized set of sudo settings (on any regular Linux box), I just create a file for the user in /etc/sudoers.d which is inclusive by default (via an include statement) in the /etc/sudoers file. I added said include statement and at some point TrueNAS SCALE removed it! How can I force TrueNAS SCALE to leave that include alone and let me have my overrides in the /etc/sudoers.d directory if I so choose?

Thank you in advance.

Stuart

 

[jgreco]

You can't, not reliably at least. You have misunderstood what TrueNAS is. It is not a general purpose Linux box of the kind that you seem to be familiar with, which would be yours to bend, fold, spindle or mutilate as you see fit. It is, instead, an appliance operating system, not intended for you to be tinkering under the hood. TrueNAS sits between you and the modified Linux operating system and expects to be in charge of that Linux system's configuration. Your exclusive method for making changes is to interact with the TrueNAS GUI, and if the GUI isn't capable of what you want, you cannot expect that the system is going to persist your changes.

At boot time, the system reads its configuration database, and writes out a completely new system configuration based on what is in the config database. At upgrade time, the system also flushes all OTHER system files, executables, etc., and replaces them with the new firmware image. This does not give you much of a hook to hang any unauthorized changes on.

What you can do, and it's hacky, and not really guaranteed and DEFINITELY not supported, is to use a post-boot task to install files that are stored in your main pool into the Linux system. It's better to see if you can find an alternative method such as allowing a user to ssh in to a restricted command= clause or something like that.