##
## Allow any user to run `zpool iostat/status -c smart` in order
## to read basic SMART health statistics for a pool.
##
## CAUTION: Any syntax error introduced here will break sudo.
## Editing with 'visudo' is recommended: visudo -f  /etc/sudoers.d/zfs 
##

# ALL ALL = (root) NOPASSWD: /usr/sbin/smartctl -a /dev/[hsv]d[a-z0-9]*

## Security notice
## ---------------
##
## Beware that the rule above, if enabled, is actually problematic. The wildcard
## mechanism in sudo is too lax and cannot be tightened well using sudoers
## syntax. The rule at hand allows any user to run arbitrary
## "smartctl -a /dev/hda[...]" command lines as root like
##
##     sudo /usr/sbin/smartctl -a /dev/hda1/../../tmp/some_symlink --extra-switch
##
## So contrary to what the line looks like this allows any user to:
##
## - get smart information for any device (or even pointing it to regular files
##   etc), by adding "../../" path components.
## - pass additional arguments to smartctl beyond the "-a" switch for obtaining
##   information.
