Right now, pbs_snapshot needs root access to capture everything on the system. There’s a ‘sudo’ argument to PBSSnapUtils, but the pbs_snapshot program calls it with sudo=False so that the user has to explicitly run pbs_snapshot program as root/with sudo to capture everything. The idea was that this will be more transparent to users.
But, this really isn’t very transparent to the users afterall as they don’t know about all of the commands that pbs_snapshot will run when they run the entire thing as root. So, they can’t really make an informed decision right now about whether they should run pbs_snapshot as root or not.
We might be able to solve this if pbs_snapshot uses “sudo=True” internally even if the user runs it as a normal user, so I was thinking that we can add an option called ‘–with-sudo’ to pbs_snapshot to make this happen.
We’ll probably have to publish a list of all commands that pbs_snapshot/PTL runs with sudo so that users can look at it and make a informed decision about whether they wanna use the --with-sudo option or not. Or maybe pbs_snapshot can list all the commands on the prompt when they use this option and take user input to confirm that it’s okay to proceed with sudo.
What do you guys think about this approach? Any concerns? Any better alternative solutions?