Previously, I had a session saved in WinSCP which used sudo -su as the shell instead of Default or bash which allowed sudo privileges within that session. That no longer works since the upgrade to 24.10.0(edited) Is there something I need to change in credentials, or another workaround?
Note: I fully understand the security implications of a saved session with sudo privileges.
Is 24.10.1 even out yet?
I’m sorry, 24.10.0, I’m an idiot
Explain: “That no longer works”.
Messages, errors, logs?
wow, that was silly on my part. Sorry about that.
I normally only see this error in WinSCP when the SSH server doesn’t allow assuming SUDO on login. Nothing has changed with my WinSCP config between the versions of TrueNAS, and I have been running the same version of WinSCP for some time.
What shell does the user specified after sudo -su have set in the TrueNAS credentials?
There are certain invocations of sudo that are no longer permitted in 24.10 due to security and auditing improvements. In this case:
Defaults log_subcmds
Defaults log_format=json
rejects sudo su -
The option to call su is being blocked by either sudoers or AppArmor. If you want to become root, or some other user with the -u flag, the new way is:
/bin/sudo /bin/zsh
It might require unlearning some finger memory, but gets the job done just as well. Give it a shot.
That’s unfortunate… IMO, one of the key tenants of Linux is the user has ultimate control, even to break things. I really do hate to see these abilities clipped away in the name of security.
I’ll have to do some further research, as I have no idea how to integrate that into WinSCP
TrueNAS is designed as an appliance though, not a Linux distro for tinkering with these things.
You can remove many of the guardrails in TrueNAS at the cost of losing the ability to report bugs found in that install. For example, apt is disabled, but can be enabled manually.
Even the normally read-only root folders can be edited in various ways if you really want.
Though, after I while I would start to question why one would run TrueNAS (which as previously stated, is an appliance OS, NOT marketed as a normal Linux distro) if the intent is to tinker like that as opposed to a basic Debian install with ZFS.
Indeed. I ran a homebrew Debian/ZFS NAS for years, but I got fed up of CLI administration for a casual home media server and a bit of homelab stuff which is why I went with TN.
Very valid point, but there is also something to be said for an easier way to chown and chmod files on the shares
Not sure I follow, this is the first time you bring chown and chmod up.
If you can’t chmod files on a share a good thing to check is if your Dataset’s ACL mode is set to Restricted, the default for shares defined with the SMB preset.
I know I mentioned chown and chmod, but I do not mean logging in directly and performing these actions, that can still be done using sudo -i. I meant a passwordless sudo session through WinSCP which I believe simply issues these commands in the background but I could be wildly mistaken.
My point is that with the ACL mode set to Restricted, chmod will fail, even if you try to run it with root priviledges.
I didn’t address that part of your comment, it’s not set to restricted. We’ve gone off on a bit of a tangent here. I appreciate the help, TrueNAS no longer supports this action in its original form.
Fair enough.
Hopefully you find a way to work with the data in a way that you’re content with.