I am trying to follow the advice from here for zfs replication, but using syncoid (following the commands from here). But it looks like the syncoid script has a sudo command in the zfs receive. I think this is because on the receiving end, I am not using a root user, so it inserts a $sudocmd (syncoid line 233). This makes it prompt for a password.
How can I use syncoid without a root user on the receiving end? The user I am sshing into already has the zfs allow for the things necessary.
If you’re getting rollback errors, you may be using an elderly version of syncoid. I originally wrote it to forcibly roll back the target to the most recent common snapshot, but around the same time I wrote that delegated replication guide you’re working from at Klara, I changed the behavior to use zfs receive -F without the explicit rollback, since that way I wouldn’t need to grant the rollback permission to the receiving user.
At some point in the near future, we’re also looking to replace the --no-privilege-elevation flag, for similar reasons. Make that the default behavior, with a new (not yet implemented) flag like --use-sudo-elevation for those who need that behavior to explicitly request it.
The following seems to be working for me. I added a backup user on both my backup server (which automatically boots on a schedule via bios, then takes backups, then shuts down again) and the hosts being backed up, then added sudoers files in /etc/sudoers.d/ with minor differences between backup server and clients.
On both:
Cmnd_Alias ZFS_COMANDS = /usr/bin/zfs send *, /usr/bin/zfs get *, /usr/bin/zfs set *, /usr/bin/zfs list *, /usr/bin/zfs destroy *, /usr/bin/zfs snapshot *, /usr/bin/zfs rollback *, /usr/bin/zfs hold *, /usr/bin/zfs release *, /usr/bin/zfs bookmark *