Scripts should respect the principle of least privilege.

[JamesMConroy]

All of the 180+ scrips in salt/common/tools/sbin require the user to run them as root. This is the case even with scripts that don't require elevated privileges (so-status), and prevents users from viewing the script's usage.

An effort should be made to ensure scripts are run with the least privilege possible, and to allow non privileged users to view usage without having to pop a root shell.

Speaking for myself if presented with a large number of commands requiring root privileges I am likely to sudo su - and work from there, which is a very bad habit to get into.

[TOoSmOotH]

so-status is the only script out of them so far that I can find that really doesn't need root access. The rest require root because they are either interacting with docker or accessing secrets. So if a user without privileges runs so-status and sees an issue there is nothing they can action on because they don't have access. so-status results are stored in influx which is what grid uses to detect a fault state on a sensor. If you are trying to set up some detection for when things break you can set up an alert in grafana when a sensor goes into the fault state. Or you can monitor /opt/so/log/sostatus/sostatus.log with external tools on each device in the deployment.

[rwwiv]

To piggy back on this, we aren't dependent on the content of the scripts to determine which require root. We as developers decide users need to have root access to run these scripts.

Like I said in your PR, I think there's a good point to be made about giving all users access to usage info, but I don't think there needs to be a discussion around changing overall script permissions.

[JamesMConroy]

And there's no consideration to adding a user to the docker group? Or appropriate groups for the other scripts?

[JamesMConroy]

On the usage function front all you would need to do is move the check for root after the getopts block. Some care would need to be taken to make sure getopts isn't running a function before the check for root.