When you refer to giving user a permission to run sudo
you usually think of giving him permissions to run any command on behalf of the user root. But
sudoersfile allows much more detailed configuration options that can give permissions to run only one particular command with
root` permissions.
For example add the following to the sudoers
file (using visudo
):
alarm ALL=(ALL) NOPASSWD: /usr/bin/netctl start wlan0-ssid
to limit the scope of sudo
for user alarm
just to one specific command with a specified argument: /usr/bin/netctl start wlan0-ssid
. It will not give this user any more permissions and he won't be able to access any files (as it would required running other commands which are not specified).
Add more lines and customise them to fit your configuration.
But he would get access to my files that are for sudo access only, right? – Dushyant Bangal – 2016-08-03T10:42:43.087
No, user
alarm
would only be able to run the specified command. There is no such thing as "files for sudo access" anyway. – techraf – 2016-08-03T10:50:10.427Is something like this possible without sudo? – Dushyant Bangal – 2016-08-03T11:10:30.697
That's what sudo was built for. What problem are you trying to solve? – techraf – 2016-08-03T11:12:13.177
actually i need to restrict access to some files. the whole system is on RPi. So if someone screws the sudoers file by plugging in SD card to PC, I'm screwed – Dushyant Bangal – 2016-08-03T11:31:48.457