1
0
I have read on the internet that you have to use sudoedit instead of sudo vim. I understand why this is and should be used so you can't just edit root-user files.
However I would like to manage a nologin user (service account that run a single application) let's call her 'nologinuser' with my own non-root account. For this I would need the correct rights in the sudoers file.
I have been in discussion with 2 Linux system managers and both disagree.
Linux admin A says: you should create a sudoedit rule for every config file and a sudo rule for every command.
Linux admin B says: Just create a sudo rule that allows you to read/write/execute everything as that user with "sudo -u nologinuser *"
Personally I agree with admin B because with "sudo -u nologinuser " you can execute every command as that user only, and through this command you also inhered that user his rights because you execute it as that user. This would also not cause a security issue in the ability of changing root-user files because nothing is done as root and it is most flexible.
Who is right, or is there a third better option? Who can tell me the best practice in this. What is the best way to manage a nologin application user as non-root?
Thank you.