0
I would like to force the user to authenticate with his password, everytime he issues a command with "sudo". However, there is one command (an init script) that I want to exclude from that need. This single command should be able to be run as sudo without the need of a password. Any idea if this is possible? Or do I need to set up a different user account for this with the only right being to call the command?
Mirko Milfsson
Posted 2011-10-24T21:11:12.607
Reputation: 1
5
mirko ALL=(ALL) ALL, NOPASSWD: /sbin/service blah start
The sudoers manpage describes this in great detail.
user1686
Posted 2011-10-24T21:11:12.607
Reputation: 283 655
1
as sudoers manpage is too complex, needs more examples in the beggining, like a quick help...
I think this provides good restricted access:
yourUserName ALL=NOPASSWD:/usr/bin/startx -- \:1
yourUserName ALL=NOPASSWD:/usr/sbin/firestarter --start-hidden
in these above 2 examples, you prevent other commands like "firestarter --stop" what would be hazardous without password;
and "startx -- :1" (you cant use in sudoers "startx -- :1", without "\", will fail, so this is a tip), you can bind it to a key like Super+F8 (xterm -e "/usr/bin/startx -- :1"), so if your X gets messed (like while playing a 3D game) you can hit Super+F8 and get a new X to fix it all (as on ubuntu the ctrl+alt+f1 many times give us a blank screen..)
Aquarius Power
Posted 2011-10-24T21:11:12.607
Reputation: 545