8
4
I want to add a user to the sudoers file so that it can only start, stop and restart a particular service.
I am using Debian and can access the sudoers file using sudo visudo, I am stumped now though on how to set up this one user to be limited to one service.
Jake N
Posted 2013-04-05T12:27:58.563
Reputation: 289
9
root@megatron# visudo
Append following line (where megatron is your hostname)
jakenoble megatron=/etc/init.d/httpd start, /etc/init.d/httpd stop,/etc/init.d/httpd restart, /sbin/services httpd restart
Save and close the file. You have to type following command:
jakenoble@megatron$ sudo /etc/init.d/httpd restart
You must list the full command you want someone to run for visudo to allow it.
For example, given the line in /etc/sudoers
%users localhost=/sbin/shutdown -r now
Users can only RESTART (-r) the machine, they cannot HALT (-h) it.
jnovack
Posted 2013-04-05T12:27:58.563
Reputation: 1 266
I wish sudoers had possibility to add several commands in one line like jakenoble megatron=/etc/init.d/httpd {start,stop,restart}. It would decrease amount of duplication... – Lev Lukomsky – 2017-05-31T17:06:50.670
That makes sense, I will try it – Jake N – 2013-04-05T14:17:27.033
Good summary, lots of questions recently that involve visudo. – nerdwaller – 2013-04-05T15:00:27.023
This should probably be moved to unix & linux stackexchange site. I flagged it to get moved. – slm – 2013-04-05T12:46:20.613