Debian - allow user to be root only for specific commands

9

7

We have several Linux boxes running Samba that are used 'locally', eg each branch gets their own Samba box to store and share files.

The office managers need to be able to add and remove users for their branch and need to be root for this action (afaik), but i would like to restrict them from issuing any other root-privileged command as we have regular screw-ups from their side.

My (limited) linux knowledge tells me this is not possible - you are either root or not - but i wondered if there are ways to limit the allowed commands in some way.

Jake

Posted 2013-11-18T11:05:11.573

Reputation: 398

3

You could use sudo to allow users/groups to run selected commands with root previliges. Documentation can be found at sudo and also the Arch Wiki provides an easy introduction.

– AcId – 2013-11-18T11:09:53.517

Answers

14

Add to your /etc/sudoers file the following line:

user ALL=(root) NOPASSWD: /bin/mount,/bin/umount

where user is your non-root user and /bin/mount,/bin/umount is the list of commands you want to execute as root.

Now the non-root user can use the sudo command to run /bin/mount and /bin/umount with root privileges.

douglaslps

Posted 2013-11-18T11:05:11.573

Reputation: 1 240

Asked: 2013-11-18T11:05:11.573

Viewed: 2 272 times

Active: 2013-11-18T11:20:33.657