Limited Sudo Access for Specific Users
I'm gonna start this blog with a softball I happened upon in Stack Overflow today. This snippet will give a user on a linux system password-free sudo permission but for a specific command(s).
In my case I want a little side project to be able to reload nginx's config but I very much do not want a hacky side project running with complete sudo access. This snippet is perfect as I can allow that user sudo access but only for this one task!
Process
Add a line like this to /etc/sudoers or /etc/sudoers.d/{user}
username ALL=(ALL) NOPASSWD: /path/to/command arguments, /path/to/another/command
Now log in as that user either via ssh or sudo su {user} and try your command.
$ systemctl reload nginx
Examples
This will allow the user gwen to reload nginx but nothing else
gwen ALL=(ALL) NOPASSWD: /usr/bin/systemctl reload nginx
And this will allow the user gwen to reload or restart nginx but nothing else
gwen ALL=(ALL) NOPASSWD: /usr/bin/systemctl reload nginx, /usr/bin/systemctl restart nginx
Credit for the solution goes to the original stack overflow post!
About The Author
Gwen is a Creative Technologist, livecoder, and founding member at the EMMA Technology Cooperative. She is also the designated server witch, and admin of this very writefreely instance.