Limited Sudo Access for Specific Users

I'm gonna start this blog with a softball I happened upon in Stack Overflow today. This snippet will give a user on a linux system password-free sudo permission but for a specific command(s).

In my case I want a little side project to be able to reload nginx's config but I very much do not want a hacky side project running with complete sudo access. This snippet is perfect as I can allow that user sudo access but only for this one task!

Process

Add a line like this to /etc/sudoers or /etc/sudoers.d/{user}

username ALL=(ALL) NOPASSWD: /path/to/command arguments, /path/to/another/command

Now log in as that user either via ssh or sudo su {user} and try your command.

$ systemctl reload nginx

Examples

This will allow the user gwen to reload nginx but nothing else

gwen ALL=(ALL) NOPASSWD: /usr/bin/systemctl reload nginx

And this will allow the user gwen to reload or restart nginx but nothing else

gwen ALL=(ALL) NOPASSWD: /usr/bin/systemctl reload nginx, /usr/bin/systemctl restart nginx

Credit for the solution goes to the original stack overflow post!

#sudo #linux #sysadmin


About The Author

Gwen is a Creative Technologist, livecoder, and founding member at the EMMA Technology Cooperative. She is also the designated server witch, and admin of this very writefreely instance.