Level 39
my-awesome-user ALL=NOPASSWD: /path/my_cmd
my_cmd
#!/bin/bash
/usr/bin/supervisorctl restart
assuming restart is the right keyword, I don't use supervisor but systemctl
May 31, 2022
2
Level 9
Limit sudoer by command attributes?
I currently have this in /etc/sudoers:
my-awesome-user ALL=NOPASSWD: /usr/bin/supervisorctl
However, this allows the user to restart, stop, start, reload ANY worker, I would like to only allow the user to restart a specific worker?
How can this be achieved?
Level 56
It works with parameters as expected:
username ALL=NOPASSWD: /usr/bin/systemctl restart dnsmasq.service
Note that the sudoers policies will only apply if the user uses the sudo command.
For example, with the sudoers file above for user username:
This command will request the user to input their password:
$ systemctl restart dnsmasq.service
But this one, even using sudo, won't, as it is allowed on the user's sudoers file:
$ sudo systemctl restart dnsmasq.service
Please or to participate in this conversation.