...
Code Block |
---|
|
# Members of the staff group may gain root privileges
%staff ALL=(ALL) ALL |
Restricting Non-staff user to use sudo with certain commands
Scroll to the bottom and enter the user name in this case we use the name bob and enter the commands you would like bob to be able to sudo with, in this case we want bob to be able to create directories
Code Block |
---|
|
bob ALL=(root) /bin/mkdir |
Now test the command
If that did not work the error message tells you the path that needs to be added to the file as an example lets display the find command error
Code Block |
---|
|
Sorry, user bob is not allowed to execute '/usr/bin/find something' as root on prodserver |
Now that we have the command path just add that to bob in the visudo file and test. For multiple commands separate with a comma
Code Block |
---|
|
bob ALL=(root) /bin/mkdir, /usr/bin/find |
To use sudo without being prompted for a password add NOPASSWD:
Code Block |
---|
|
bob ALL=(root) NOPASSWD: /bin/mkdir, /usr/bin/find |
Create Catch-All serveradmin user
...