www.bonsaiframework.com
Page tree

Versions Compared

Old Version 17

changes.mady.by.user Tin Pham

Saved on

compared with

New Version 18

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
# Members of the staff group may gain root privileges
%staff ALL=(ALL) ALL

Granting Non-staff User to use sudo with Certain Commands

In some cases you might want a non-staff user (Roderick can we do group too, it would be better) to certain commands. Usual scenarios are to restart services that require root such as Apache (that would be a better example here)

Code Block
languagebash
sudo visudo

Scroll to the bottom and enter the username in this case we use the name bob and enter the commands you would like bob to be able to sudo with, in this case we want bob to be able to create directories

Code Block
languagebash
bob ALL=(root) /bin/mkdir

Now test the command

Code Block
languagebash
sudo mkdir bob

Lets use the find command if you do not know what to add the error message tells you the path that needs to be added to the file as an example lets display the find command error

Code Block
languagebash
Sorry, user bob is not allowed to execute '/usr/bin/find something' as root on prodserver

Now that we have the command path just add that to bob in the visudo file and test. For multiple commands separate with a comma

Code Block
languagebash
bob ALL=(root) /bin/mkdir, /usr/bin/find

To use sudo without being prompted for a password add NOPASSWD: 

Code Block
languagebash
bob ALL=(root) NOPASSWD: /bin/mkdir, /usr/bin/find

 

Create Catch-All serveradmin user

The purpose of serveradmin is the catch-all place to setup things like scripts. It may also, depending on requirements for your organization be used to manually setup software like application servers.

...

Code Block
languagebash
sudo useradd -d /home/remotebackup -m -g backup -u 3001 -c "Remote Backup" -s /bin/bash remotebackup

Granting Non-staff User to use sudo with Certain Commands

In some cases you might want a non-staff user (Roderick can we do group too, it would be better) to certain commands. Usual scenarios are to restart services that require root such as Apache (that would be a better example here)

Code Block
languagebash
sudo visudo

Scroll to the bottom and enter the username in this case we use the name bob and enter the commands you would like bob to be able to sudo with, in this case we want bob to be able to create directories

Code Block
languagebash
bob ALL=(root) /bin/mkdir

Now test the command

Code Block
languagebash
sudo mkdir bob

Lets use the find command if you do not know what to add the error message tells you the path that needs to be added to the file as an example lets display the find command error

Code Block
languagebash
Sorry, user bob is not allowed to execute '/usr/bin/find something' as root on prodserver

Now that we have the command path just add that to bob in the visudo file and test. For multiple commands separate with a comma

Code Block
languagebash
bob ALL=(root) /bin/mkdir, /usr/bin/find

To use sudo without being prompted for a password add NOPASSWD: 

Code Block
languagebash
bob ALL=(root) NOPASSWD: /bin/mkdir, /usr/bin/find