Create user with having only permission to star/stop service

dushyantg · 09-30-2016, 05:06 AM

Hi,

I want to create a user who can only start/stop/restart specific service.

can anyone guide me in that how it can be done?

or a user which can connect over ssh and start/stop/restart specific service.

Turbocapitalist · 09-30-2016, 06:35 AM

Yes, you can do that using "sudo" which is configured in the file /etc/sudoers. Which distro do you have and how do you start, stop, or restart a service normally?

If you use the "service" utility, it could go like this:

Code:

%dushyantg  ALL=(ALL:ALL) /usr/sbin/service apache2 stop, \
           /usr/sbin/service apache2 start, /usr/sbin/service apache2 restart, \
           /usr/sbin/service apache2 reload, /usr/sbin/service apache2 status

That makes the users in the group dushyantg able to stop, start, restart, and reload apache2 as well as see the status.

Be sure to a) use "visudo" for editing /etc/sudoers and b) save but not close /etc/sudoers until you have verified that everything works.

BW-userx · 09-30-2016, 09:32 AM

Quote:

Originally Posted by Turbocapitalist

Yes, you can do that using "sudo" which is configured in the file /etc/sudoers. Which distro do you have and how do you start, stop, or restart a service normally?

If you use the "service" utility, it could go like this:

Code:

%dushyantg  ALL=(ALL:ALL) /usr/sbin/service apache2 stop, \
           /usr/sbin/service apache2 start, /usr/sbin/service apache2 restart, \
           /usr/sbin/service apache2 reload, /usr/sbin/service apache2 status

That makes the users in the group dushyantg able to stop, start, restart, and reload apache2 as well as see the status.

Be sure to a) use "visudo" for editing /etc/sudoers and b) save but not close /etc/sudoers until you have verified that everything works.

BIG Q 2 U ~

why do I see that got a use visudo to edit sudoers file? I use nano whenever I edit sudoers file and have had no ill effects as a result of it, so why do I read and even see you stating that got a use visudo to edit said file?

Emerson · 09-30-2016, 09:40 AM

man visudo tells what are the advantages of visudo over regular editor.

Turbocapitalist · 09-30-2016, 10:20 AM

Quote:

Originally Posted by BW-userx

BIG Q 2 U ~

why do I see that got a use visudo to edit sudoers file? I use nano whenever I edit sudoers file and have had no ill effects as a result of it, so why do I read and even see you stating that got a use visudo to edit said file?

As Emerson writes the manual page for "visudo" covers a lot of that, but the gist is that it checks syntax. That's better than nothing. You can still lock yourself out even with correct syntax if you tell it to.

If you use "nano" be sure to fire it up with the -w option or even add nowrap to .nanorc so it is done automatically. Some distros will ask you the first time you fire up "visudo" if you want to use "nano" for the editor and set it as the default. Otherwise, you can be sure that the $EDITOR environment variable is set to "nano" and "visudo" will use it then.

BW-userx · 09-30-2016, 10:48 AM

Quote:

Originally Posted by Turbocapitalist

As Emerson writes the manual page for "visudo" covers a lot of that, but the gist is that it checks syntax. That's better than nothing. You can still lock yourself out even with correct syntax if you tell it to.

If you use "nano" be sure to fire it up with the -w option or even add nowrap to .nanorc so it is done automatically. Some distros will ask you the first time you fire up "visudo" if you want to use "nano" for the editor and set it as the default. Otherwise, you can be sure that the $EDITOR environment variable is set to "nano" and "visudo" will use it then.

yeah I read that man page and well it is just me using editing that file and I don't really do a lot of mods to it, just set my just me user to wheel all for sudo no password and that is the end of that. for what it is set up for for them that edit sudoers file a lot to make all of them adjustments to that file and with the maybe more then one editing that file at a time thing yes I can then see the benifts to using visodo other then that me perosnally i have no need of it.

thanks for your time...

dushyantg · 10-03-2016, 05:57 AM

I am using CentOS 7 and only want to do it for 2 services.

Turbocapitalist · 10-03-2016, 06:32 AM

Quote:

Originally Posted by dushyantg

I am using CentOS 7 and only want to do it for 2 services.

Ok. CentOS 7 has "sudo". Which two services? And does the example above in #2 for Apache2 help?