LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Create user with having only permission to star/stop service (https://www.linuxquestions.org/questions/linux-newbie-8/create-user-with-having-only-permission-to-star-stop-service-4175590473/)

dushyantg 09-30-2016 05:06 AM
Create user with having only permission to star/stop service
 
Hi,

I want to create a user who can only start/stop/restart specific service.

can anyone guide me in that how it can be done?

or a user which can connect over ssh and start/stop/restart specific service.

Turbocapitalist 09-30-2016 06:35 AM
Yes, you can do that using "sudo" which is configured in the file /etc/sudoers. Which distro do you have and how do you start, stop, or restart a service normally?

If you use the "service" utility, it could go like this:

Code:
%dushyantg  ALL=(ALL:ALL) /usr/sbin/service apache2 stop, \
          /usr/sbin/service apache2 start, /usr/sbin/service apache2 restart, \
          /usr/sbin/service apache2 reload, /usr/sbin/service apache2 status
That makes the users in the group dushyantg able to stop, start, restart, and reload apache2 as well as see the status.

Be sure to a) use "visudo" for editing /etc/sudoers and b) save but not close /etc/sudoers until you have verified that everything works.

BW-userx 09-30-2016 09:32 AM
Quote:
Originally Posted by Turbocapitalist (Post 5611955)
Yes, you can do that using "sudo" which is configured in the file /etc/sudoers. Which distro do you have and how do you start, stop, or restart a service normally?

If you use the "service" utility, it could go like this:

Code:
%dushyantg  ALL=(ALL:ALL) /usr/sbin/service apache2 stop, \
          /usr/sbin/service apache2 start, /usr/sbin/service apache2 restart, \
          /usr/sbin/service apache2 reload, /usr/sbin/service apache2 status
That makes the users in the group dushyantg able to stop, start, restart, and reload apache2 as well as see the status.

Be sure to a) use "visudo" for editing /etc/sudoers and b) save but not close /etc/sudoers until you have verified that everything works.
BIG Q 2 U ~

why do I see that got a use visudo to edit sudoers file? I use nano whenever I edit sudoers file and have had no ill effects as a result of it, so why do I read and even see you stating that got a use visudo to edit said file?

Emerson 09-30-2016 09:40 AM
man visudo tells what are the advantages of visudo over regular editor.

Turbocapitalist 09-30-2016 10:20 AM
Quote:
Originally Posted by BW-userx (Post 5612033)
BIG Q 2 U ~

why do I see that got a use visudo to edit sudoers file? I use nano whenever I edit sudoers file and have had no ill effects as a result of it, so why do I read and even see you stating that got a use visudo to edit said file?
As Emerson writes the manual page for "visudo" covers a lot of that, but the gist is that it checks syntax. That's better than nothing. You can still lock yourself out even with correct syntax if you tell it to.

If you use "nano" be sure to fire it up with the -w option or even add nowrap to .nanorc so it is done automatically. Some distros will ask you the first time you fire up "visudo" if you want to use "nano" for the editor and set it as the default. Otherwise, you can be sure that the $EDITOR environment variable is set to "nano" and "visudo" will use it then.

BW-userx 09-30-2016 10:48 AM
Quote:
Originally Posted by Turbocapitalist (Post 5612056)
As Emerson writes the manual page for "visudo" covers a lot of that, but the gist is that it checks syntax. That's better than nothing. You can still lock yourself out even with correct syntax if you tell it to.

If you use "nano" be sure to fire it up with the -w option or even add nowrap to .nanorc so it is done automatically. Some distros will ask you the first time you fire up "visudo" if you want to use "nano" for the editor and set it as the default. Otherwise, you can be sure that the $EDITOR environment variable is set to "nano" and "visudo" will use it then.
yeah I read that man page and well it is just me using editing that file and I don't really do a lot of mods to it, just set my just me user to wheel all for sudo no password and that is the end of that. for what it is set up for for them that edit sudoers file a lot to make all of them adjustments to that file and with the maybe more then one editing that file at a time thing yes I can then see the benifts to using visodo other then that me perosnally i have no need of it.

thanks for your time...

dushyantg 10-03-2016 05:57 AM
I am using CentOS 7 and only want to do it for 2 services.

Turbocapitalist 10-03-2016 06:32 AM
Quote:
Originally Posted by dushyantg (Post 5613078)
I am using CentOS 7 and only want to do it for 2 services.
Ok. CentOS 7 has "sudo". Which two services? And does the example above in #2 for Apache2 help?


All times are GMT -5. The time now is 02:24 PM.