LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Sudo access to specific files/services (https://www.linuxquestions.org/questions/linux-security-4/sudo-access-to-specific-files-services-4175419818/)

whositwhatnow 08-01-2012 02:35 PM
Sudo access to specific files/services
 
Hello all,

Im hoping someone can help. I'm looking at giving restricted access to a user using sudo.

I want to give them read/write access to a file and access to restart a service.

The user is in the users group, in the sudoers file there is a section to allow users to shutdown system. So i was gonna put the entry there

user localhost=/etc/init.d/dhcpd restart (this is to restart service)

i dont know where i could put the file access path or how to restrict that user to be able to edit that 1 file only.

kbscores 08-01-2012 03:00 PM
For the file restriction it would be easier to use acls.

Code:
setfacl -m u:username:rw filename
To see what permissions are given with acls use;

Code:
getfacl filename
As for the sudoers running a specific command I'd use:
Code:

cmd_Alias DHCPD_CMDS = /etc/init.d/dhcpd restart, /etc/init.d/dhcpd start, ....any commands you want to give them
Then add this line:
Code:

users ALL=(root) NOPASSWD: DHCPD_CMDS

whositwhatnow 08-02-2012 09:08 AM
As for the sudoers running a specific command I'd use:
Code:

cmd_Alias DHCPD_CMDS = /etc/init.d/dhcpd restart, /etc/init.d/dhcpd start, ....any commands you want to give them
Then add this line:
Code:

users ALL=(root) NOPASSWD: DHCPD_CMDS
[/QUOTE]

I've added the above lines to my sudoers file. I can login as sudo but can't execute the service restart stop etc.

kbscores 08-02-2012 10:29 AM
Make sure when you run it you put sudo infront of it.

Code:

sudo /sbin/service dhcpd restart
or

Code:

sudo /etc/init.d/dhcpd restart

whositwhatnow 08-02-2012 10:37 AM
Awesome thanks for your help!

kbscores 08-02-2012 10:39 AM
No problem.


All times are GMT -5. The time now is 02:47 PM.