[SOLVED] Sudo access to specific files/services

whositwhatnow · 08-01-2012, 02:35 PM

Hello all,

Im hoping someone can help. I'm looking at giving restricted access to a user using sudo.

I want to give them read/write access to a file and access to restart a service.

The user is in the users group, in the sudoers file there is a section to allow users to shutdown system. So i was gonna put the entry there

user localhost=/etc/init.d/dhcpd restart (this is to restart service)

i dont know where i could put the file access path or how to restrict that user to be able to edit that 1 file only.

kbscores · 08-01-2012, 03:00 PM

For the file restriction it would be easier to use acls.

Code:

setfacl -m u:username:rw filename

To see what permissions are given with acls use;

Code:

getfacl filename

As for the sudoers running a specific command I'd use:

Code:

cmd_Alias DHCPD_CMDS = /etc/init.d/dhcpd restart, /etc/init.d/dhcpd start, ....any commands you want to give them

Then add this line:

Code:

users ALL=(root) NOPASSWD: DHCPD_CMDS

whositwhatnow · 08-02-2012, 09:08 AM

As for the sudoers running a specific command I'd use:

Code:

cmd_Alias DHCPD_CMDS = /etc/init.d/dhcpd restart, /etc/init.d/dhcpd start, ....any commands you want to give them

Then add this line:

Code:

users ALL=(root) NOPASSWD: DHCPD_CMDS

[/QUOTE]

I've added the above lines to my sudoers file. I can login as sudo but can't execute the service restart stop etc.

kbscores · 08-02-2012, 10:29 AM

Make sure when you run it you put sudo infront of it.

Code:

sudo /sbin/service dhcpd restart

or

Code:

sudo /etc/init.d/dhcpd restart

whositwhatnow · 08-02-2012, 10:37 AM

Awesome thanks for your help!

kbscores · 08-02-2012, 10:39 AM

No problem.