This discussion is archived
2 Replies Latest reply: Jan 14, 2013 10:11 AM by Dude! RSS

Control Script Access w/ Sudo?

895327 Newbie
Currently Being Moderated
I have a developer on my Linux server who needs to have a small custom Bash script ran manually which lives in /etc/init.d/ folder:
[root@cq init.d]# ls -l myscript
-rwxrwx-w- 1 root root 1301 Feb 14  2012 myscript
I don't just want to give this or possibly more developers blind full sudo access to the entire server. My question is how can I limit the users sudo access to run this script and not have to give them more access than they need? I'm not sure if it's necessary to see what exactly the script is doing and where it's doing it so I will just leave it at this for now and can post more details if need be.

So I just want this user to be able to run this scrip as sudo but have sudo limit her ability to what she can and can't do as an elevated user.

Thanks for any info.
  • 1. Re: Control Script Access w/ Sudo?
    898553 Newbie
    Currently Being Moderated
    http://www.garron.me/linux/visudo-command-sudoers-file-sudo-default-editor.html
  • 2. Re: Control Script Access w/ Sudo?
    Dude! Guru
    Currently Being Moderated
    Sudo means to run a command as root.

    To allow a user to execute a particular command as root, you can add the following to the /etc/sudoers configuration:

    Syntax: username hostname=command
    Where:
    username = name of the user according to /etc/passwd
    hostname = The hostname of the system where this rule applies.
    command = command to execute

    For example:
    [dude@vm014 ~]$ /etc/init.d/sendmail restart
    rm: cannot remove `/var/run/sm-client.pid': Permission denied
    Shutting down sendmail: /etc/rc.d/init.d/functions: line 141: /var/run/sendmail.pid: Permission denied
    rm: cannot remove `/var/run/sendmail.pid': Permission denied
    Starting sendmail: /etc/rc.d/init.d/functions: line 141: /var/run/sendmail.pid: Permission denied
    550 Permission denied (real uid not trusted)
    su - root
    visudo
    
    dude vm014=/etc/init.d/sendmail restart
    [dude@vm014 ~]$ sudo /etc/init.d/sendmail restart
    [sudo] password for dude: 
    Shutting down sm-client:                                   [  OK  ]
    Shutting down sendmail:                                    [  OK  ]
    Starting sendmail:                                         [  OK  ]
    Starting sm-client:                                        [  OK  ]

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points