I don't just want to give this or possibly more developers blind full sudo access to the entire server. My question is how can I limit the users sudo access to run this script and not have to give them more access than they need? I'm not sure if it's necessary to see what exactly the script is doing and where it's doing it so I will just leave it at this for now and can post more details if need be.
[root@cq init.d]# ls -l myscript -rwxrwx-w- 1 root root 1301 Feb 14 2012 myscript
[dude@vm014 ~]$ /etc/init.d/sendmail restart rm: cannot remove `/var/run/sm-client.pid': Permission denied Shutting down sendmail: /etc/rc.d/init.d/functions: line 141: /var/run/sendmail.pid: Permission denied rm: cannot remove `/var/run/sendmail.pid': Permission denied Starting sendmail: /etc/rc.d/init.d/functions: line 141: /var/run/sendmail.pid: Permission denied 550 Permission denied (real uid not trusted)
su - root visudo dude vm014=/etc/init.d/sendmail restart
[dude@vm014 ~]$ sudo /etc/init.d/sendmail restart [sudo] password for dude: Shutting down sm-client: [ OK ] Shutting down sendmail: [ OK ] Starting sendmail: [ OK ] Starting sm-client: [ OK ]