I am trying to allow a user in the group deployer
to restart a supervisor group without a password; this is the content of my /etc/sudoers.d/deploy
:
%deployer ALL=(ALL:ALL) NOPASSWD:/usr/sbin/service nginx stop,/usr/sbin/service nginx start,/usr/bin/supervisorctl stop gname\:*,/usr/bin/supervisorctl start gname\:*
This is suppose to allow a user in the group deployer
to restart nginx and the supervisor group gname
. It works for nginx, but not for supervisor.
I have tried multiple combinations:
/usr/bin/supervisorctl stop gname,/usr/bin/supervisorctl start gname
/usr/bin/supervisorctl stop gname*,/usr/bin/supervisorctl start gname*
/usr/bin/supervisorctl stop gname\:,/usr/bin/supervisorctl start gname\:
/usr/bin/supervisorctl stop gname\:\*,/usr/bin/supervisorctl start gname\:\*
But I can not make it work… Why doesn't this work?
- Debian GNU/Linux 8
- Linux version 4.5.5-x86_64
- Supervisor version 3.0
Best Answer
This looks like it may be due to the spaces in the commands you are allowing e.g.
supervisorctl stop gname
etc.While I am unable to test at the minute, first I would try escaping the spaces e.g.
If that fails you could put the commands into a script called
supercontrol.sh
with different cmd options for the different commands and specifyNOPASSWD
on just that script.Hope this helps.