Linux – How to grant sudo rights only to specific script files

linuxshell-scriptingsudoUbuntu

I would like a user to have sudo rights (without password check) to a couple of shell scripts under a specific directory (in my case, /usr/local/tomcat7/bin), and to nowhere else. What's the simplest way to accomplish this?

Something like this in /etc/sudoers didn't seem to work:

jsmith ALL=(ALL) NOPASSWD: /usr/local/tomcat7/bin

Best Answer

I think you are almost there. put a / at the end of your directory spec

jsmith ALL=(ALL) NOPASSWD: /usr/local/tomcat7/bin/

From the sudoers man page

A directory is a fully qualified path name ending in a '/'. When you specify a directory in a Cmnd_List, the user will be able to run any file within that directory (but not in any subdirectories therein).

Related Solutions

Centos – Problems restarting apache via PHP (even with sudo)

In the sudoers file (use visudo), below the extant defaults line, add:

defaults:www !requiretty

Actually, are you sure it's running as the "www" user? The default for CentOS is "apache". A little script to try:

<?php print system("whoami");?>

If it's not "www", just replace the "www" bit in sudoers, above.

Can’t use sudo without password on Ubuntu 12

You're probably in the sudo or admin group, try putting the dart NOPASSWD: entry at the end of your sudoers file. Sudoers will match the last entry in the file which corresponds either to a user or a group, and as sudoers and admin come afterwards, and they ask for a password, so you're being prompted for a password.

Best Answer

Related Solutions

Centos – Problems restarting apache via PHP (even with sudo)

Can’t use sudo without password on Ubuntu 12

Related Topic