Thursday, May 23, 2013

Allow non-root user to run commands as root


This is a simple but useful security setting on Linux operating System.
To allow user to run some commands which need root/sudo permission we need to add them in /etc/sudoers file.

Lets see an example to give permission to start/stop/restart CUPS (Common Unix Printing System) service.

Open /etc/sudoers file with sudo/root permission using any text editor (Eg: vim) and following line at end of the file. But it is higly recommended to edit the sudoers file using the visudo command, which is a special vim utility for editing sudoer file.

testuser1 ALL=/etc/init.d/cups restart,/etc/init.d/cups stop,/etc/init.d/cups start

In above line 'testuser1' is the user name for which we are giving permission tor start/stop/restart cups service.
Now save and exit from /etc/sudoers file.

To test above command login into testuser1, and run any of the following command, it will ask for sudo password. We need to enter testuser1's password for as sudo password that will run the command.

$ sudo /etc/init.d/cups restart
$ sudo /etc/init.d/cups stop
$ sudo /etc/init.d/cups start

Similarly you can add other command as per your requirement.
For more syntaxes and references of sudoer file please visit the below links,
www.sudo.ws/sudoers.man.html‎
http://aplawrence.com/Basics/sudo.html