We have several Linux boxes running Samba that are used 'locally', eg each branch gets their own Samba box to store and share files.
The office managers need to be able to add and remove users for their branch and need to be root for this action (afaik), but i would like to restrict them from issuing any other root-privileged command as we have regular screw-ups from their side.
My (limited) linux knowledge tells me this is not possible – you are either root or not – but i wondered if there are ways to limit the allowed commands in some way.
Best Answer
Add to your
/etc/sudoersfile the following line:where
useris your non-root user and/bin/mount,/bin/umountis the list of commands you want to execute as root.Now the non-root user can use the sudo command to run
/bin/mountand/bin/umountwith root privileges.