I would like to create a new user on some of my Debian/Ubuntu hosts that is able to update the server using the commands apt-get update
and apt-get dist-upgrade
, but I do not wan't to give them full sudo access to be able to do anything else. Is this possible? Perhaps there is a way to create a script that they can't edit but can execute, which will get executed as the root user?
Permissions – Allow Certain Guests to Execute Specific Commands
permissionsprivilegessudo
Best Answer
Sudo
and the/etc/sudoers
file aren't just for granting users full root access.You can edit the sudoers file with an existing sudo user, with the command
sudo visudo
You can group the commands that you want to grant access to like below:
You can then give a specific user privileges to those commands like so:
This can be seen in the image below:
Now if you try
sudo apt-get update
orsudo apt-get dist-upgrade
those commands will execute without asking for a password. If you want to be prompted for a password, remove theNOPASSWD
bit where you grant a user access to command groups.If you try to run anything else as the
sudo
user, you will be prompted for a password and fail.References