Systemd – Allow Non-Root Users to Control a Systemd Service

not-root-userservicessudosystemd

With sysvinit, a sudoers entry like this would suffice:

%webteam cms051=/sbin/service httpd *

This would allow for commands such as:

  • sudo service httpd status
  • sudo service httpd restart

Now, with systemd, the service name is the final argument. I.e., the service restart would be done with:

systemctl restart httpd.service

Naturally, I thought defining the command as systemctl * httpd.service would work but that would allow something like systemctl restart puppet.service httpd.service which is not the desired effect.

With that being considered, what would be the best way allow non-root users to control a systemd service then? This doesn't need to be sudoers; perhaps a file permission change may be sufficient?

Best Answer

Just add all needed commands to sudoers separately:

%webteam cms051=/usr/bin/systemctl restart httpd.service
%webteam cms051=/usr/bin/systemctl stop httpd.service
%webteam cms051=/usr/bin/systemctl start httpd.service 
%webteam cms051=/usr/bin/systemctl status httpd.service
Related Question