I need a linux user (lets call him "bob") who is allowed to run a list of commands which require root privileges. So let him be required to run /sbin/firstcommand and /sbin/secondcommand (which are part of the infamous bob-daemon¹) as root, as in sudo firstcommand. Without having to input a password.
This is what I've done to /etc/sudoers so far:
Cmnd_Alias BOBCOMMANDS = /sbin/firstcommand, /sbin/secondcommand
bob ALL=(root) NOPASSWD:BOBCOMMANDS
This leads to bob$ sudo firstcommand and bob$ sudo secondcommand successfully be run as root, but leaves no way to run i.e. bob$ sudo mount ... ..., even with providing a password, which feels perfect to me.
Now, I want the aforementioned bob-daemon¹ to run as user bob rather than root, because it only needs those privileges for the BOBCOMMANDS. In fact, whenever the bob$ firstcommand is issued, I want bob$ sudo firstcommand to be executed.
Looked to me like an alias could fix this: bob$ alias firstcommand="sudo firstcommand"; alias secondcommand="sudo secondcommand" actually worked, but I failed to make the aliases persistent without bob having a home directory.
The last thing I should mention is that this should be easily deployable to multiple machines, so I would prefer not to touch linux' existing system files, apart from having to create bob and changing sudoers.
Any solutions?
¹ simplified by me
Best Answer
If this is for a daemon, the standard way of doing things is to put something like this in the init script file:
In the script file that should be run as
bob, just putsudoin front of the pertinent commands.Also, make sure you read this about enabling alias expansion in non-interactive Bash shells (e.g. the ones started by a script or daemon).