I don't have much experience with this type of task and realize I need to get more familiar with the sudoers file. I want a user to be able to connect via ssh and run a script that performs a bunch of libvirt and lvm commands like virsh list and lvcreate. The script is interactive, and was created to stop this user from messing stuff up, however I seem to be having trouble allowing the user to run this script as root without allowing access to the commands directly, circumventing the script. What is the best practice here if my only need is for the user to connect and run this script, performing actions as root, but not allowing any other access from said user?
Add a comment |
1 Answer
Add the following to the sudoersfile, assuming the user is named bob:
bob ALL=(ALL) /path/to/script That said, I would start by educating the user on proper use of commands/system he gets access to. Sudo should not be used as a replacement for trust.
answered Apr 15, 2013 at 18:31
- It's worth adding to that, because the location of where you add that to the sudoers file is important. It's also important that edits are performed using
visudouser11604– user116042013-04-15 18:38:54 +00:00Commented Apr 15, 2013 at 18:38 - I don't know why, but I tried this earlier and somehow it wasn't working, but now it is. Does the user have to log out and then log back in for visudo changes to take effect?user160910– user1609102013-04-15 20:03:47 +00:00Commented Apr 15, 2013 at 20:03
- No, these take effect immediately.Dennis Kaarsemaker– Dennis Kaarsemaker2013-04-15 20:30:45 +00:00Commented Apr 15, 2013 at 20:30