Run only Specific Commands with sudo in Linux

koromicha
|
Last Updated:
|
HowTos, Linux Commands, sudo
|
4 Comments

In this guide, you are going to learn how to run only specific commands with sudo in Linux.

Our previous guide covered how to add user to sudo group to enable them to execute the commands with elevated privileges.

How to Add Users to sudo group in Linux

So it is possible to enable a user to run specific commands only with sudo in Linux. This can be done by modifying the /etc/sudoers file or by adding user specific sudoers configuration file under the /etc/sudoers.d directory.

For example, to allow a user called john to restart Network Manager as user root on all hosts, edit the sudoers file and add the line below.

visudo

To edit sudoers file, you need to be root user or have sudo privileges.

sudo visudo

Next, add the line below;

john ALL=(root) /bin/systemctl restart NetworkManager

To run specific commands with sudo as any target user, for example to allow user john to restart only Apache service using sudo;

john ALL=(ALL) /bin/systemctl restart apache2

Note that while adding sudo privileges for the user, it is more safer to put the user specific sudo configuration under the /etc/sudoers.d directory for example;

NOTE: Be extra cautions when echoing commands. You can easily mess up and loose sudo access to your system. Unless the root user is allowed to login, you can try to use echo.

echo "john ALL=(root) /bin/systemctl restart apache2" > /etc/sudoers.d/john

Always be sure to confirm if the syntax of the sudo configs is okay when you echo commands;

visudo -c /etc/sudoers.d/john

Ensure the output is Ok. Otherwise, fix any would be errors.

/etc/sudoers.d/john: parsed OK

To check the validity of all sudoers config files;

visudo -c
/etc/sudoers: parsed OK
/etc/sudoers.d/README: parsed OK
/etc/sudoers.d/eliza: bad permissions, should be mode 0440
/etc/sudoers.d/john: parsed OK

To allow a specific user to run multiple specific commands with sudo;

john ALL=(ALL) /path/to/command1, /path/to/command2, /path/to/command3

Replace /path/to/command with the full path of the commands to run and the arguments (if any).

You can find the full path of the command using which command. For example to locate the full path of the command, command1;

which command1

You can then run these commands by prefixing them with sudo as in;

sudo systemctl restart NetworkManager
sudo systemctl restart command1

For all these commands, you will be prompted to the password for user with which you run these commands as.

Want to run some commands sudo without being prompted for password?

Run sudo Commands Without a Password

sudo has an option called NOPASSWD that can be used to specify commands that can be run as sudo without being prompted for the password.

For example, to enable user called john to restart Network Manager on an Ubuntu system as any user without being prompted for password, at the line below to sudoers file.

john ALL=(ALL) NOPASSWD: /bin/systemctl restart NetworkManager

To restart NetworkManager as any target user and group, add the line below to sudoers file.

john ALL=(ALL:ALL) NOPASSWD: /bin/systemctl restart NetworkManager

You can simply put this line to user specific sudoers file as follows;

visudo -f /etc/sudoers.d/john
john ALL=(ALL) NOPASSWD: /bin/systemctl restart NetworkManager

To restart the Network Manager with sudo;

systemctl restart NetworkManager

To run all sudo commands without password prompt as any user,group on all hosts, enter the line below in sudoers file.

username ALL=(ALL:ALL) NOPASSWD:ALL

In this guide, you have learnt how to;

  • run only specific commands using sudo in Linux
  • run sudo commands without a password

Other tutorials;

How to Add Users to sudo group in Linux

How to Schedule Cron Jobs/Tasks in Linux/Unix

Configure APT Proxy on Debian 10 Buster

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

Related Posts

Install and Configure Endian Firewall on VirtualBox

Install VirtualBox on Ubuntu 21.04

Install Latest Nodejs on Rocky Linux 8

Configure NXLog to Forward System Logs to Rsyslog Server on Ubuntu

How to Install Webmin on Ubuntu 24.04

Install and Configure Nagios Core From Source on Ubuntu 18.04

4 thoughts on “Run only Specific Commands with sudo in Linux”

  2. I’m guessing I did something wrong, but trying to follow this advice:
    ‘Note that while adding sudo privileges for the user, it is more safer to put the user specific sudo configuration under the /etc/sudoers.d directory for example;

    echo “john ALL=(root) /bin/systemctl restart apache2” > /etc/sudoers.d/john’

    Wrecked my server as I get a parse error on sudo commands now.

    Reply

    • yeah, I almost learned it the hard way too… Luckly I had set a root password. So all I had to do was “su root” and then edit/fix the sudoers{,.d/*} file.
      echoing to the files in this case is a terrible idea. The correct way of doing it is using the visudo comand, which checks and parses the file before saving them, and I hope the writer fixes it it the article.

      #opens /etc/sudoers file
      sudo visudo

      # specifies the file to be opened.
      sudo visudo -f /etc/sudoers.d/john

      Reply

Leave a Comment

© 2024 kifarunix.com

Home Advertise with us Privacy Policy