In this guide, you are going to learn how to run only specific commands with sudo in Linux.<\/p>\n\n\n\n
Our previous guide covered how to add user to sudo group to enable them to execute the commands with elevated privileges.<\/p>\n\n\n\n
How to Add Users to sudo group in Linux<\/a><\/p>\n\n\n\n So it is possible to enable a user to run specific commands only with sudo in Linux. This can be done by modifying the For example, to allow a user called john to restart Network Manager as user root on all hosts, edit the sudoers file and add the line below.<\/p>\n\n\n\n To edit sudoers file, you need to be root user or have sudo privileges.<\/p>\n\n\n\n Next, add the line below;<\/p>\n\n\n\n To run specific commands with sudo as any target user, for example to allow user john to restart only Apache service using sudo;<\/p>\n\n\n\n Note that while adding sudo privileges for the user, it is more safer to put the user specific sudo configuration under the NOTE<\/strong>: Be extra cautions when echoing commands. You can easily mess up and loose sudo access to your system. Unless the root user is allowed to login, you can try to use echo.<\/em><\/p>\n\n\n\n Always be sure to confirm if the syntax of the sudo configs is okay when you echo commands;<\/p>\n\n\n\n Ensure the output is Ok. Otherwise, fix any would be errors.<\/p>\n\n\n\n To check the validity of all sudoers config files;<\/p>\n\n\n\n To allow a specific user to run multiple specific commands with sudo;<\/p>\n\n\n\n Replace You can find the full path of the command using You can then run these commands by prefixing them with sudo as in;<\/p>\n\n\n\n For all these commands, you will be prompted to the password for user with which you run these commands as.<\/p>\n\n\n\n Want to run some commands sudo without being prompted for password?<\/p>\n\n\n\n sudo has an option called For example, to enable user called To restart NetworkManager as any target user and group, add the line below to sudoers file.<\/p>\n\n\n\n You can simply put this line to user specific sudoers file as follows;<\/p>\n\n\n\n To restart the Network Manager with sudo;<\/p>\n\n\n\n To run all sudo commands without password prompt as any user,group on all hosts, enter the line below in sudoers file.<\/p>\n\n\n\n In this guide, you have learnt how to;<\/p>\n\n\n\n Other tutorials;<\/p>\n\n\n\n How to Add Users to sudo group in Linux<\/a><\/p>\n\n\n\n How to Schedule Cron Jobs\/Tasks in Linux\/Unix<\/a><\/p>\n\n\n\n\/etc\/sudoers<\/code> file or by adding user specific sudoers configuration file under the \/etc\/sudoers.d<\/code> directory.<\/p>\n\n\n\nvisudo<\/code><\/pre>\n\n\n\nsudo visudo<\/code><\/pre>\n\n\n\njohn ALL=(root) \/bin\/systemctl restart NetworkManager<\/code><\/pre>\n\n\n\njohn ALL=(ALL) \/bin\/systemctl restart apache2<\/code><\/pre>\n\n\n\n\/etc\/sudoers.d<\/code> directory for example;<\/p>\n\n\n\necho \"john ALL=(root) \/bin\/systemctl restart apache2\" > \/etc\/sudoers.d\/john<\/code><\/pre>\n\n\n\nvisudo -c \/etc\/sudoers.d\/john<\/code><\/pre>\n\n\n\n\/etc\/sudoers.d\/john: parsed OK<\/code><\/pre>\n\n\n\nvisudo -c<\/code><\/pre>\n\n\n\n\/etc\/sudoers: parsed OK\n\/etc\/sudoers.d\/README: parsed OK\n\/etc\/sudoers.d\/eliza: bad permissions, should be mode 0440\n\/etc\/sudoers.d\/john: parsed OK<\/code><\/pre>\n\n\n\njohn ALL=(ALL) \/path\/to\/command1, \/path\/to\/command2, \/path\/to\/command3<\/strong><\/code><\/pre>\n\n\n\n\/path\/to\/command<\/code> with the full path of the commands to run and the arguments (if any).<\/p>\n\n\n\nwhich<\/code> command. For example to locate the full path of the command, command1;<\/p>\n\n\n\nwhich command1<\/code><\/pre>\n\n\n\nsudo systemctl restart NetworkManager<\/code><\/pre>\n\n\n\nsudo systemctl restart command1<\/code><\/pre>\n\n\n\nRun sudo Commands Without a Password<\/h3>\n\n\n\n
NOPASSWD<\/code> that can be used to specify commands that can be run as sudo without being prompted for the password.<\/p>\n\n\n\njohn<\/code> to restart Network Manager on an Ubuntu system as any user without being prompted for password, at the line below to sudoers file.<\/p>\n\n\n\njohn ALL=(ALL) NOPASSWD: \/bin\/systemctl restart NetworkManager<\/code><\/pre>\n\n\n\njohn ALL=(ALL:ALL) NOPASSWD: \/bin\/systemctl restart NetworkManager<\/code><\/pre>\n\n\n\nvisudo -f \/etc\/sudoers.d\/john<\/code><\/pre>\n\n\n\njohn ALL=(ALL) NOPASSWD: \/bin\/systemctl restart NetworkManager<\/code><\/pre>\n\n\n\nsystemctl restart NetworkManager<\/code><\/pre>\n\n\n\nusername ALL=(ALL:ALL) NOPASSWD:ALL<\/code><\/pre>\n\n\n\n\n