Leave a comment

Sudoers Permissions as a File

I learned that for granting root permissions to certain programs that it is easer and more constructive to use a separate file. sudo must be told to look in a separate directory in its configuration to be able to do so.

sudo visudo

Likely all distributions have this available and it will be listed at the end:

#includedir /etc/sudoers.d/  

The # is necessary. Also the trailing forward slash is likely necessary (I had to add it); when it wasn’t added, files in /etc/sudoers.d/ would not always get recognized.

Here’s my configuration built from an excellent tutorial in the Ubuntu forums. I usually build these per user naming them user_<USER>.

# Allowed root permissions of programs for user USER

# Aliases
Host_Alias HOST    = aspire
Cmnd_Alias G9LED   = /usr/bin/g9led
Cmnd_Alias IOTOP   = /usr/bin/iotop
Cmnd_Alias PACKER  = /usr/bin/packer
Cmnd_Alias PACMAN  = /usr/bin/pacman
Cmnd_Alias SANDFOX = /usr/bin/sandfox
Cmnd_Alias MYPROGS = G9LED, IOTOP, PACKER, PACMAN, SANDFOX

# Programs allowed for user or computer
todd HOST=(root) NOPASSWD:MYPROGS

The configuration will need to proper-permissions:

sudo chown root:root /etc/sudoers.d/user_<USER>
sudo chmod 0440      /etc/sudoers.d/user_<USER>
About these ads

About Todd Partridge (Gently)

Good times, good people, good fun.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 52 other followers

%d bloggers like this: