5.13. Starting/Stopping Daemons via sudo
Problem
You want specific non-superusers to start and stop system daemons.
Solution
Here we let four different users start, stop, and restart web servers. The script for doing so is /etc/init.d/httpd for Red Hat, or /etc/init.d/apache for SuSE. We’ll reference the Red Hat script in our solution.
/etc/sudoers:
User_Alias FOLKS=barbara, l33t, jimmy, miroslav
Cmnd_Alias DAEMONS=/etc/init.d/httpd start,\
/etc/init.d/httpd stop,\
/etc/init.d/httpd restart
FOLKS ALL = (ALL) DAEMONS
Discussion
Note our use of sudo aliases for the users and commands. Read the sudoers(5) manpage to learn all kinds of fun capabilities like this.
See Also
sudo(8), sudoers(5).
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.