Created
December 6, 2016 17:43
-
-
Save s4parke/ed918d46e9f14e180a279c258661f78a to your computer and use it in GitHub Desktop.
Debian/Ubuntu VISUDO config: allows users in group 'staff' to do basic admin without a password
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/sudoers.d/visudo-deb-conf (root:root, 0440) | |
| # | |
| # Visudo configuration for Debian (and Ubuntu?) systems | |
| # Allows users in group 'staff' to do basic admin without a password | |
| # | |
| # Setup: | |
| # groupadd staff | |
| # usermod -a -G staff shuti | |
| # chown root:root && chmod 0440 visudo-deb-conf | |
| # cp ~/visudo-deb-conf /etc/sudoers.d/ | |
| # # test it out | |
| ## Control (start|stop|restart) web, database, memcached | |
| Cmnd_Alias SERVICES = /etc/init.d/apache2, /etc/init.d/nginx, /etc/init.d/mysql, /etc/init.d/memcached | |
| ## Restart the system | |
| Cmnd_Alias REBOOT = /sbin/reboot | |
| ## Filesystem commands | |
| Cmnd_Alias FILES = /bin/chmod, /bin/chown, /bin/chgrp | |
| ## Allow users in group 'staff' to administer basic stuff without a password | |
| %staff ALL=(ALL) NOPASSWD:SERVICES,REBOOT,FILES | |
| ## Anyone can kill a process without password | |
| ALL ALL =(ALL) NOPASSWD:/bin/kill |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment