Dipesh Majumdar

Blog and Paintings

Working with visudo

If the requirement is to allow user1 to execute a few commands that will only run from super user root (for example stopping puppet agent - /etc/init.d/puppet stop, then you can do this:

type visudo
and below the line starting with root... add the below lines
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
user1 ALL=(ALL) NOPASSWD: /etc/init.d/puppet *

So now from user1 this command will succeed - sudo /etc/init.d/puppet start

Now taking it one step further - 

if you want to  login as user1 and want a command to be executed as a different user (example appuser2) which say for example is owner of AEM Author/Publisher, then you need to issue below command for stopping AEM applicaiton from user1  -
sudo -H -u appuser2 /bin/bash -c "/application_path/author/crx-quickstart/bin/stop"

but for the above sudo command to work the below entry is needed in visudo

user1 ALL=(appuser2) NOPASSWD:/bin/bash -c*/crx-quickstart/bin/st*


Go Back