Allow non admin/root users to start/stop/restart system services
To allow non admin users to control system services : There are numerous circumstances when you will require non admin/root users to have a more privileges For example you want to restart mysql, httpd, apache, nginx etc. services with normal standard user.
sudo permits an allowed client to execute commands as the superuser as indicated in the sudoers record. The genuine and viable uid and gid are set to match those of the objective client as determined in the passwd file and the group vector is introduced in light of the group record.
To permit client to run a few commands which require root/sudo permission we have to include them in the following file
Steps to allow non admin / root users to control system services
I will demonstrate a case to offer consent to start/stop/restart Apache web server (apache2/httpd)
Open /etc/sudoers file with sudo/root consent utilizing any word processor eg. vim/nano and taking after line at end of the file.
FYI : Here linuxtweaks at the start of line is system standard user (username) that i am using for giving permission to start/stop/restart Apache Web Server.
if you are using yum based system like Centos , Fedora , Redhat etc. then add the following line
linuxtweaks ALL = /etc/init.d/httpd
if you are using yum based system like Ubuntu , Debian etc. then add the following line
linuxtweaks ALL = /etc/init.d/apache2
After that save the change and exit file.
Now, this is the time to test the above commands with a normal user linuxtweaks, for this login to the linuxtweaks user into your system and run any of the following commands. it will ask you for password so, here you need to enter the linuxtweaks user password for sudo password that will run the command sucessfully.
[email protected] ~ $ sudo /etc/init.d/httpd stop [email protected] ~ $ sudo /etc/init.d/httpd start [email protected] ~ $ sudo /etc/init.d/httpd restart
[email protected] ~ $ sudo /etc/init.d/apache2 stop [email protected] ~ $ sudo /etc/init.d/apache2 start [email protected] ~ $ sudo /etc/init.d/apache2 restart
Also if you want to ignore sudo password prompt for the above user linuxtweaks then you need to add an extra attribute to the above added line in sudoer file.
username ALL = NOPASSWD: /etc/init.d/apache2 //or username ALL = NOPASSWD: /etc/init.d/httpd
This will not prompt password to enter while you start/stop/restart Apache Web Server with sudo.
Simmilarly this can have many usage as per your requirement, you can add other commands like mysqld, chmod, chown etc.
To read about LAMP or Linux Services please clieck here