Allow non admin/root users to start/stop/restart system services

To allow non admin users to control system services : There are numerous circumstances when you will require non admin/root users to have a more privileges For example you want to restart mysql, httpd, apache, nginx etc. services with normal standard user.

sudo permits an allowed client to execute commands as the superuser as indicated in the sudoers record. The genuine and viable uid and gid are set to match those of the objective client as determined in the passwd file and the group vector is introduced in light of the group record.

To permit client to run a few commands which require root/sudo permission we have to include them in the following file

Steps to allow non admin / root users to control system services

I will demonstrate a case to offer consent to start/stop/restart Apache web server (apache2/httpd)

Open /etc/sudoers file with sudo/root consent utilizing any word processor eg. vim/nano and taking after line at end of the file.

FYI : Here linuxtweaks at the start of line is system standard user (username) that i am using for giving permission to start/stop/restart Apache Web Server.

if you are using yum based system like Centos , Fedora , Redhat etc. then add the following line

linuxtweaks ALL = /etc/init.d/httpd

if you are using yum based system like Ubuntu , Debian etc. then add the following line

linuxtweaks ALL = /etc/init.d/apache2

After that save the change and exit file.

Now, this is the time to test the above commands with a normal user linuxtweaks, for this login to the linuxtweaks user into your system and run any of the following commands. it will ask you for password so, here you need to enter the linuxtweaks user password for sudo password that will run the command sucessfully.

linuxtweaks@linuxtweaks ~ $ sudo /etc/init.d/httpd stop
linuxtweaks@linuxtweaks ~ $ sudo /etc/init.d/httpd start
linuxtweaks@linuxtweaks ~ $ sudo /etc/init.d/httpd restart
linuxtweaks@linuxtweaks ~ $ sudo /etc/init.d/apache2 stop
linuxtweaks@linuxtweaks ~ $ sudo /etc/init.d/apache2 start
linuxtweaks@linuxtweaks ~ $ sudo /etc/init.d/apache2 restart

Also if you want to ignore sudo password prompt for the above user linuxtweaks then you need to add an extra attribute to the above added line in sudoer file.

username ALL = NOPASSWD: /etc/init.d/apache2   
//or
username ALL = NOPASSWD: /etc/init.d/httpd

This will not prompt password to enter while you start/stop/restart Apache Web Server with sudo.

Simmilarly this can have many usage as per your requirement, you can add other commands like mysqld, chmod, chown etc.

To read about LAMP or Linux Services please clieck here

Balvinder Singh

Hello, I am Balvinder Singh - DevOps Engineer with 2.5+ year of working experience with different server environments. Tag Line:-Linux | AWS| WHM |Monitoring | Virtualization | Optimization | Performance | Security | Release & Deployment. I love helping companies / clients to deploy their code / applicateions to well managed, optimized, secure server and can go extra mile to satisfy.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *