Allow alias User to Run Specific Commands as Root

Assign root privileges to alias User

In this Post, I am going to explain how to create a user alias and add users from different groups and assign some root privileges. To learn about the basic and how to allow user to run specific command as root, read the following article from the links below:

This is very much similar to the previous task, instead of command alias we need to combine some user and give them some alias name which act as one user, but actually there are some users inside it. Then we can assign some privileges to them.

First we need to check the available users and their groups.

#tail /etc/passwd is used to check available users and #tail /etc/gshadow used to check available groups.

sudo1  sudo2

From the above query, we can take manoj from “Network” group, amit and frank and can make an alias user. Search “User_Alias”, under that create your own alias user as shown below.

#visudo

## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem
User_Alias  NOCADMIN = amit, frank, Network

Now, let’s assign some command to this alias user called NOCADMIN and save the file.

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
sam     ALL=(ALL)       /home/sam/script.sh
NOCADMIN  ALL=(ALL)     NETWORKING, /bin/mount, /bin/umount

## Allows members of the 'sys' group to run networking, software

~
~
:wq

Now login as those users and check the assigned command for them.

[root@server1 ~]# su - manoj
Last login: Fri Oct 14 22:49:19 EDT 2016 on pts/0
[manoj@server1 ~]$ sudo route add default gw 192.168.1.5
[manoj@server1 ~]$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.5     0.0.0.0         UG    0      0        0 enp0s3
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp0s3
[manoj@server1 ~]$ su - frank
password:
Last login: Fri Oct 14 22:54:17 EDT 2016 on pts/0
[frank@server1 ~]$ sudo  mount /dev/sdc1 /centos7/
[sudo] password for frank: 
[frank@server1 ~]$ df -h /centos7
Filesystem      Size  Used Avail Use% Mounted on
/dev/sdc1       9.8G  7.4G  1.9G  80% /centos7
[frank@server1 ~]$ 

Hope this post will help Linux/Unix beginners. Please share you feedback and Comments.!!!

Leave a Reply

Be the First to Comment!

Notify of
avatar
wpDiscuz