ROOTPROMPT$> apt-get install sudoUPDATE: The /etc/sudoers file (at least since sudo 1.8.5) suggests adding local content to /etc/sudoers.d instead of altering the /etc/sudoers file with visudo. I created the following power_conf file to have the same effect as the visudo method described later:
#/etc/sudoers.d/poweroff_conf
[USERNAME] [HOST] = NOPASSWD: /sbin/shutdown -h now, /sbin/poweroff, /sbin/rebootThe manual suggest 0440 permissions for all files in this directory.
ROOTPROMPT$> chmod 0440 /etc/sudoers.d/power_confPrevious Method: The old way to grant normal users these privileges is to directly modify the /etc/sudoers file using visudo (installed with the sudo package).
#/etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
[USERNAME] [HOSTNAME] = NOPASSWD: /sbin/shutdown -h now, /sbin/poweroff, /sbin/reboot
#
#includedir /etc/sudoers.d
USERPROMPT$ sudo /sbin/shutdown -h now
will work, but
USERPROMPT$ sudo /sbin/shutdown
will not. I learned how to set this up from http://www.debian-administration.org/articles/33. Be careful which privileges you grant to users.
No comments:
Post a Comment