How to give root access to a group for a few commands only

Sometimes you need to allow a group of users to use a few root commands or exec scripts with root priviledges.

Watch Free Movies

In Linux, to give limited root access to a group, you need to edit the /etc/sudoers file.

Do not edit the /etc/sudoers file by hand, use sudo visudo instead. visudo will open the /etc/sudoers file in your default text editor and warn you if you type something wrong, that could generate system issues.

How to give root access to a group, for a few commands only:

Add this line in /etc/sudoers file:

%groupname ALL=(root) /path/to/command/,/path/to/command2/,/path/to/script

The command’s paths are separated one from another by comma (,) .

As an example, I will give the users beloging to the geeks group access to install packages with apt-get, aptitude and dpkg:

$ whereis apt-get
apt-get: /usr/bin/apt-get /usr/share/man/man8/apt-get.8.gz
$ whereis aptitude
aptitude: /usr/bin/aptitude /usr/share/aptitude /usr/share/man/man8/aptitude.8.gz
$ whereis dpkg
dpkg: /usr/bin/dpkg /etc/dpkg /usr/lib/dpkg /usr/share/dpkg /usr/share/man/man1/dpkg.1.gz

Next, add this in the /etc/sudoers:
%geeks ALL = (root) /usr/bin/apt-get,/usr/bin/aptitude,/usr/bin/dpkg

The user naboo belongs to the geeks group:
< /etc/group grep geeks | tail -1

Test this commands:

$ sudo apt-get -y install emacs23
$ sudo aptitude -y install install emacs23
$ sudo dpkg -i transmission_2.33-0ubuntu2_all.deb

This asks for the user’s password.

How to give passwordless root access to a group, for a few commands only:

Add this in /etc/sudoers:

%groupname ALL=(root) NOPASSWD: /path/to/command/,/path/to/command2/,/path/to/script

To allow the users from the geeks group to have passwordless root priviledges to install packages only, add this to /etc/sudoers:

%geeks ALL = (root) NOPASSWD: /usr/bin/apt-get,/usr/bin/aptitude,/usr/bin/dpkg

Scroll to Top