Edting the sudoers file

Technical Support
, ,
1

hello i am trying to add a new user wuth very limited privileges actually i want my user to be able to execute exactly four commands which need sudo so i tried to create a sudoer file for my user with the following syntax

# Finalize sudo accesses for AUTHORIZED_USER_NAME
AUTHORIZED_USER_NAME ?= "user"

do_install:append () {
   # Add sudo accesses for user.
    install -d -m 0710 "${D}/etc/sudoers.d"
    echo "${AUTHORIZED_USER_NAME} ALL=(ALL) NOPASSWD: \
    /bin/commande1, \
    /bin/commande2, \
    /bin/commande3 \
    /bin/commande4" > "${D}/etc/sudoers.d/0001_${AUTHORIZED_USER_NAME}"


    chmod 0644 "${D}/etc/sudoers.d/0001_${AUTHORIZED_USER_NAME}"
}

FILES_${PN} +=  "/etc/sudoers.d \
                 /etc/sudoers.d/0001_${AUTHORIZED_USER_NAME}"

i am still confused about the file first is the syntax correct
second did i really permit user to only execute those commands , but can’t perform any other sudo actions.

2

Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!

Did you like my answer?

:+1: :-1:

Hello,

To configure a user to execute only specific commands with sudo privileges, your approach using a sudoers file is generally correct. Here are a few points to consider:

  1. Syntax Check: The syntax you used is mostly correct. However, ensure that each command is separated by a comma, and there should be no trailing backslash on the last command. Your configuration should look like this:

    AUTHORIZED_USER_NAME ?= "user"

do_install:append () {
    install -d -m 0710 "${D}/etc/sudoers.d"
    echo "${AUTHORIZED_USER_NAME} ALL=(ALL) NOPASSWD: \
    /bin/commande1, \
    /bin/commande2, \
    /bin/commande3, \
    /bin/commande4" > "${D}/etc/sudoers.d/0001_${AUTHORIZED_USER_NAME}"
    
    chmod 0644 "${D}/etc/sudoers.d/0001_${AUTHORIZED_USER_NAME}"
}

FILES_${PN} +=  "/etc/sudoers.d \
                 /etc/sudoers.d/0001_${AUTHORIZED_USER_NAME}"

  2. Command Execution Restriction: The configuration you provided should indeed restrict the user to executing only the specified commands with sudo. The NOPASSWD: directive allows the user to run these commands without entering a password.

  3. Testing: After deploying this configuration, test it by attempting to run other commands with sudo as the specified user. They should be denied access to any command not listed in the sudoers file.

  4. Security Considerations: Ensure that the commands you allow do not provide indirect access to a shell or other commands that could escalate privileges.

By following these guidelines, you should be able to restrict the user to only the specified commands effectively. If you encounter any issues, double-check the syntax and permissions of the sudoers file.

Best regards,
Toradex AI Assistant.

Please, also check if these links can help you solve your problem:

Root login failure (ask password).

3

Hello @rania,

Sorry for the delay here.

I just wanted to confirm, is this problem also solved?
I ask as it relates to your other post.

Best Regards,
Bruno

4

it got resolved this way

do_install:append () {
    install -d -m 0710 "${D}/etc/sudoers.d"
    echo "${AUTHORIZED_USER_NAME} ALL=(ALL) NOPASSWD: command1, command2, command3, command4" > "${D}/etc/sudoers.d/0001_${AUTHORIZED_USER_NAME}"

and yes my user is only permitted to execute those 4 commands only with sudo i tested it myself

1 Like
5

Hi @rania,

Thanks for the update and for sharing the solution.

Best Regards,
Bruno