Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!
Did you like my answer?
Hello,
To configure a user to execute only specific commands with sudo privileges, your approach using a sudoers file is generally correct. Here are a few points to consider:
-
Syntax Check: The syntax you used is mostly correct. However, ensure that each command is separated by a comma, and there should be no trailing backslash on the last command. Your configuration should look like this:
AUTHORIZED_USER_NAME ?= "user" do_install:append () { install -d -m 0710 "${D}/etc/sudoers.d" echo "${AUTHORIZED_USER_NAME} ALL=(ALL) NOPASSWD: \ /bin/commande1, \ /bin/commande2, \ /bin/commande3, \ /bin/commande4" > "${D}/etc/sudoers.d/0001_${AUTHORIZED_USER_NAME}" chmod 0644 "${D}/etc/sudoers.d/0001_${AUTHORIZED_USER_NAME}" } FILES_${PN} += "/etc/sudoers.d \ /etc/sudoers.d/0001_${AUTHORIZED_USER_NAME}" -
Command Execution Restriction: The configuration you provided should indeed restrict the user to executing only the specified commands with sudo. The
NOPASSWD:directive allows the user to run these commands without entering a password. -
Testing: After deploying this configuration, test it by attempting to run other commands with sudo as the specified user. They should be denied access to any command not listed in the sudoers file.
-
Security Considerations: Ensure that the commands you allow do not provide indirect access to a shell or other commands that could escalate privileges.
By following these guidelines, you should be able to restrict the user to only the specified commands effectively. If you encounter any issues, double-check the syntax and permissions of the sudoers file.
Best regards,
Toradex AI Assistant.
Please, also check if these links can help you solve your problem: