Using visudo and Makefile to make things easy

Some things, ie. restarting services on server can be done easily, by editing visudo-file and thus removing sudo-pwd requirements for certain action.


Kalle Tolonen
Oct. 6, 2024


We can indeed limit the actions a sudo user can do without providing the password. This would limit the user to only be able to start & stop a certain service without a password.

sudo visudo

your_username ALL=(ALL) NOPASSWD: /bin/systemctl start my_backend, /bin/systemctl stop my_backend

That would in turn mean, that we can, from a trusted machine, start & stop services via a Makefile.

So this would require having the ssh-login enabled on the server and having the variables set to your settings.

nano Makefile

stop-service:
    ssh $(SUDO_USER)@$(SSH_HOST) "sudo systemctl stop my_backend"

So then we could stop the service from our local machine:

$ make stop-service
ssh sudo_user@ssh_host "sudo systemctl stop my_backend"

Comments

No published comments yet.

Add a comment

Your comment may be published.