Some things, ie. restarting services on server can be done easily, by editing visudo-file and thus removing sudo-pwd requirements for certain action.
We can indeed limit the actions a sudo user can do without providing the password. This would limit the user to only be able to start & stop a certain service without a password.
sudo visudo your_username ALL=(ALL) NOPASSWD: /bin/systemctl start my_backend, /bin/systemctl stop my_backend
That would in turn mean, that we can, from a trusted machine, start & stop services via a Makefile.
So this would require having the ssh-login enabled on the server and having the variables set to your settings.
nano Makefile stop-service: ssh $(SUDO_USER)@$(SSH_HOST) "sudo systemctl stop my_backend"
So then we could stop the service from our local machine:
$ make stop-service ssh sudo_user@ssh_host "sudo systemctl stop my_backend"
Your comment may be published.
Name:
Email:
Message: