sudo visudo -f /etc/sudoers.d/ourapi
and inside that file, write
deployuser ALL=NOPASSWD: usr/bin/systemctl restart ourapi.service, \
usr/bin/systemctl start ourapi.service, \
usr/bin/systemctl stop ourapi.service, \
usr/bin/systemctl status ourapi.service
where ourapi.service is the service and deployuser is the non-root user.
Here, we double-checked the location of systemctl using
which systemctl
After doing this, on logging on as deployuser, we can do things like
sudo systemctl start ourapi.service
where it will prompt for deployuser's password and then carry out the command.
But a caveat - we need to type exactly the same command as mentioned in the custom sudoers file - even equivalent commands like
sudo systemctl start ourapi
will not work unless we add that to the sudoers file also.
No comments:
Post a Comment