[sudo-users] best way to user sudo for a long running back group process
davis.roman84 at gmail.com
Fri Mar 16 15:47:51 MDT 2018
I have a daemon called powermanager running as the non-root user, power.
In /etc/sudoers.d/power, I have the following:
power ALL=(ALL) NOPASSWD: ALL
I know that the above statement essentially gives the powermanager
process root priveleges
however, in the future, I'd like to have the option to enforce that
certain commands/files not be used.
My understanding is that the sudoers file would be the place to place
( ie: disable ability to open file /dev/foobar )
Therefore on startup, I configured my systemd unit file to run as the
power user however I'm trying to figure out which is best:
1. launch this process as 'sudo powermanager'
2. launch my process as just 'powermanager' and let the process deal
with invoking sudo when it needs to open files in /dev/
Any feedback would be greatly appreciated.
More information about the sudo-users